package org.mitre.openid.connect.filter;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.mitre.openid.connect.web.AuthenticationTimeStamper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component("promptFilter")
/* loaded from: input_file:org/mitre/openid/connect/filter/PromptFilter.class */
public class PromptFilter extends GenericFilterBean {
    private Logger logger = LoggerFactory.getLogger(PromptFilter.class);
    public static final String PROMPTED = "PROMPT_FILTER_PROMPTED";
    public static final String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED";

    @Autowired
    private OAuth2RequestFactory authRequestFactory;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        AuthorizationRequest createAuthorizationRequest = this.authRequestFactory.createAuthorizationRequest(createRequestMap(httpServletRequest.getParameterMap()));
        if (createAuthorizationRequest.getExtensions().get("prompt") == null) {
            if (createAuthorizationRequest.getExtensions().get("max_age") == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String str = (String) createAuthorizationRequest.getExtensions().get("max_age");
            Date date = (Date) httpServletRequest.getSession().getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
            Date date2 = new Date();
            if (date != null) {
                if ((date2.getTime() - date.getTime()) / 1000 > Integer.valueOf(Integer.parseInt(str)).intValue()) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        List splitToList = Splitter.on(" ").splitToList(Strings.nullToEmpty((String) createAuthorizationRequest.getExtensions().get("prompt")));
        if (splitToList.contains("none")) {
            this.logger.info("Client requested no prompt");
            if (SecurityContextHolder.getContext().getAuthentication() != null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                this.logger.info("User not logged in, no prompt requested, returning 403 from filter");
                httpServletResponse.sendError(403, "Access Denied");
                return;
            }
        }
        if (!splitToList.contains("login")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(PROMPTED) != null) {
            session.removeAttribute(PROMPTED);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private Map<String, String> createRequestMap(Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            String[] strArr = map.get(str);
            if (strArr != null && strArr.length > 0) {
                hashMap.put(str, strArr[0]);
            }
        }
        return hashMap;
    }
}
