package io.mangoo.routing.handlers;

import com.google.inject.Inject;
import io.mangoo.core.Application;
import io.mangoo.core.Config;
import io.mangoo.crypto.Crypto;
import io.mangoo.enums.ClaimKey;
import io.mangoo.enums.Required;
import io.mangoo.routing.Attachment;
import io.mangoo.routing.bindings.Authentication;
import io.mangoo.routing.bindings.Flash;
import io.mangoo.routing.bindings.Form;
import io.mangoo.routing.bindings.Session;
import io.mangoo.utils.CodecUtils;
import io.mangoo.utils.DateUtils;
import io.mangoo.utils.RequestUtils;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.Cookie;
import io.undertow.server.handlers.CookieImpl;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.util.Objects;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.keys.HmacKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:io/mangoo/routing/handlers/OutboundCookiesHandler.class */
public class OutboundCookiesHandler implements HttpHandler {
    private static final Logger LOG = LogManager.getLogger(OutboundCookiesHandler.class);
    private static final int SIXTY = 60;
    private static final String SAME_SITE_MODE = "Strict";
    private Attachment attachment;
    private Config config;

    @Inject
    public OutboundCookiesHandler(Config config) {
        this.config = (Config) Objects.requireNonNull(config, Required.CONFIG.toString());
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        this.attachment = (Attachment) httpServerExchange.getAttachment(RequestUtils.getAttachmentKey());
        setSessionCookie(httpServerExchange);
        setFlashCookie(httpServerExchange);
        setAuthenticationCookie(httpServerExchange);
        nextHandler(httpServerExchange);
    }

    protected void setSessionCookie(HttpServerExchange httpServerExchange) {
        Session session = this.attachment.getSession();
        if (session.isInvalid()) {
            httpServerExchange.setResponseCookie(new CookieImpl(this.config.getSessionCookieName()).setSecure(this.config.isSessionCookieSecure()).setHttpOnly(true).setPath("/").setMaxAge(0).setSameSite(true).setSameSiteMode(SAME_SITE_MODE).setDiscard(true));
            return;
        }
        if (session.hasChanges()) {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setClaim(ClaimKey.AUTHENTICITY.toString(), session.getAuthenticity());
            jwtClaims.setClaim(ClaimKey.DATA.toString(), session.getValues());
            if (session.getExpires() == null) {
                jwtClaims.setClaim(ClaimKey.EXPIRES.toString(), "-1");
            } else {
                jwtClaims.setClaim(ClaimKey.EXPIRES.toString(), session.getExpires().format(DateUtils.formatter));
            }
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setKey(new HmacKey(this.config.getSessionCookieSignKey().getBytes(StandardCharsets.UTF_8)));
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setAlgorithmHeaderValue("HS512");
            try {
                Cookie secure = new CookieImpl(this.config.getSessionCookieName()).setValue(((Crypto) Application.getInstance(Crypto.class)).encrypt(jsonWebSignature.getCompactSerialization(), this.config.getSessionCookieEncryptionKey())).setSameSite(true).setSameSiteMode(SAME_SITE_MODE).setHttpOnly(true).setPath("/").setSecure(this.config.isSessionCookieSecure());
                if (session.getExpires() != null) {
                    secure.setExpires(DateUtils.localDateTimeToDate(session.getExpires()));
                }
                httpServerExchange.setResponseCookie(secure);
            } catch (Exception e) {
                LOG.error("Failed to generate session cookie", e);
            }
        }
    }

    protected void setAuthenticationCookie(HttpServerExchange httpServerExchange) {
        Authentication authentication = this.attachment.getAuthentication();
        if (authentication.isInvalid() || authentication.isLogout()) {
            httpServerExchange.setResponseCookie(new CookieImpl(this.config.getAuthenticationCookieName()).setSecure(this.config.isAuthenticationCookieSecure()).setHttpOnly(true).setPath("/").setMaxAge(0).setSameSite(true).setSameSiteMode(SAME_SITE_MODE).setDiscard(true));
            return;
        }
        if (authentication.isValid()) {
            if (authentication.isRememberMe()) {
                authentication.withExpires(LocalDateTime.now().plusHours(this.config.getAuthenticationCookieRememberExpires()));
            }
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setSubject(authentication.getSubject());
            jwtClaims.setClaim(ClaimKey.TWO_FACTOR.toString(), Boolean.valueOf(authentication.isTwoFactor()));
            if (authentication.getExpires() == null) {
                jwtClaims.setClaim(ClaimKey.EXPIRES.toString(), "-1");
            } else {
                jwtClaims.setClaim(ClaimKey.EXPIRES.toString(), authentication.getExpires().format(DateUtils.formatter));
            }
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setKey(new HmacKey(this.config.getAuthenticationCookieSignKey().getBytes(StandardCharsets.UTF_8)));
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setAlgorithmHeaderValue("HS512");
            try {
                Cookie sameSiteMode = new CookieImpl(this.config.getAuthenticationCookieName()).setValue(((Crypto) Application.getInstance(Crypto.class)).encrypt(jsonWebSignature.getCompactSerialization(), this.config.getAuthenticationCookieEncryptionKey())).setSecure(this.config.isAuthenticationCookieSecure()).setHttpOnly(true).setSameSite(true).setPath("/").setSameSiteMode(SAME_SITE_MODE);
                if (authentication.getExpires() != null) {
                    sameSiteMode.setExpires(DateUtils.localDateTimeToDate(authentication.getExpires()));
                }
                httpServerExchange.setResponseCookie(sameSiteMode);
            } catch (JoseException e) {
                LOG.error("Failed to generate authentication cookie", e);
            }
        }
    }

    protected void setFlashCookie(HttpServerExchange httpServerExchange) {
        Flash flash = this.attachment.getFlash();
        Form form = this.attachment.getForm();
        if (flash.isDiscard() || flash.isInvalid()) {
            httpServerExchange.setResponseCookie(new CookieImpl(this.config.getFlashCookieName()).setHttpOnly(true).setSecure(this.config.isFlashCookieSecure()).setPath("/").setSameSite(true).setSameSiteMode(SAME_SITE_MODE).setDiscard(true).setMaxAge(0));
            return;
        }
        if (flash.hasContent() || form.flashify()) {
            try {
                JwtClaims jwtClaims = new JwtClaims();
                jwtClaims.setClaim(ClaimKey.DATA.toString(), flash.getValues());
                if (form.flashify()) {
                    jwtClaims.setClaim(ClaimKey.FORM.toString(), CodecUtils.serializeToBase64(form));
                }
                LocalDateTime plusSeconds = LocalDateTime.now().plusSeconds(60L);
                jwtClaims.setClaim(ClaimKey.EXPIRES.toString(), plusSeconds.format(DateUtils.formatter));
                JsonWebSignature jsonWebSignature = new JsonWebSignature();
                jsonWebSignature.setKey(new HmacKey(this.config.getFlashCookieSignKey().getBytes(StandardCharsets.UTF_8)));
                jsonWebSignature.setPayload(jwtClaims.toJson());
                jsonWebSignature.setAlgorithmHeaderValue("HS512");
                httpServerExchange.setResponseCookie(new CookieImpl(this.config.getFlashCookieName()).setValue(((Crypto) Application.getInstance(Crypto.class)).encrypt(jsonWebSignature.getCompactSerialization(), this.config.getFlashCookieEncryptionKey())).setSecure(this.config.isFlashCookieSecure()).setHttpOnly(true).setSameSite(true).setPath("/").setSameSiteMode(SAME_SITE_MODE).setExpires(DateUtils.localDateTimeToDate(plusSeconds)));
            } catch (Exception e) {
                LOG.error("Failed to generate flash cookie", e);
            }
        }
    }

    protected void nextHandler(HttpServerExchange httpServerExchange) throws Exception {
        if (this.config.isCorsEnable()) {
            ((CorsHandler) Application.getInstance(CorsHandler.class)).handleRequest(httpServerExchange);
        } else {
            ((ResponseHandler) Application.getInstance(ResponseHandler.class)).handleRequest(httpServerExchange);
        }
    }
}
