package leap.oauth2.server.endpoint;

import java.util.Map;
import javax.servlet.http.Cookie;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.ioc.PostCreateBean;
import leap.core.security.token.jwt.JwtSigner;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.MacSigner;
import leap.web.App;
import leap.web.Handler;
import leap.web.Request;
import leap.web.Response;
import leap.web.config.WebConfig;
import leap.web.cookie.AbstractCookieBean;
import leap.web.route.Routes;

/* loaded from: input_file:leap/oauth2/server/endpoint/SessionRefreshEndpoint.class */
public class SessionRefreshEndpoint extends AbstractAuthzEndpoint implements Handler, PostCreateBean {

    @Inject
    protected WebConfig webConfig;
    protected JwtSigner signer;
    protected JwtVerifier verifier;
    protected AbstractCookieBean cookieBean;

    public void startEndpoint(App app, Routes routes) throws Throwable {
        if (this.config.isSessionRefreshEnabled()) {
            this.sc.ignore(this.config.getSessionRefreshEndpointPath());
            routes.create().handle(this.config.getSessionRefreshEndpointPath(), this).disableCsrf().enableCors().apply();
        }
    }

    public void handle(Request request, Response response) throws Throwable {
        String str = null;
        Cookie cookie = this.cookieBean.getCookie(request);
        if (null != cookie) {
            str = cookie.getValue();
        }
        if (null == str) {
            return;
        }
        Map verify = this.verifier.verify(str);
        verify.remove("exp");
        this.cookieBean.setCookie(request, response, this.signer.sign(verify));
    }

    public void postCreate(BeanFactory beanFactory) throws Throwable {
        if (null == this.signer) {
            this.signer = new MacSigner(this.sc.config().getSecret(), this.sc.config().getDefaultAuthenticationExpires());
            this.verifier = this.signer;
        }
        if (null == this.cookieBean) {
            this.cookieBean = new AbstractCookieBean() { // from class: leap.oauth2.server.endpoint.SessionRefreshEndpoint.1
                public String getCookieName() {
                    return SessionRefreshEndpoint.this.sc.config().getAuthenticationTokenCookieName();
                }

                public String getCookieDomain() {
                    return SessionRefreshEndpoint.this.webConfig.getCookieDomain();
                }
            };
        }
    }
}
