package org.cloudfoundry.multiapps.controller.web.security;

import com.sap.cloudfoundry.client.facade.oauth2.OAuth2AccessTokenWithAdditionalInfo;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.Comparator;
import java.util.List;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
import org.cloudfoundry.multiapps.controller.core.util.SSLUtil;
import org.cloudfoundry.multiapps.controller.core.util.SecurityUtil;
import org.cloudfoundry.multiapps.controller.core.util.UserInfo;
import org.cloudfoundry.multiapps.controller.persistence.model.AccessToken;
import org.cloudfoundry.multiapps.controller.persistence.model.ImmutableAccessToken;
import org.cloudfoundry.multiapps.controller.persistence.services.AccessTokenService;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.cloudfoundry.multiapps.controller.web.util.TokenParsingStrategyFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.server.ResponseStatusException;

@Named
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/security/AuthorizationLoaderFilter.class */
public class AuthorizationLoaderFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationLoaderFilter.class);
    private final AccessTokenService accessTokenService;
    private final TokenParsingStrategyFactory tokenParsingStrategyFactory;

    @Inject
    public AuthorizationLoaderFilter(AccessTokenService accessTokenService, TokenParsingStrategyFactory tokenParsingStrategyFactory, ApplicationConfiguration applicationConfiguration) {
        this.accessTokenService = accessTokenService;
        this.tokenParsingStrategyFactory = tokenParsingStrategyFactory;
        if (applicationConfiguration.shouldSkipSslValidation().booleanValue()) {
            SSLUtil.disableSSLValidation();
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            failWithUnauthorized(Messages.NO_AUTHORIZATION_HEADER_WAS_PROVIDED);
        }
        OAuth2AccessTokenWithAdditionalInfo createOAuth2AccessToken = createOAuth2AccessToken(header);
        validateTokenExpiration(createOAuth2AccessToken);
        UserInfo tokenUserInfo = SecurityUtil.getTokenUserInfo(createOAuth2AccessToken);
        loadAuthenticationInContext(tokenUserInfo);
        storeTokenInDatabaseIfNeeded(buildAccessToken(createOAuth2AccessToken, tokenUserInfo), findTokensByUsername(tokenUserInfo.getName()));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void failWithUnauthorized(String str) {
        SecurityContextHolder.clearContext();
        throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, str);
    }

    private OAuth2AccessTokenWithAdditionalInfo createOAuth2AccessToken(String str) {
        String[] split = str.split("\\s");
        return this.tokenParsingStrategyFactory.createStrategy(split[0]).parseToken(split[1]);
    }

    private void validateTokenExpiration(OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo) {
        if (oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getExpiresAt().isBefore(Instant.now())) {
            failWithUnauthorized(MessageFormat.format(Messages.THE_TOKEN_HAS_EXPIRED_ON_0, oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getExpiresAt()));
        }
    }

    private void loadAuthenticationInContext(UserInfo userInfo) {
        SecurityContextHolder.getContext().setAuthentication(SecurityUtil.createAuthentication(userInfo));
    }

    private ImmutableAccessToken buildAccessToken(OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo, UserInfo userInfo) {
        return ImmutableAccessToken.builder().value(oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getTokenValue().getBytes(StandardCharsets.UTF_8)).username(userInfo.getName()).expiresAt(calculateAccessTokenExpirationDate(oAuth2AccessTokenWithAdditionalInfo)).build();
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [java.time.LocalDateTime] */
    private LocalDateTime calculateAccessTokenExpirationDate(OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo) {
        return Instant.ofEpochSecond(((Number) oAuth2AccessTokenWithAdditionalInfo.getAdditionalInfo().get("exp")).longValue()).atZone(ZoneId.systemDefault()).toLocalDateTime();
    }

    private List<AccessToken> findTokensByUsername(String str) {
        return this.accessTokenService.createQuery().username(str).list();
    }

    private void storeTokenInDatabaseIfNeeded(AccessToken accessToken, List<AccessToken> list) {
        Optional<AccessToken> max = list.stream().max(Comparator.comparing((v0) -> {
            return v0.getExpiresAt();
        }));
        if (max.isEmpty()) {
            storeAccessToken(accessToken);
        } else if (!expiresInMoreThan2Minutes(max.get()) && accessToken.getExpiresAt().isAfter(max.get().getExpiresAt())) {
            storeAccessToken(accessToken);
        }
    }

    private boolean expiresInMoreThan2Minutes(AccessToken accessToken) {
        return accessToken.getExpiresAt().isAfter(ZonedDateTime.now().plus((TemporalAmount) Duration.ofSeconds(120L)).toLocalDateTime());
    }

    private void storeAccessToken(AccessToken accessToken) {
        LOGGER.info(MessageFormat.format(Messages.STORING_TOKEN_FOR_USER_0_WHICH_EXPIRES_AT_1, accessToken.getUsername(), accessToken.getExpiresAt()));
        this.accessTokenService.add(accessToken);
    }
}
