package org.springframework.security.oauth2.server.authorization.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2DeviceCode;
import org.springframework.security.oauth2.core.OAuth2UserCode;
import org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse;
import org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2DeviceAuthorizationRequestAuthenticationConverter;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2ErrorAuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.util.RedirectUrlBuilder;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilter.class */
public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerRequestFilter {
    private static final String DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI = "/oauth2/device_authorization";
    private final AuthenticationManager authenticationManager;
    private final RequestMatcher deviceAuthorizationEndpointMatcher;
    private final HttpMessageConverter<OAuth2DeviceAuthorizationResponse> deviceAuthorizationHttpResponseConverter;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private AuthenticationConverter authenticationConverter;
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    private AuthenticationFailureHandler authenticationFailureHandler;
    private String verificationUri;

    public OAuth2DeviceAuthorizationEndpointFilter(AuthenticationManager authenticationManager) {
        this(authenticationManager, DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI);
    }

    public OAuth2DeviceAuthorizationEndpointFilter(AuthenticationManager authenticationManager, String str) {
        this.deviceAuthorizationHttpResponseConverter = new OAuth2DeviceAuthorizationResponseHttpMessageConverter();
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.authenticationSuccessHandler = this::sendDeviceAuthorizationResponse;
        this.authenticationFailureHandler = new OAuth2ErrorAuthenticationFailureHandler();
        this.verificationUri = "/oauth2/device_verification";
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.hasText(str, "deviceAuthorizationEndpointUri cannot be empty");
        this.authenticationManager = authenticationManager;
        this.deviceAuthorizationEndpointMatcher = new AntPathRequestMatcher(str, HttpMethod.POST.name());
        this.authenticationConverter = new OAuth2DeviceAuthorizationRequestAuthenticationConverter();
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.deviceAuthorizationEndpointMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            AbstractAuthenticationToken convert = this.authenticationConverter.convert(httpServletRequest);
            if (convert instanceof AbstractAuthenticationToken) {
                convert.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            }
            this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(convert));
        } catch (OAuth2AuthenticationException e) {
            SecurityContextHolder.clearContext();
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Device authorization request failed: %s", e.getError()), e);
            }
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        }
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    public void setVerificationUri(String str) {
        Assert.hasText(str, "verificationUri cannot be empty");
        this.verificationUri = str;
    }

    private void sendDeviceAuthorizationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        OAuth2DeviceAuthorizationRequestAuthenticationToken oAuth2DeviceAuthorizationRequestAuthenticationToken = (OAuth2DeviceAuthorizationRequestAuthenticationToken) authentication;
        OAuth2DeviceCode deviceCode = oAuth2DeviceAuthorizationRequestAuthenticationToken.getDeviceCode();
        OAuth2UserCode userCode = oAuth2DeviceAuthorizationRequestAuthenticationToken.getUserCode();
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(resolveVerificationUri(httpServletRequest));
        this.deviceAuthorizationHttpResponseConverter.write(OAuth2DeviceAuthorizationResponse.with(deviceCode, userCode).verificationUri(fromUriString.build().toUriString()).verificationUriComplete(fromUriString.queryParam("user_code", new Object[]{userCode.getTokenValue()}).build().toUriString()).build(), (MediaType) null, new ServletServerHttpResponse(httpServletResponse));
    }

    private String resolveVerificationUri(HttpServletRequest httpServletRequest) {
        if (UrlUtils.isAbsoluteUrl(this.verificationUri)) {
            return this.verificationUri;
        }
        RedirectUrlBuilder redirectUrlBuilder = new RedirectUrlBuilder();
        redirectUrlBuilder.setScheme(httpServletRequest.getScheme());
        redirectUrlBuilder.setServerName(httpServletRequest.getServerName());
        redirectUrlBuilder.setPort(httpServletRequest.getServerPort());
        redirectUrlBuilder.setContextPath(httpServletRequest.getContextPath());
        redirectUrlBuilder.setPathInfo(this.verificationUri);
        return redirectUrlBuilder.getUrl();
    }
}
