package app.utils.security.server.legacy.oidc;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:app/utils/security/server/legacy/oidc/OidcAccessTokenFilter.class */
public class OidcAccessTokenFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(OidcAccessTokenFilter.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final TypeReference<HashMap<String, String>> HASH_MAP_TYPE_REF = new TypeReference<HashMap<String, String>>() { // from class: app.utils.security.server.legacy.oidc.OidcAccessTokenFilter.1
    };
    private static final HttpClient httpClient = HttpClient.newHttpClient();
    private String validationEndpoint;

    public OidcAccessTokenFilter(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Location of Oidc validation endpoint is not set");
        }
        this.validationEndpoint = str;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String substring;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith("Bearer ") && (substring = header.substring("Bearer ".length())) != null && !substring.isEmpty() && verifyAccessToken(substring)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("WWW-Authenticate", "Bearer");
        httpServletResponse.sendError(401, "Unauthorized");
    }

    private boolean verifyAccessToken(String str) throws IOException {
        boolean z;
        boolean z2 = false;
        try {
            HttpResponse send = httpClient.send(HttpRequest.newBuilder().uri(URI.create(this.validationEndpoint)).header("Content-Type", "application/x-www-form-urlencoded").POST(HttpRequest.BodyPublishers.ofString(String.format("token=%s&token_type_hint=access_token", URLEncoder.encode(str, "UTF-8")))).build(), HttpResponse.BodyHandlers.ofInputStream());
            if (send.statusCode() == 200) {
                String str2 = (String) ((Map) OBJECT_MAPPER.readValue((InputStream) send.body(), HASH_MAP_TYPE_REF)).get("active");
                if (str2 != null) {
                    if (str2.equalsIgnoreCase("true")) {
                        z = true;
                        z2 = z;
                    }
                }
                z = false;
                z2 = z;
            }
        } catch (IOException e) {
            LOG.error("Something else than the token validity has gone wrong", e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new RuntimeException(e2);
        }
        return z2;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
