package org.springframework.security.oauth2.server.authorization.web;

import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.class */
public final class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
    private static final String DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI = "/oauth2/revoke";
    private final AuthenticationManager authenticationManager;
    private final RequestMatcher tokenRevocationEndpointMatcher;
    private AuthenticationConverter authenticationConverter;
    private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter;
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    private AuthenticationFailureHandler authenticationFailureHandler;

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter$DefaultTokenRevocationAuthenticationConverter.class */
    private static class DefaultTokenRevocationAuthenticationConverter implements AuthenticationConverter {
        private DefaultTokenRevocationAuthenticationConverter() {
        }

        public Authentication convert(HttpServletRequest httpServletRequest) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(httpServletRequest);
            String str = (String) parameters.getFirst("token");
            if (!StringUtils.hasText(str) || ((List) parameters.get("token")).size() != 1) {
                OAuth2TokenRevocationEndpointFilter.throwError("invalid_request", "token");
            }
            String str2 = (String) parameters.getFirst("token_type_hint");
            if (StringUtils.hasText(str2) && ((List) parameters.get("token_type_hint")).size() != 1) {
                OAuth2TokenRevocationEndpointFilter.throwError("invalid_request", "token_type_hint");
            }
            return new OAuth2TokenRevocationAuthenticationToken(str, authentication, str2);
        }
    }

    public OAuth2TokenRevocationEndpointFilter(AuthenticationManager authenticationManager) {
        this(authenticationManager, DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI);
    }

    public OAuth2TokenRevocationEndpointFilter(AuthenticationManager authenticationManager, String str) {
        this.authenticationConverter = new DefaultTokenRevocationAuthenticationConverter();
        this.errorHttpResponseConverter = new OAuth2ErrorHttpMessageConverter();
        this.authenticationSuccessHandler = this::sendRevocationSuccessResponse;
        this.authenticationFailureHandler = this::sendErrorResponse;
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.hasText(str, "tokenRevocationEndpointUri cannot be empty");
        this.authenticationManager = authenticationManager;
        this.tokenRevocationEndpointMatcher = new AntPathRequestMatcher(str, HttpMethod.POST.name());
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.tokenRevocationEndpointMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(this.authenticationConverter.convert(httpServletRequest)));
        } catch (OAuth2AuthenticationException e) {
            SecurityContextHolder.clearContext();
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        }
    }

    public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    private void sendRevocationSuccessResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        httpServletResponse.setStatus(HttpStatus.OK.value());
    }

    private void sendErrorResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        OAuth2Error error = ((OAuth2AuthenticationException) authenticationException).getError();
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        servletServerHttpResponse.setStatusCode(HttpStatus.BAD_REQUEST);
        this.errorHttpResponseConverter.write(error, (MediaType) null, servletServerHttpResponse);
    }

    private static void throwError(String str, String str2) {
        throw new OAuth2AuthenticationException(new OAuth2Error(str, "OAuth 2.0 Token Revocation Parameter: " + str2, "https://datatracker.ietf.org/doc/html/rfc7009#section-2.1"));
    }
}
