package org.springframework.security.oauth2.client.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.3.7.jar:org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.class */
public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilter {
    public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization";
    private final ThrowableAnalyzer throwableAnalyzer;
    private RedirectStrategy authorizationRedirectStrategy;
    private OAuth2AuthorizationRequestResolver authorizationRequestResolver;
    private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
    private RequestCache requestCache;
    private AuthenticationFailureHandler authenticationFailureHandler;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.3.7.jar:org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.security.web.util.ThrowableAnalyzer
        public void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, th -> {
                ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                return ((ServletException) th).getRootCause();
            });
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.3.7.jar:org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter$OAuth2AuthorizationRequestException.class */
    private static final class OAuth2AuthorizationRequestException extends AuthenticationException {
        OAuth2AuthorizationRequestException(Throwable th) {
            super(th.getMessage(), th);
        }
    }

    public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
        this(clientRegistrationRepository, DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
    }

    public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository, String str) {
        this.throwableAnalyzer = new DefaultThrowableAnalyzer();
        this.authorizationRedirectStrategy = new DefaultRedirectStrategy();
        this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
        this.requestCache = new HttpSessionRequestCache();
        this.authenticationFailureHandler = this::unsuccessfulRedirectForAuthorization;
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.authorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, str);
    }

    public OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver oAuth2AuthorizationRequestResolver) {
        this.throwableAnalyzer = new DefaultThrowableAnalyzer();
        this.authorizationRedirectStrategy = new DefaultRedirectStrategy();
        this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
        this.requestCache = new HttpSessionRequestCache();
        this.authenticationFailureHandler = this::unsuccessfulRedirectForAuthorization;
        Assert.notNull(oAuth2AuthorizationRequestResolver, "authorizationRequestResolver cannot be null");
        this.authorizationRequestResolver = oAuth2AuthorizationRequestResolver;
    }

    public void setAuthorizationRedirectStrategy(RedirectStrategy redirectStrategy) {
        Assert.notNull(redirectStrategy, "authorizationRedirectStrategy cannot be null");
        this.authorizationRedirectStrategy = redirectStrategy;
    }

    public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
    }

    public final void setRequestCache(RequestCache requestCache) {
        Assert.notNull(requestCache, "requestCache cannot be null");
        this.requestCache = requestCache;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            OAuth2AuthorizationRequest resolve = this.authorizationRequestResolver.resolve(httpServletRequest);
            if (resolve != null) {
                sendRedirectForAuthorization(httpServletRequest, httpServletResponse, resolve);
                return;
            }
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                ClientAuthorizationRequiredException clientAuthorizationRequiredException = (ClientAuthorizationRequiredException) this.throwableAnalyzer.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, this.throwableAnalyzer.determineCauseChain(e2));
                if (clientAuthorizationRequiredException == null) {
                    if (e2 instanceof ServletException) {
                        throw ((ServletException) e2);
                    }
                    if (!(e2 instanceof RuntimeException)) {
                        throw new RuntimeException(e2);
                    }
                    throw ((RuntimeException) e2);
                }
                try {
                    OAuth2AuthorizationRequest resolve2 = this.authorizationRequestResolver.resolve(httpServletRequest, clientAuthorizationRequiredException.getClientRegistrationId());
                    if (resolve2 == null) {
                        throw clientAuthorizationRequiredException;
                    }
                    this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
                    sendRedirectForAuthorization(httpServletRequest, httpServletResponse, resolve2);
                } catch (Exception e3) {
                    this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new OAuth2AuthorizationRequestException(e2));
                }
            }
        } catch (Exception e4) {
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new OAuth2AuthorizationRequestException(e4));
        }
    }

    private void sendRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuth2AuthorizationRequest oAuth2AuthorizationRequest) throws IOException {
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(oAuth2AuthorizationRequest.getGrantType())) {
            this.authorizationRequestRepository.saveAuthorizationRequest(oAuth2AuthorizationRequest, httpServletRequest, httpServletResponse);
        }
        this.authorizationRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, oAuth2AuthorizationRequest.getAuthorizationRequestUri());
    }

    private void unsuccessfulRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        Throwable cause = authenticationException.getCause();
        LogMessage format = LogMessage.format("Authorization Request failed: %s", cause);
        if (InvalidClientRegistrationIdException.class.isAssignableFrom(cause.getClass())) {
            this.logger.warn(format, authenticationException);
        } else {
            this.logger.error(format, authenticationException);
        }
        httpServletResponse.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(), HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
    }
}
