package org.cloudfoundry.identity.uaa.authentication;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.19.2.jar:org/cloudfoundry/identity/uaa/authentication/ReAuthenticationRequiredFilter.class */
public class ReAuthenticationRequiredFilter extends OncePerRequestFilter {
    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        boolean z = false;
        HashMap hashMap = new HashMap(httpServletRequest.getParameterMap());
        if ("login".equals(httpServletRequest.getParameter(TokenConstants.ID_TOKEN_HINT_PROMPT))) {
            z = true;
            hashMap.remove(TokenConstants.ID_TOKEN_HINT_PROMPT);
        }
        if (httpServletRequest.getParameter("max_age") != null && (SecurityContextHolder.getContext().getAuthentication() instanceof UaaAuthentication)) {
            if (System.currentTimeMillis() - ((UaaAuthentication) SecurityContextHolder.getContext().getAuthentication()).getAuthenticatedTime() > Long.valueOf(httpServletRequest.getParameter("max_age")).longValue() * 1000) {
                z = true;
                hashMap.remove("max_age");
            }
        }
        if (!z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletRequest.getSession().invalidate();
            sendRedirect(httpServletRequest.getRequestURL().toString(), hashMap, httpServletRequest, httpServletResponse);
        }
    }

    protected void sendRedirect(String str, Map<String, String[]> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(str);
        for (String str2 : map.keySet()) {
            fromUriString.queryParam(str2, map.get(str2));
        }
        httpServletResponse.sendRedirect(fromUriString.build().toUriString());
    }
}
