package org.kuali.research.grants.sys.authintegration.internal.filter;

import jakarta.servlet.FilterChain;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Collection;
import java.util.Set;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.kuali.research.grants.sys.authintegration.AuthRestClient;
import org.kuali.research.grants.sys.authintegration.AuthUser;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* compiled from: AuthFilter.kt */
@Metadata(mv = {2, 2, 0}, k = 1, xi = 50, d1 = {"��V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\n\u0018�� )2\u00020\u0001:\u0001)B\u001d\u0012\f\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0004\b\u0007\u0010\bJ\u0010\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0014J \u0010\u0011\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0014Jn\u0010\u0017\u001a\u00020\u00122\u000e\u0010\u0018\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\u00040\u00192#\u0010\u001a\u001a\u001f\u0012\u0015\u0012\u0013\u0018\u00010\u0004¢\u0006\f\b\u001c\u0012\b\b\u001d\u0012\u0004\b\b(\u001e\u0012\u0004\u0012\u00020\u000e0\u001b2!\u0010\u001f\u001a\u001d\u0012\u0013\u0012\u00110 ¢\u0006\f\b\u001c\u0012\b\b\u001d\u0012\u0004\b\b(!\u0012\u0004\u0012\u00020\u00120\u001b2\f\u0010\"\u001a\b\u0012\u0004\u0012\u00020\u00120\u0019H\u0002J\u0010\u0010#\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0012\u0010$\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0012\u0010%\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0016\u0010&\u001a\u00020\u00042\u0006\u0010'\u001a\u00020\u00042\u0006\u0010(\u001a\u00020\u0004R\u0017\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003¢\u0006\b\n��\u001a\u0004\b\t\u0010\nR\u0011\u0010\u0005\u001a\u00020\u0006¢\u0006\b\n��\u001a\u0004\b\u000b\u0010\f¨\u0006*"}, d2 = {"Lorg/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter;", "Lorg/springframework/web/filter/OncePerRequestFilter;", "excludedUrls", "", "", "authRestClient", "Lorg/kuali/research/grants/sys/authintegration/AuthRestClient;", "<init>", "(Ljava/util/Set;Lorg/kuali/research/grants/sys/authintegration/AuthRestClient;)V", "getExcludedUrls", "()Ljava/util/Set;", "getAuthRestClient", "()Lorg/kuali/research/grants/sys/authintegration/AuthRestClient;", "shouldNotFilter", "", "request", "Ljakarta/servlet/http/HttpServletRequest;", "doFilterInternal", "", "response", "Ljakarta/servlet/http/HttpServletResponse;", "filterChain", "Ljakarta/servlet/FilterChain;", "doAuthorize", "tokenFetch", "Lkotlin/Function0;", "verificaton", "Lkotlin/Function1;", "Lkotlin/ParameterName;", "name", "token", "successResponse", "Lorg/kuali/research/grants/sys/authintegration/AuthUser;", "authUser", "failureResponse", "isApiCall", "getBearerToken", "getCookieToken", "redirectToLoginUrl", "returnUrl", AuthFilter.VERIFICATION_TOKEN, "Companion", "research-grants-backend"})
@SourceDebugExtension({"SMAP\nAuthFilter.kt\nKotlin\n*S Kotlin\n*F\n+ 1 AuthFilter.kt\norg/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 _Arrays.kt\nkotlin/collections/ArraysKt___ArraysKt\n*L\n1#1,134:1\n1761#2,3:135\n1310#3,2:138\n*S KotlinDebug\n*F\n+ 1 AuthFilter.kt\norg/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter\n*L\n31#1:135,3\n111#1:138,2\n*E\n"})
/* loaded from: input_file:BOOT-INF/classes/org/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter.class */
public final class AuthFilter extends OncePerRequestFilter {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final Set<String> excludedUrls;

    @NotNull
    private final AuthRestClient authRestClient;

    @NotNull
    public static final String CLIENT_ID = "client_id";

    @NotNull
    public static final String CLIENT_ID_PARAM = "grants";

    @NotNull
    public static final String AUTH_CODE_PARAM = "code";

    @NotNull
    public static final String REDIRECT_URI = "redirect_uri";

    @NotNull
    public static final String AUTH_STATE = "state";

    @NotNull
    public static final String RESPONSE_TYPE = "response_type";

    @NotNull
    public static final String VERIFICATION_TOKEN = "verificationToken";

    /* compiled from: AuthFilter.kt */
    @Metadata(mv = {2, 2, 0}, k = 1, xi = 50, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0007\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u000e\u0010\u0004\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n��¨\u0006\f"}, d2 = {"Lorg/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter$Companion;", "", "<init>", "()V", "CLIENT_ID", "", "CLIENT_ID_PARAM", "AUTH_CODE_PARAM", "REDIRECT_URI", "AUTH_STATE", "RESPONSE_TYPE", "VERIFICATION_TOKEN", "research-grants-backend"})
    /* loaded from: input_file:BOOT-INF/classes/org/kuali/research/grants/sys/authintegration/internal/filter/AuthFilter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public AuthFilter(@NotNull Set<String> excludedUrls, @NotNull AuthRestClient authRestClient) {
        Intrinsics.checkNotNullParameter(excludedUrls, "excludedUrls");
        Intrinsics.checkNotNullParameter(authRestClient, "authRestClient");
        this.excludedUrls = excludedUrls;
        this.authRestClient = authRestClient;
    }

    @NotNull
    public final Set<String> getExcludedUrls() {
        return this.excludedUrls;
    }

    @NotNull
    public final AuthRestClient getAuthRestClient() {
        return this.authRestClient;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected boolean shouldNotFilter(@NotNull HttpServletRequest request) {
        Intrinsics.checkNotNullParameter(request, "request");
        Set<String> set = this.excludedUrls;
        if ((set instanceof Collection) && set.isEmpty()) {
            return false;
        }
        for (String str : set) {
            String requestURI = request.getRequestURI();
            Intrinsics.checkNotNullExpressionValue(requestURI, "getRequestURI(...)");
            if (new Regex(str).matches(requestURI)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) {
        Intrinsics.checkNotNullParameter(request, "request");
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(filterChain, "filterChain");
        Function1<? super String, Boolean> function1 = AuthFilter::doFilterInternal$lambda$1;
        Function1<? super AuthUser, Unit> function12 = (v3) -> {
            return doFilterInternal$lambda$2(r0, r1, r2, v3);
        };
        Function0<Unit> function0 = () -> {
            return doFilterInternal$lambda$3(r0);
        };
        if (isApiCall(request)) {
            doAuthorize(() -> {
                return doFilterInternal$lambda$4(r1, r2);
            }, function1, function12, function0);
        } else {
            doAuthorize(() -> {
                return doFilterInternal$lambda$5(r1, r2);
            }, (v2) -> {
                return doFilterInternal$lambda$6(r2, r3, v2);
            }, function12, () -> {
                return doFilterInternal$lambda$7(r4, r5, r6, r7);
            });
        }
    }

    private final void doAuthorize(Function0<String> function0, Function1<? super String, Boolean> function1, Function1<? super AuthUser, Unit> function12, Function0<Unit> function02) {
        String invoke = function0.invoke();
        if (!function1.invoke(invoke).booleanValue()) {
            function02.invoke();
            return;
        }
        AuthRestClient authRestClient = this.authRestClient;
        Intrinsics.checkNotNull(invoke);
        AuthUser current = authRestClient.current(invoke);
        if (current == null) {
            function02.invoke();
        } else {
            function12.invoke(current);
        }
    }

    private final boolean isApiCall(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        Intrinsics.checkNotNullExpressionValue(requestURI, "getRequestURI(...)");
        return StringsKt.startsWith$default(requestURI, "/api/", false, 2, (Object) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String getBearerToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            return StringsKt.substringAfter$default(header, "Bearer ", (String) null, 2, (Object) null);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String getCookieToken(HttpServletRequest httpServletRequest) {
        Cookie cookie;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            int length = cookies.length;
            while (true) {
                if (i >= length) {
                    cookie = null;
                    break;
                }
                Cookie cookie2 = cookies[i];
                if (Intrinsics.areEqual(cookie2.getName(), "authToken")) {
                    cookie = cookie2;
                    break;
                }
                i++;
            }
            if (cookie != null) {
                return cookie.getValue();
            }
        }
        return null;
    }

    @NotNull
    public final String redirectToLoginUrl(@NotNull String returnUrl, @NotNull String verificationToken) {
        Intrinsics.checkNotNullParameter(returnUrl, "returnUrl");
        Intrinsics.checkNotNullParameter(verificationToken, "verificationToken");
        UriComponentsBuilder path = UriComponentsBuilder.fromUriString(this.authRestClient.serviceUri()).path("/auth/authorize");
        Intrinsics.checkNotNullExpressionValue(path, "path(...)");
        path.queryParam(CLIENT_ID, CLIENT_ID_PARAM);
        path.queryParam(AUTH_STATE, verificationToken);
        path.queryParam(RESPONSE_TYPE, AUTH_CODE_PARAM);
        path.queryParam(REDIRECT_URI, returnUrl);
        String uriString = path.toUriString();
        Intrinsics.checkNotNullExpressionValue(uriString, "toUriString(...)");
        return uriString;
    }

    private static final boolean doFilterInternal$lambda$1(String str) {
        String str2 = str;
        return !(str2 == null || StringsKt.isBlank(str2));
    }

    private static final Unit doFilterInternal$lambda$2(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthUser authUser) {
        Intrinsics.checkNotNullParameter(authUser, "authUser");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        return Unit.INSTANCE;
    }

    private static final Unit doFilterInternal$lambda$3(HttpServletResponse httpServletResponse) {
        httpServletResponse.sendError(401);
        return Unit.INSTANCE;
    }

    private static final String doFilterInternal$lambda$4(AuthFilter authFilter, HttpServletRequest httpServletRequest) {
        return authFilter.getBearerToken(httpServletRequest);
    }

    private static final String doFilterInternal$lambda$5(AuthFilter authFilter, HttpServletRequest httpServletRequest) {
        return authFilter.getCookieToken(httpServletRequest);
    }

    private static final boolean doFilterInternal$lambda$6(HttpServletRequest httpServletRequest, Function1 function1, String str) {
        String parameter = httpServletRequest.getParameter(VERIFICATION_TOKEN);
        return ((Boolean) function1.invoke(str)).booleanValue() && (parameter == null || Intrinsics.areEqual(parameter, httpServletRequest.getSession().getAttribute(VERIFICATION_TOKEN)));
    }

    private static final Unit doFilterInternal$lambda$7(HttpServletRequest httpServletRequest, Function0 function0, HttpServletResponse httpServletResponse, AuthFilter authFilter) {
        if (httpServletRequest.getParameter(VERIFICATION_TOKEN) != null) {
            function0.invoke();
        } else {
            String uuid = UUID.randomUUID().toString();
            Intrinsics.checkNotNullExpressionValue(uuid, "toString(...)");
            httpServletRequest.getSession().setAttribute(VERIFICATION_TOKEN, uuid);
            String uriString = UriComponentsBuilder.fromUriString(httpServletRequest.getRequestURL().toString()).query(httpServletRequest.getQueryString()).queryParam(VERIFICATION_TOKEN, uuid).build().toUriString();
            Intrinsics.checkNotNullExpressionValue(uriString, "toUriString(...)");
            httpServletResponse.sendRedirect(authFilter.redirectToLoginUrl(uriString, uuid));
        }
        return Unit.INSTANCE;
    }
}
