package org.dhatim.dropwizard.jwt.cookie.authentication;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.security.Key;
import java.security.Principal;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.function.Function;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import org.dhatim.dropwizard.jwt.cookie.authentication.JwtCookiePrincipal;

/* loaded from: input_file:org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthResponseFilter.class */
class JwtCookieAuthResponseFilter<P extends JwtCookiePrincipal> implements ContainerResponseFilter {
    private static final String COOKIE_TEMPLATE = "=%s; Path=/";
    private static final String SECURE_FLAG = "; Secure";
    private static final String HTTP_ONLY_FLAG = "; HttpOnly";
    private static final String DELETE_COOKIE_TEMPLATE = "=; Path=/; expires=Thu, 01-Jan-70 00:00:00 GMT";
    private final Class<P> principalType;
    private final Function<P, Claims> serializer;
    private final String cookieName;
    private final String sessionCookieFormat;
    private final String persistentCookieFormat;
    private final String deleteCookie;
    private final Key signingKey;
    private final int volatileSessionDuration;
    private final int persistentSessionDuration;

    public JwtCookieAuthResponseFilter(Class<P> cls, Function<P, Claims> function, String str, boolean z, boolean z2, Key key, int i, int i2) {
        this.principalType = cls;
        this.serializer = function;
        this.cookieName = str;
        StringBuilder append = new StringBuilder(str).append(COOKIE_TEMPLATE);
        if (z) {
            append.append(SECURE_FLAG);
        }
        if (z2) {
            append.append(HTTP_ONLY_FLAG);
        }
        this.sessionCookieFormat = append.toString();
        this.persistentCookieFormat = this.sessionCookieFormat + "; Max-Age=%d;";
        this.deleteCookie = str + DELETE_COOKIE_TEMPLATE;
        this.signingKey = key;
        this.volatileSessionDuration = i;
        this.persistentSessionDuration = i2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        Principal userPrincipal = containerRequestContext.getSecurityContext().getUserPrincipal();
        if (containerRequestContext.getSecurityContext() instanceof JwtCookieSecurityContext) {
            if (!this.principalType.isInstance(userPrincipal)) {
                if (containerRequestContext.getCookies().containsKey(this.cookieName)) {
                    containerResponseContext.getHeaders().add("Set-Cookie", this.deleteCookie);
                }
            } else if (containerRequestContext.getProperty(DontRefreshSessionFilter.DONT_REFRESH_SESSION_PROPERTY) != Boolean.TRUE) {
                JwtCookiePrincipal jwtCookiePrincipal = (JwtCookiePrincipal) userPrincipal;
                containerResponseContext.getHeaders().add("Set-Cookie", jwtCookiePrincipal.isPersistent() ? String.format(this.persistentCookieFormat, getJwt(jwtCookiePrincipal, this.persistentSessionDuration), Integer.valueOf(this.persistentSessionDuration)) : String.format(this.sessionCookieFormat, getJwt(jwtCookiePrincipal, this.volatileSessionDuration)));
                CurrentPrincipal.remove();
            }
        }
    }

    private String getJwt(P p, int i) {
        return Jwts.builder().signWith(SignatureAlgorithm.HS256, this.signingKey).setClaims(this.serializer.apply(p)).setExpiration(Date.from(Instant.now().plus(i, (TemporalUnit) ChronoUnit.SECONDS))).compact();
    }
}
