package org.gluu.oxauth.client.authentication;

import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.gluu.oxauth.client.session.AbstractOAuthFilter;
import org.gluu.oxauth.client.session.OAuthData;
import org.gluu.oxauth.client.util.Configuration;
import org.jboss.resteasy.client.ClientRequest;
import org.xdi.util.ArrayHelper;
import org.xdi.util.AssertionHelper;
import org.xdi.util.StringHelper;

/* loaded from: input_file:org/gluu/oxauth/client/authentication/AuthenticationFilter.class */
public class AuthenticationFilter extends AbstractOAuthFilter {
    private String oAuthAuthorizeUrl;
    private String oAuthClientId;
    private String oAuthClientScope;
    private final Pattern authModePattern = Pattern.compile(".+/auth_mode/([\\d\\w]+)$");
    private final Pattern authLevelPattern = Pattern.compile(".+/auth_level/([\\d]+)$");

    public final void init(FilterConfig filterConfig) throws ServletException {
        this.oAuthAuthorizeUrl = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_AUTHORIZE_URL, null);
        this.oAuthClientId = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_CLIENT_ID, null);
        this.oAuthClientScope = getPropertyFromInitParams(filterConfig, Configuration.OAUTH_PROPERTY_CLIENT_SCOPE, null);
        AssertionHelper.assertNotNull(this.oAuthAuthorizeUrl, "oxauth.authorize.urlcannot be null");
        AssertionHelper.assertNotNull(this.oAuthClientId, "oxauth.client.idcannot be null");
        AssertionHelper.assertNotNull(this.oAuthClientScope, "oxauth.client.scopecannot be null");
    }

    public final void destroy() {
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!preFilter(servletRequest, servletResponse, filterChain)) {
            this.log.debug("Execute validation filter");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        this.log.debug("No code and no OAuth data found");
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String oAuthRedirectUrl = getOAuthRedirectUrl((HttpServletRequest) servletRequest, httpServletResponse);
            this.log.debug("Redirecting to \"" + oAuthRedirectUrl + "\"");
            httpServletResponse.sendRedirect(oAuthRedirectUrl);
        } catch (Exception e) {
            this.log.error("Failed to preapre request to OAuth server", e);
        }
    }

    protected final boolean preFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(false);
        if ((session != null ? (OAuthData) session.getAttribute(Configuration.SESSION_OAUTH_DATA) : null) != null) {
            return false;
        }
        String parameter = getParameter(httpServletRequest, Configuration.OAUTH_CODE);
        this.log.trace("code value: " + parameter);
        if (StringHelper.isNotEmpty(parameter)) {
            return false;
        }
        String parameter2 = getParameter(httpServletRequest, Configuration.OAUTH_ID_TOKEN);
        this.log.trace("id_token value: " + parameter2);
        return !StringHelper.isNotEmpty(parameter2);
    }

    public String getOAuthRedirectUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ClientRequest clientRequest = new ClientRequest(this.oAuthAuthorizeUrl);
        String constructRedirectUrl = constructRedirectUrl(httpServletRequest);
        clientRequest.queryParameter(Configuration.OAUTH_CLIENT_ID, this.oAuthClientId);
        clientRequest.queryParameter(Configuration.OAUTH_SCOPE, this.oAuthClientScope);
        clientRequest.queryParameter(Configuration.OAUTH_REDIRECT_URI, constructRedirectUrl);
        clientRequest.queryParameter(Configuration.OAUTH_RESPONSE_TYPE, "code+id_token");
        clientRequest.queryParameter(Configuration.OAUTH_NONCE, Configuration.OAUTH_NONCE);
        Cookie currentShibstateCookie = getCurrentShibstateCookie(httpServletRequest);
        if (currentShibstateCookie != null) {
            String decodeCookieValue = decodeCookieValue(currentShibstateCookie.getValue());
            this.log.debug("requestUri\"" + decodeCookieValue + "\"");
            String determineAuthenticationMode = determineAuthenticationMode(decodeCookieValue);
            String determineAuthenticationLevel = determineAuthenticationLevel(decodeCookieValue);
            if (StringHelper.isNotEmpty(determineAuthenticationMode)) {
                this.log.debug("auth_mode\"" + determineAuthenticationMode + "\"");
                clientRequest.queryParameter(Configuration.OAUTH_AUTH_MODE, determineAuthenticationMode);
                updateShibstateCookie(httpServletResponse, currentShibstateCookie, decodeCookieValue, "/auth_mode/" + determineAuthenticationMode);
            } else if (StringHelper.isNotEmpty(determineAuthenticationLevel)) {
                this.log.debug("auth_level\"" + determineAuthenticationLevel + "\"");
                clientRequest.queryParameter(Configuration.OAUTH_AUTH_LEVEL, determineAuthenticationLevel);
                updateShibstateCookie(httpServletResponse, currentShibstateCookie, decodeCookieValue, "/auth_level/" + determineAuthenticationLevel);
            }
        }
        return clientRequest.getUri().replaceAll("%2B", "+");
    }

    private Cookie getCurrentShibstateCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (ArrayHelper.isEmpty(cookies)) {
            return null;
        }
        Cookie cookie = null;
        for (Cookie cookie2 : cookies) {
            String name = cookie2.getName();
            if (name.startsWith("_shibstate_")) {
                if (cookie == null) {
                    cookie = cookie2;
                } else if (name.compareTo(cookie.getName()) > 0) {
                    cookie = cookie2;
                }
            }
        }
        if (cookie == null) {
            return null;
        }
        return cookie;
    }

    private void updateShibstateCookie(HttpServletResponse httpServletResponse, Cookie cookie, String str, String str2) {
        if (str.contains(str2)) {
            httpServletResponse.addCookie(cloneCokie(cookie, encodeCookieValue(str.replace(str2, "")), cookie.getMaxAge()));
        }
    }

    private Cookie cloneCokie(Cookie cookie, String str, int i) {
        Cookie cookie2 = new Cookie(cookie.getName(), str);
        cookie2.setPath("/");
        cookie2.setMaxAge(i);
        cookie2.setVersion(1);
        cookie2.setSecure(true);
        return cookie2;
    }

    private String decodeCookieValue(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        return URLDecoder.decode(str);
    }

    private String encodeCookieValue(String str) {
        if (StringHelper.isEmpty(str)) {
            return null;
        }
        return URLEncoder.encode(str);
    }

    private String determineAuthenticationMode(String str) {
        return determineAuthenticationParameter(str, this.authModePattern);
    }

    private String determineAuthenticationLevel(String str) {
        return determineAuthenticationParameter(str, this.authLevelPattern);
    }

    private String determineAuthenticationParameter(String str, Pattern pattern) {
        Matcher matcher = pattern.matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }
}
