package no.nav.common.auth;

import java.io.IOException;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.nav.sbl.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/auth/LoginFilter.class */
public class LoginFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(LoginFilter.class);
    private final List<LoginProvider> loginProviders;
    private final List<String> publicPaths;
    private final AuthorizationModule authorizationModule;
    private List<Pattern> publicPatterns;

    public LoginFilter(List<LoginProvider> list, AuthorizationModule authorizationModule, List<String> list2) {
        this.loginProviders = list;
        this.publicPaths = list2;
        this.authorizationModule = authorizationModule;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String contextPath = contextPath(filterConfig);
        this.publicPatterns = (List) this.publicPaths.stream().map(str -> {
            return "^" + contextPath + str;
        }).map(Pattern::compile).collect(Collectors.toList());
        log.info("initialized {} with public patterns: {}", LoginFilter.class.getName(), this.publicPatterns);
    }

    private String contextPath(FilterConfig filterConfig) {
        String contextPath = filterConfig.getServletContext().getContextPath();
        if (contextPath == null || contextPath.length() <= 1) {
            contextPath = "";
        }
        return contextPath;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Optional<Subject> resolveSubject = resolveSubject(httpServletRequest, httpServletResponse);
        if (resolveSubject.isPresent()) {
            SubjectHandler.withSubject(resolveSubject.get(), () -> {
                filterChain.doFilter(servletRequest, servletResponse);
            });
        } else if (isPublic(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            unAuthenticated(httpServletRequest, httpServletResponse);
        }
    }

    private void unAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Optional findFirst = this.loginProviders.stream().flatMap(loginProvider -> {
            return (Stream) loginProvider.redirectUrl(httpServletRequest, httpServletResponse).map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).findFirst();
        if (acceptsHtml(httpServletRequest) && !appToAppRequest(httpServletRequest) && findFirst.isPresent()) {
            httpServletResponse.sendRedirect((String) findFirst.get());
        } else {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "Bearer");
        }
    }

    private boolean appToAppRequest(HttpServletRequest httpServletRequest) {
        return StringUtils.notNullOrEmpty(httpServletRequest.getHeader("Nav-Consumer-Id"));
    }

    static boolean acceptsHtml(HttpServletRequest httpServletRequest) {
        return ((Boolean) StringUtils.of(httpServletRequest.getHeader("Accept")).map(str -> {
            return Boolean.valueOf(str.contains("*/*") || str.contains("text/html"));
        }).orElse(false)).booleanValue();
    }

    boolean isPublic(HttpServletRequest httpServletRequest) {
        return this.publicPatterns.stream().anyMatch(pattern -> {
            return pattern.matcher(httpServletRequest.getRequestURI()).matches();
        });
    }

    private Optional<Subject> resolveSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.loginProviders.stream().flatMap(loginProvider -> {
            return (Stream) loginProvider.authenticate(httpServletRequest, httpServletResponse).map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).filter(subject -> {
            return this.authorizationModule == null || this.authorizationModule.authorized(subject, httpServletRequest);
        }).findFirst();
    }

    public void destroy() {
    }
}
