package de.adorsys.oauth2.pkce.filter;

import de.adorsys.oauth2.pkce.PkceProperties;
import de.adorsys.oauth2.pkce.mapping.BearerTokenMapper;
import de.adorsys.oauth2.pkce.model.Oauth2Authentication;
import de.adorsys.oauth2.pkce.service.PkceTokenServices;
import java.io.IOException;
import java.util.Arrays;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/spring-oauth2-pkce-0.3.0.jar:de/adorsys/oauth2/pkce/filter/TokenProcessingFilter.class */
public class TokenProcessingFilter extends GenericFilterBean {
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private final PkceTokenServices tokenServices;
    private final PkceProperties pkceProperties;
    private final BearerTokenMapper bearerTokenMapper;

    public TokenProcessingFilter(PkceTokenServices pkceTokenServices, PkceProperties pkceProperties, BearerTokenMapper bearerTokenMapper) {
        this.tokenServices = pkceTokenServices;
        this.pkceProperties = pkceProperties;
        this.bearerTokenMapper = bearerTokenMapper;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            SecurityContextHolder.getContext().setAuthentication(readAuthenticationFromRequest((HttpServletRequest) servletRequest));
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private Authentication readAuthenticationFromRequest(HttpServletRequest httpServletRequest) throws AuthenticationException, IOException, ServletException {
        Optional<OAuth2AccessToken> tryToReadTokenFromRequest = tryToReadTokenFromRequest(httpServletRequest);
        if (!tryToReadTokenFromRequest.isPresent()) {
            return null;
        }
        try {
            OAuth2AccessToken oAuth2AccessToken = tryToReadTokenFromRequest.get();
            Oauth2Authentication loadAuthentication = this.tokenServices.loadAuthentication(oAuth2AccessToken.getValue());
            if (this.authenticationDetailsSource != null) {
                httpServletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, oAuth2AccessToken.getValue());
                httpServletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, oAuth2AccessToken.getTokenType());
                loadAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            }
            loadAuthentication.setAccessToken(oAuth2AccessToken);
            return loadAuthentication;
        } catch (InvalidTokenException e) {
            throw new BadCredentialsException("Could not obtain user details from accessToken", e);
        }
    }

    private Optional<OAuth2AccessToken> tryToReadTokenFromRequest(HttpServletRequest httpServletRequest) {
        Optional<OAuth2AccessToken> tryToReadTokenFromCookie = tryToReadTokenFromCookie(httpServletRequest);
        if (!tryToReadTokenFromCookie.isPresent()) {
            tryToReadTokenFromCookie = tryToReadTokenFromHeader(httpServletRequest);
        }
        return tryToReadTokenFromCookie;
    }

    private Optional<OAuth2AccessToken> tryToReadTokenFromHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authentication");
        if (header == null) {
            return Optional.empty();
        }
        String[] split = header.split("Bearer ");
        OAuth2AccessToken oAuth2AccessToken = null;
        if (split.length > 1) {
            oAuth2AccessToken = this.bearerTokenMapper.mapFromBase64(split[1]);
        }
        return Optional.ofNullable(oAuth2AccessToken);
    }

    private Optional<OAuth2AccessToken> tryToReadTokenFromCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        return cookies == null ? Optional.empty() : Arrays.stream(cookies).filter(cookie -> {
            return this.pkceProperties.getCookieName().equalsIgnoreCase(cookie.getName());
        }).findFirst().map((v0) -> {
            return v0.getValue();
        }).map(str -> {
            return this.bearerTokenMapper.mapFromBase64(str);
        });
    }
}
