package com.stormpath.sdk.servlet.filter.account;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.oauth.Authenticators;
import com.stormpath.sdk.oauth.OAuthGrantRequestAuthenticationResult;
import com.stormpath.sdk.oauth.OAuthRequests;
import com.stormpath.sdk.servlet.application.ApplicationResolver;
import com.stormpath.sdk.servlet.config.CookieConfig;
import com.stormpath.sdk.servlet.filter.oauth.AccessTokenResultFactory;
import com.stormpath.sdk.servlet.http.CookieResolver;
import com.stormpath.sdk.servlet.http.Resolver;
import com.stormpath.sdk.servlet.http.Saver;
import com.stormpath.sdk.servlet.http.impl.StormpathHttpServletRequest;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/stormpath/sdk/servlet/filter/account/CookieAccountResolver.class */
public class CookieAccountResolver implements Resolver<Account> {
    private static final Logger log = LoggerFactory.getLogger(CookieAccountResolver.class);
    private final JwtAccountResolver jwtAccountResolver;
    private final CookieResolver accessTokenCookieResolver;
    private final CookieResolver refreshTokenCookieResolver;
    private final Saver<AuthenticationResult> authenticationResultSaver;
    private final AccessTokenResultFactory accessTokenResultFactory;

    public CookieAccountResolver(CookieConfig cookieConfig, CookieConfig cookieConfig2, JwtAccountResolver jwtAccountResolver, Saver<AuthenticationResult> saver, AccessTokenResultFactory accessTokenResultFactory) {
        Assert.notNull(cookieConfig, "accessTokenCookieConfig cannot be null.");
        Assert.notNull(cookieConfig2, "refreshTokenCookieConfig cannot be null.");
        Assert.notNull(jwtAccountResolver, "jwtAccountResolver cannot be null.");
        Assert.notNull(accessTokenResultFactory, "accessTokenResultFactory cannot be null.");
        Assert.notNull(saver, "authenticationResultSaver cannot be null.");
        this.jwtAccountResolver = jwtAccountResolver;
        this.accessTokenCookieResolver = new CookieResolver(cookieConfig.getName());
        this.refreshTokenCookieResolver = new CookieResolver(cookieConfig2.getName());
        this.accessTokenResultFactory = accessTokenResultFactory;
        this.authenticationResultSaver = saver;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.stormpath.sdk.servlet.http.Resolver
    public Account get(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = this.accessTokenCookieResolver.get(httpServletRequest, httpServletResponse);
        if (cookie != null) {
            String value = cookie.getValue();
            if (Strings.hasText(value)) {
                try {
                    return getAccount(httpServletRequest, httpServletResponse, value);
                } catch (Exception e) {
                    log.debug("Encountered invalid JWT in access_token cookie. It might have expired, let's try with the refresh token now.", e);
                }
            }
        }
        return tryRefreshToken(httpServletRequest, httpServletResponse);
    }

    protected Account getAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Account accountByJwt = this.jwtAccountResolver.getAccountByJwt(httpServletRequest, httpServletResponse, str);
        if (accountByJwt != null) {
            httpServletRequest.setAttribute(StormpathHttpServletRequest.AUTH_TYPE_REQUEST_ATTRIBUTE_NAME, "FORM");
        }
        return accountByJwt;
    }

    protected void deleteCookie(HttpServletResponse httpServletResponse, Cookie cookie) {
        if (httpServletResponse.isCommitted() || cookie == null) {
            return;
        }
        cookie.setValue("");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    protected Account tryRefreshToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = this.refreshTokenCookieResolver.get(httpServletRequest, httpServletResponse);
        if (cookie == null) {
            return null;
        }
        String value = cookie.getValue();
        if (!Strings.hasText(value)) {
            return null;
        }
        try {
            OAuthGrantRequestAuthenticationResult authenticate = Authenticators.OAUTH_REFRESH_TOKEN_REQUEST_AUTHENTICATOR.forApplication(ApplicationResolver.INSTANCE.getApplication((ServletRequest) httpServletRequest)).authenticate(OAuthRequests.OAUTH_REFRESH_TOKEN_REQUEST.builder().setRefreshToken(value).build());
            this.authenticationResultSaver.set(httpServletRequest, httpServletResponse, this.accessTokenResultFactory.createAccessTokenResult(httpServletRequest, httpServletResponse, authenticate));
            return getAccount(httpServletRequest, httpServletResponse, authenticate.getAccessToken().getJwt());
        } catch (Exception e) {
            log.error("Encountered invalid JWT in refresh_token cookie. We will now delete both the access and refresh cookies for safety.", e);
            deleteCookie(httpServletResponse, cookie);
            deleteCookie(httpServletResponse, this.accessTokenCookieResolver.get(httpServletRequest, httpServletResponse));
            return null;
        }
    }
}
