package de.adorsys.oauth2.pkce.filter;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.adorsys.oauth2.pkce.PkceProperties;
import de.adorsys.oauth2.pkce.service.CookieService;
import de.adorsys.oauth2.pkce.util.Base64Encoder;
import de.adorsys.oauth2.pkce.util.TokenConstants;
import java.io.IOException;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.springframework.web.util.WebUtils;

@Component
/* loaded from: input_file:de/adorsys/oauth2/pkce/filter/ClientAuthencationEntryPoint.class */
public class ClientAuthencationEntryPoint implements Filter {
    private final Logger logger = LoggerFactory.getLogger(ClientAuthencationEntryPoint.class);
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final Base64Encoder base64Encoder = new Base64Encoder();

    @Autowired
    private CookieService cookieService;

    @Autowired
    private PkceProperties pkceProperties;
    private List<String> userAgentAutoProtectedPages;

    /* loaded from: input_file:de/adorsys/oauth2/pkce/filter/ClientAuthencationEntryPoint$UserAgentStateCookie.class */
    public static class UserAgentStateCookie {
        private String redirectUri;
        private String userAgentPage;

        public UserAgentStateCookie() {
        }

        public UserAgentStateCookie(String str, String str2) {
            this.redirectUri = str2;
            this.userAgentPage = str;
        }

        public String getRedirectUri() {
            return this.redirectUri;
        }

        public String getUserAgentPage() {
            return this.userAgentPage;
        }

        public void setRedirectUri(String str) {
            this.redirectUri = str;
        }

        public void setuserAgentPage(String str) {
            this.userAgentPage = str;
        }
    }

    @PostConstruct
    public void postConstruct() {
        this.userAgentAutoProtectedPages = this.pkceProperties.userAgentAutoProtectedPages();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("doFilter start");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String authEndpoint = this.pkceProperties.getAuthEndpoint();
        if (httpServletRequest.getHeader(TokenConstants.AUTHORIZATION_HEADER_NAME) != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Header value {} is null", TokenConstants.AUTHORIZATION_HEADER_NAME);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (StringUtils.endsWith(stringBuffer, TokenConstants.LOGOUT_LINK)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Optional<String> findTargetRequest = findTargetRequest(stringBuffer, httpServletRequest);
        Optional<UserAgentStateCookie> readUserAgentStateCookie = readUserAgentStateCookie(httpServletRequest);
        if (findTargetRequest.isPresent() && !readUserAgentStateCookie.isPresent()) {
            String str = findTargetRequest.get();
            String uriString = ServletUriComponentsBuilder.fromRequestUri(httpServletRequest).replacePath(authEndpoint).build().toUriString();
            httpServletResponse.addCookie(createRedirectCookie(str, uriString));
            httpServletResponse.sendRedirect(uriString + "?" + TokenConstants.REDIRECT_URI_PARAM_NAME + "=" + uriString);
            return;
        }
        if (!StringUtils.endsWithIgnoreCase(stringBuffer, authEndpoint) || !StringUtils.isNotBlank(httpServletRequest.getParameter(TokenConstants.CODE_REQUEST_PARAMETER_NAME)) || !readUserAgentStateCookie.isPresent()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("doFilter end");
                return;
            }
            return;
        }
        UserAgentStateCookie userAgentStateCookie = readUserAgentStateCookie.get();
        httpServletRequest.setAttribute(TokenConstants.REDIRECT_URI_PARAM_NAME, userAgentStateCookie.getRedirectUri());
        httpServletRequest.setAttribute(TokenConstants.USER_AGENT_PAGE_ATTRIBUTE, userAgentStateCookie.getUserAgentPage());
        httpServletResponse.addCookie(deleteUserAgentStateCookie());
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private Optional<String> findTargetRequest(String str, HttpServletRequest httpServletRequest) {
        Optional<String> findFirst = this.userAgentAutoProtectedPages.stream().filter(str2 -> {
            return StringUtils.endsWithIgnoreCase(str, str2);
        }).findFirst();
        return findFirst.isPresent() ? findFirst : findFromReferer(httpServletRequest);
    }

    private Optional<String> findFromReferer(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Referer");
        return this.userAgentAutoProtectedPages.stream().filter(str -> {
            return StringUtils.startsWithIgnoreCase(header, str);
        }).findFirst();
    }

    private Cookie deleteUserAgentStateCookie() {
        return this.cookieService.deletionCookie(this.pkceProperties.getUserAgentStateCookieName(), this.pkceProperties.getAuthEndpoint());
    }

    private Cookie createRedirectCookie(String str, String str2) throws JsonProcessingException {
        return this.cookieService.creationCookieWithDefaultDuration(this.pkceProperties.getUserAgentStateCookieName(), this.base64Encoder.toBase64(this.objectMapper.writeValueAsBytes(new UserAgentStateCookie(str, str2))), this.pkceProperties.getAuthEndpoint());
    }

    private Optional<UserAgentStateCookie> readUserAgentStateCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = WebUtils.getCookie(httpServletRequest, this.pkceProperties.getUserAgentStateCookieName());
        if (cookie == null || StringUtils.isBlank(cookie.getValue())) {
            return Optional.empty();
        }
        try {
            return Optional.of((UserAgentStateCookie) this.objectMapper.readValue(Base64.getDecoder().decode(cookie.getValue()), UserAgentStateCookie.class));
        } catch (IOException e) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(e.getMessage());
            }
            return Optional.empty();
        }
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
