package io.micronaut.security.authentication;

import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.MediaType;
import io.micronaut.http.MutableHttpResponse;
import io.micronaut.http.server.exceptions.ExceptionHandler;
import io.micronaut.http.server.exceptions.response.ErrorContext;
import io.micronaut.http.server.exceptions.response.ErrorResponseProcessor;
import io.micronaut.security.config.RedirectConfiguration;
import io.micronaut.security.config.RedirectService;
import io.micronaut.security.errors.PriorToLoginPersistence;
import jakarta.inject.Singleton;
import java.net.URI;
import java.net.URISyntaxException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(classes = {ExceptionHandler.class})
/* loaded from: input_file:io/micronaut/security/authentication/DefaultAuthorizationExceptionHandler.class */
public class DefaultAuthorizationExceptionHandler implements ExceptionHandler<AuthorizationException, MutableHttpResponse<?>> {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultAuthorizationExceptionHandler.class);
    private final ErrorResponseProcessor<?> errorResponseProcessor;
    private final RedirectConfiguration redirectConfiguration;
    private final RedirectService redirectService;
    private final PriorToLoginPersistence priorToLoginPersistence;

    public DefaultAuthorizationExceptionHandler(ErrorResponseProcessor<?> errorResponseProcessor, RedirectConfiguration redirectConfiguration, RedirectService redirectService, @Nullable PriorToLoginPersistence priorToLoginPersistence) {
        this.errorResponseProcessor = errorResponseProcessor;
        this.redirectConfiguration = redirectConfiguration;
        this.redirectService = redirectService;
        this.priorToLoginPersistence = priorToLoginPersistence;
    }

    public MutableHttpResponse<?> handle(HttpRequest httpRequest, AuthorizationException authorizationException) {
        if (!shouldRedirect(httpRequest, authorizationException)) {
            return httpResponseWithStatus(httpRequest, authorizationException);
        }
        try {
            URI uri = new URI(getRedirectUri(httpRequest, authorizationException));
            if (httpRequest.getUri().equals(uri)) {
                return httpResponseWithStatus(httpRequest, authorizationException);
            }
            MutableHttpResponse<?> httpResponseWithStatus = httpResponseWithStatus(uri);
            if (this.priorToLoginPersistence != null && !authorizationException.isForbidden()) {
                this.priorToLoginPersistence.onUnauthorized(httpRequest, httpResponseWithStatus);
            }
            return httpResponseWithStatus;
        } catch (URISyntaxException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Rejection redirect URL is invalid", e);
            }
            return HttpResponse.serverError();
        }
    }

    protected MutableHttpResponse<?> httpResponseWithStatus(HttpRequest<?> httpRequest, AuthorizationException authorizationException) {
        HttpStatus httpStatus = authorizationException.isForbidden() ? HttpStatus.FORBIDDEN : HttpStatus.UNAUTHORIZED;
        return this.errorResponseProcessor.processResponse(ErrorContext.builder(httpRequest).cause(authorizationException).errorMessage(httpStatus.getReason()).build(), HttpResponse.status(httpStatus));
    }

    protected boolean shouldRedirect(HttpRequest<?> httpRequest, AuthorizationException authorizationException) {
        if (this.redirectConfiguration == null || !this.redirectConfiguration.isEnabled()) {
            return false;
        }
        return ((authorizationException.isForbidden() && this.redirectConfiguration.getForbidden().isEnabled()) || (!authorizationException.isForbidden() && this.redirectConfiguration.getUnauthorized().isEnabled())) && httpRequest.getHeaders().accept().stream().anyMatch(mediaType -> {
            return mediaType.equals(MediaType.TEXT_HTML_TYPE);
        });
    }

    protected String getRedirectUri(HttpRequest<?> httpRequest, AuthorizationException authorizationException) {
        String forbiddenUrl = authorizationException.isForbidden() ? this.redirectService.forbiddenUrl() : this.redirectService.unauthorizedUrl();
        if (LOG.isDebugEnabled()) {
            LOG.debug("redirect uri: {}", forbiddenUrl);
        }
        return forbiddenUrl;
    }

    protected MutableHttpResponse<?> httpResponseWithStatus(URI uri) {
        return HttpResponse.status(HttpStatus.SEE_OTHER).headers(mutableHttpHeaders -> {
            mutableHttpHeaders.location(uri);
        });
    }
}
