package org.rootservices.otter.security.session.between;

import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Optional;
import org.rootservices.jwt.config.JwtAppFactory;
import org.rootservices.jwt.entity.jwk.SymmetricKey;
import org.rootservices.jwt.exception.InvalidJWT;
import org.rootservices.jwt.jwe.factory.exception.CipherException;
import org.rootservices.jwt.jwe.serialization.exception.KeyException;
import org.rootservices.jwt.serialization.exception.DecryptException;
import org.rootservices.jwt.serialization.exception.JsonToJwtException;
import org.rootservices.otter.controller.entity.Cookie;
import org.rootservices.otter.controller.entity.StatusCode;
import org.rootservices.otter.controller.entity.request.Request;
import org.rootservices.otter.controller.entity.response.Response;
import org.rootservices.otter.router.entity.Method;
import org.rootservices.otter.router.entity.between.Between;
import org.rootservices.otter.router.exception.HaltException;
import org.rootservices.otter.security.exception.SessionCtorException;
import org.rootservices.otter.security.session.between.exception.InvalidSessionException;
import org.rootservices.otter.security.session.between.exception.SessionDecryptException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/rootservices/otter/security/session/between/DecryptSession.class */
public class DecryptSession<S, U> implements Between<S, U> {
    public static final String NOT_A_JWT = "Session cookie was not a JWE: %s";
    public static final String COULD_NOT_GET_HEADER_JWE = "Session cookie did have a header member: %s";
    public static final String COULD_NOT_DESERIALIZE_JWE = "Session cookie could not be de-serialized to JSON: %s";
    public static final String COULD_NOT_DECRYPT_JWE = "Session cookie could not be decrypted: %s";
    public static final String COULD_NOT_DESERIALIZE = "decrypted payload could be deserialized to session: %s";
    public static final String INVALID_SESSION_COOKIE = "Invalid value for the session cookie";
    public static final String COOKIE_NOT_PRESENT = "session cookie not present.";
    public static final String FAILED_TO_COPY_REQUEST_SESSION = "failed to copy request session";
    public static final String COULD_NOT_CALL_THE_SESSION_COPY_CONSTRUCTOR = "Could not call the session's copy constructor";
    protected static Logger LOGGER = LoggerFactory.getLogger(DecryptSession.class);
    private Constructor<S> ctor;
    private String sessionCookieName;
    private JwtAppFactory jwtAppFactory;
    private SymmetricKey preferredKey;
    private Map<String, SymmetricKey> rotationKeys;
    private ObjectReader objectReader;
    private Boolean required;

    public DecryptSession(Constructor<S> constructor, String str, JwtAppFactory jwtAppFactory, SymmetricKey symmetricKey, Map<String, SymmetricKey> map, ObjectReader objectReader, Boolean bool) {
        this.ctor = constructor;
        this.sessionCookieName = str;
        this.jwtAppFactory = jwtAppFactory;
        this.preferredKey = symmetricKey;
        this.rotationKeys = map;
        this.objectReader = objectReader;
        this.required = bool;
    }

    @Override // org.rootservices.otter.router.entity.between.Between
    public void process(Method method, Request<S, U> request, Response<S> response) throws HaltException {
        Cookie cookie = request.getCookies().get(this.sessionCookieName);
        if (cookie == null && this.required.booleanValue()) {
            HaltException haltException = new HaltException(COOKIE_NOT_PRESENT);
            onHalt(haltException, response);
            throw haltException;
        }
        if (cookie == null && !this.required.booleanValue()) {
            request.setSession(Optional.empty());
            return;
        }
        try {
            Optional<S> of = Optional.of(decrypt(cookie.getValue()));
            request.setSession(of);
            try {
                response.setSession(Optional.of(copy(of.get())));
            } catch (SessionCtorException e) {
                LOGGER.error(e.getMessage(), e);
                HaltException haltException2 = new HaltException(FAILED_TO_COPY_REQUEST_SESSION, e);
                onHalt(haltException2, response);
                throw haltException2;
            }
        } catch (InvalidSessionException e2) {
            LOGGER.error(e2.getMessage(), e2);
            HaltException haltException3 = new HaltException(INVALID_SESSION_COOKIE, e2);
            onHalt(haltException3, response);
            throw haltException3;
        } catch (SessionDecryptException e3) {
            LOGGER.error(e3.getMessage(), e3);
            HaltException haltException4 = new HaltException(INVALID_SESSION_COOKIE, e3);
            onHalt(haltException4, response);
            throw haltException4;
        }
    }

    protected S copy(S s) throws SessionCtorException {
        try {
            return this.ctor.newInstance(s);
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
            throw new SessionCtorException(COULD_NOT_CALL_THE_SESSION_COPY_CONSTRUCTOR, e);
        }
    }

    protected void onHalt(HaltException haltException, Response response) {
        response.setStatusCode(StatusCode.UNAUTHORIZED);
        response.getCookies().remove(this.sessionCookieName);
    }

    protected S decrypt(String str) throws InvalidSessionException, SessionDecryptException {
        try {
            try {
                return toSession(this.jwtAppFactory.jweDirectDesializer().stringToJWE(str, getKey((String) this.jwtAppFactory.headerDeserializer().toHeader(str).getKeyId().get())).getPayload());
            } catch (DecryptException | CipherException | KeyException e) {
                throw new SessionDecryptException(String.format(COULD_NOT_DECRYPT_JWE, str), e);
            } catch (JsonToJwtException e2) {
                throw new InvalidSessionException(String.format(COULD_NOT_DESERIALIZE_JWE, str), e2);
            }
        } catch (InvalidJWT e3) {
            throw new InvalidSessionException(String.format(COULD_NOT_GET_HEADER_JWE, str), e3);
        } catch (JsonToJwtException e4) {
            throw new InvalidSessionException(String.format(NOT_A_JWT, str), e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected S toSession(byte[] bArr) {
        S s = null;
        try {
            s = this.objectReader.readValue(bArr);
        } catch (IOException e) {
            LOGGER.error(String.format(COULD_NOT_DESERIALIZE, new String(bArr, StandardCharsets.UTF_8)));
            LOGGER.error(e.getMessage(), e);
        }
        return s;
    }

    protected SymmetricKey getKey(String str) {
        return ((String) this.preferredKey.getKeyId().get()).equals(str) ? this.preferredKey : this.rotationKeys.get(str);
    }

    protected void setPreferredKey(SymmetricKey symmetricKey) {
        this.preferredKey = symmetricKey;
    }

    public Boolean getRequired() {
        return this.required;
    }
}
