package org.hspconsortium.platform.authentication.persona;

import java.util.Collections;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hspconsortium.platform.service.JwtService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/org/hspconsortium/platform/authentication/persona/PersonaAuthInterceptor.class
 */
/* loaded from: input_file:WEB-INF/lib/hspc-reference-auth-server-webapp-1.4-classes.jar:org/hspconsortium/platform/authentication/persona/PersonaAuthInterceptor.class */
public class PersonaAuthInterceptor extends HandlerInterceptorAdapter {

    @Value("${hspc.platform.persona.cookieName}")
    private String personaCookieName;

    @Value("${hspc.platform.persona.cookieDomain}")
    private String personaCookieDomain;

    @Inject
    private JwtService jwtService;

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (httpServletRequest.getServletPath().startsWith("/authorize")) {
            authenticatePersonaUser(httpServletRequest);
            return true;
        }
        if (!httpServletRequest.getServletPath().startsWith("/token")) {
            return true;
        }
        removePersonaCookie(httpServletRequest, httpServletResponse);
        return true;
    }

    private void removePersonaCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.getCookies() == null) {
            return;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals(this.personaCookieName)) {
                cookie.setPath("/");
                cookie.setMaxAge(0);
                httpServletResponse.addCookie(cookie);
            }
        }
    }

    private void authenticatePersonaUser(HttpServletRequest httpServletRequest) {
        Cookie cookie = null;
        for (Cookie cookie2 : httpServletRequest.getCookies()) {
            if (cookie2.getName().equals(this.personaCookieName)) {
                cookie = cookie2;
            }
        }
        if (cookie == null) {
            return;
        }
        PersonaAuthenticationToken generatePersonaAuthentication = generatePersonaAuthentication(cookie.getValue());
        SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
        createEmptyContext.setAuthentication(generatePersonaAuthentication);
        SecurityContextHolder.setContext(createEmptyContext);
    }

    private PersonaAuthenticationToken generatePersonaAuthentication(String str) {
        String usernameFromJwt = this.jwtService.usernameFromJwt(str);
        if (usernameFromJwt == null) {
            throw new SecurityException("Invalid JWT while trying to authenticate persona user.");
        }
        List singletonList = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
        return new PersonaAuthenticationToken(new User(usernameFromJwt, "password", singletonList), null, singletonList);
    }
}
