package de.adorsys.oauth2.pkce.filter;

import de.adorsys.oauth2.pkce.PkceProperties;
import de.adorsys.oauth2.pkce.exception.UnauthorizedException;
import de.adorsys.oauth2.pkce.service.CookieService;
import de.adorsys.oauth2.pkce.service.PkceTokenRequestService;
import de.adorsys.oauth2.pkce.util.TokenConstants;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.util.WebUtils;

@Component
/* loaded from: input_file:BOOT-INF/lib/spring-oauth2-pkce-0.16.0.jar:de/adorsys/oauth2/pkce/filter/CookiesAuthenticationFilter.class */
public class CookiesAuthenticationFilter implements Filter {
    private final Logger logger = LoggerFactory.getLogger((Class<?>) CookiesAuthenticationFilter.class);
    private final PkceTokenRequestService authenticationService;
    private final CookieService cookieService;

    @Autowired
    public CookiesAuthenticationFilter(PkceTokenRequestService pkceTokenRequestService, PkceProperties pkceProperties, CookieService cookieService) {
        this.authenticationService = pkceTokenRequestService;
        this.cookieService = cookieService;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("doFilter start");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HeaderMapRequestWrapper headerMapRequestWrapper = new HeaderMapRequestWrapper(httpServletRequest);
        try {
            if (httpServletRequest.getHeader("Authorization") == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Header value {} is null", "Authorization");
                }
                cookieToAuthHeader(httpServletRequest, httpServletResponse, headerMapRequestWrapper);
            }
            filterChain.doFilter(headerMapRequestWrapper, httpServletResponse);
        } catch (UnauthorizedException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(e.getMessage());
            }
            ((HttpServletResponse) servletResponse).sendError(401, e.getMessage());
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("doFilter end");
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    protected void updateCookiesValueInResponse(HttpServletResponse httpServletResponse, PkceTokenRequestService.TokenResponse tokenResponse) {
        String access_token = tokenResponse != null ? tokenResponse.getAccess_token() : null;
        String refresh_token = tokenResponse != null ? tokenResponse.getRefresh_token() : null;
        int intValue = tokenResponse != null ? tokenResponse.getExpires_in().intValue() : 0;
        int intValue2 = tokenResponse != null ? tokenResponse.anyRefreshTokenExpireIn().intValue() : 0;
        httpServletResponse.addCookie(createCookie(TokenConstants.ACCESS_TOKEN_COOKIE_NAME, access_token, intValue));
        httpServletResponse.addCookie(createCookie(TokenConstants.REFRESH_TOKEN_COOKIE_NAME, refresh_token, intValue2));
    }

    private void cookieToAuthHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HeaderMapRequestWrapper headerMapRequestWrapper) {
        String str = null;
        Cookie cookie = WebUtils.getCookie(httpServletRequest, TokenConstants.ACCESS_TOKEN_COOKIE_NAME);
        if (cookie == null || StringUtils.isBlank(cookie.getValue())) {
            Cookie cookie2 = WebUtils.getCookie(httpServletRequest, TokenConstants.REFRESH_TOKEN_COOKIE_NAME);
            if (cookie2 != null && StringUtils.isNotBlank(cookie2.getValue())) {
                str = mightRefreshAccessToken(httpServletResponse, cookie2.getValue());
            }
        } else {
            str = cookie.getValue();
        }
        if (StringUtils.isNotBlank(str)) {
            headerMapRequestWrapper.addHeader("Authorization", TokenConstants.AUTHORIZATION_HEADER_TOKEN_PREFIX + str);
        }
    }

    private String mightRefreshAccessToken(HttpServletResponse httpServletResponse, String str) {
        PkceTokenRequestService.TokenResponse refreshAccessToken = this.authenticationService.refreshAccessToken(str);
        updateCookiesValueInResponse(httpServletResponse, refreshAccessToken);
        if (refreshAccessToken != null) {
            return refreshAccessToken.getAccess_token();
        }
        return null;
    }

    private Cookie createCookie(String str, String str2, int i) {
        return this.cookieService.creationCookie(str, str2, "/", i);
    }
}
