package io.uhndata.cards.auth.token.impl.sling;

import io.uhndata.cards.auth.token.CardsToken;
import io.uhndata.cards.auth.token.TokenManager;
import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Calendar;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {AuthenticationHandler.class}, immediate = true, property = {"authtype=FORM", "path=/", "sling.auth.requirements=-/Expired"})
/* loaded from: input_file:io/uhndata/cards/auth/token/impl/sling/TokenAuthenticationHandler.class */
public class TokenAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
    private static final String TOKEN_REQUEST_PARAMETER = "auth_token";
    private static final String TOKEN_COOKIE_NAME = "cards_auth_token";

    @Reference
    private TokenManager tokenManager;

    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationInfo extractRequestParameterAuthentication = extractRequestParameterAuthentication(httpServletRequest, httpServletResponse);
        if (extractRequestParameterAuthentication == null) {
            extractRequestParameterAuthentication = extractCookieAuthentication(httpServletRequest, httpServletResponse);
        }
        return extractRequestParameterAuthentication;
    }

    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return false;
    }

    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.getCookies() == null || ((Cookie) Arrays.asList(httpServletRequest.getCookies()).stream().filter(cookie -> {
            return TOKEN_COOKIE_NAME.equals(cookie.getName());
        }).findFirst().orElse(null)) == null) {
            return;
        }
        httpServletResponse.reset();
        Cookie cookie2 = new Cookie(TOKEN_COOKIE_NAME, "");
        cookie2.setMaxAge(0);
        cookie2.setHttpOnly(true);
        String contextPath = httpServletRequest.getContextPath();
        cookie2.setPath((contextPath == null || contextPath.length() == 0) ? "/" : contextPath);
        httpServletResponse.addCookie(cookie2);
    }

    public boolean authenticationSucceeded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        TokenCredentials tokenCredentials = (TokenCredentials) authenticationInfo.get("user.jcr.credentials");
        Cookie cookie = new Cookie(TOKEN_COOKIE_NAME, tokenCredentials.getToken());
        String contextPath = httpServletRequest.getContextPath();
        String str = (contextPath == null || contextPath.length() == 0) ? "/" : contextPath;
        Calendar tokenExpirationDate = getTokenExpirationDate(tokenCredentials.getToken());
        cookie.setPath(str);
        cookie.setHttpOnly(true);
        if (tokenExpirationDate != null) {
            cookie.setMaxAge((int) ChronoUnit.SECONDS.between(Instant.now(), tokenExpirationDate.toInstant()));
        }
        httpServletResponse.addCookie(cookie);
        return false;
    }

    private Calendar getTokenExpirationDate(String str) {
        CardsToken parse = this.tokenManager.parse(str);
        if (parse == null || !(parse instanceof CardsToken)) {
            return null;
        }
        return parse.getExpirationTime();
    }

    public void authenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        showError(httpServletRequest, httpServletResponse);
    }

    public String toString() {
        return "Token Based Authentication Handler";
    }

    private AuthenticationInfo extractRequestParameterAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return processLoginToken(httpServletRequest.getParameter(TOKEN_REQUEST_PARAMETER), true, httpServletRequest, httpServletResponse);
    }

    private AuthenticationInfo extractCookieAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null || cookies.length == 0) {
            return null;
        }
        return processLoginToken((String) Arrays.asList(cookies).stream().filter(cookie -> {
            return TOKEN_COOKIE_NAME.equals(cookie.getName());
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst().orElse(null), false, httpServletRequest, httpServletResponse);
    }

    private AuthenticationInfo processLoginToken(String str, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CardsToken parse = this.tokenManager.parse(str);
        if (parse == null) {
            if (str == null) {
                return null;
            }
            showError(httpServletRequest, httpServletResponse);
            return null;
        }
        AuthenticationInfo authenticationInfo = new AuthenticationInfo("FORM", parse.getUserId());
        authenticationInfo.put("user.jcr.credentials", new TokenCredentials(str));
        if (z) {
            authenticationInfo.put("$$auth.info.login$$", new Object());
        }
        AuthUtil.setLoginResourceAttribute(httpServletRequest, httpServletRequest.getContextPath());
        return authenticationInfo;
    }

    private void showError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.setAttribute("j_reason", "Invalid token");
        dropCredentials(httpServletRequest, httpServletResponse);
        try {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/Expired.html");
        } catch (IOException e) {
        }
    }
}
