package org.springframework.security.oauth2.client.web;

import java.io.IOException;
import java.util.Base64;
import java.util.HashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.class */
public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilter {
    public static final String DEFAULT_AUTHORIZATION_REQUEST_BASE_URI = "/oauth2/authorization";
    private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
    private final AntPathRequestMatcher authorizationRequestMatcher;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final OAuth2AuthorizationRequestUriBuilder authorizationRequestUriBuilder;
    private final RedirectStrategy authorizationRedirectStrategy;
    private final StringKeyGenerator stateGenerator;
    private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;

    public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
        this(clientRegistrationRepository, DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
    }

    public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository, String str) {
        this.authorizationRequestUriBuilder = new OAuth2AuthorizationRequestUriBuilder();
        this.authorizationRedirectStrategy = new DefaultRedirectStrategy();
        this.stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
        this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.authorizationRequestMatcher = new AntPathRequestMatcher(str + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}");
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!shouldRequestAuthorization(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            sendRedirectForAuthorization(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            unsuccessfulRedirectForAuthorization(httpServletRequest, httpServletResponse, e);
        }
    }

    private boolean shouldRequestAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.authorizationRequestMatcher.matches(httpServletRequest);
    }

    private void sendRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        OAuth2AuthorizationRequest.Builder implicit;
        String str = (String) this.authorizationRequestMatcher.extractUriTemplateVariables(httpServletRequest).get(REGISTRATION_ID_URI_VARIABLE_NAME);
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(str);
        if (findByRegistrationId == null) {
            throw new IllegalArgumentException("Invalid Client Registration with Id: " + str);
        }
        String expandRedirectUri = expandRedirectUri(httpServletRequest, findByRegistrationId);
        HashMap hashMap = new HashMap();
        hashMap.put("registration_id", findByRegistrationId.getRegistrationId());
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(findByRegistrationId.getAuthorizationGrantType())) {
            implicit = OAuth2AuthorizationRequest.authorizationCode();
        } else {
            if (!AuthorizationGrantType.IMPLICIT.equals(findByRegistrationId.getAuthorizationGrantType())) {
                throw new IllegalArgumentException("Invalid Authorization Grant Type for Client Registration (" + findByRegistrationId.getRegistrationId() + "): " + findByRegistrationId.getAuthorizationGrantType());
            }
            implicit = OAuth2AuthorizationRequest.implicit();
        }
        OAuth2AuthorizationRequest build = implicit.clientId(findByRegistrationId.getClientId()).authorizationUri(findByRegistrationId.getProviderDetails().getAuthorizationUri()).redirectUri(expandRedirectUri).scopes(findByRegistrationId.getScopes()).state(this.stateGenerator.generateKey()).additionalParameters(hashMap).build();
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(build.getGrantType())) {
            this.authorizationRequestRepository.saveAuthorizationRequest(build, httpServletRequest, httpServletResponse);
        }
        this.authorizationRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, this.authorizationRequestUriBuilder.build(build).toString());
    }

    private void unsuccessfulRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws IOException, ServletException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authorization Request failed: " + exc.toString(), exc);
        }
        httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), HttpStatus.BAD_REQUEST.getReasonPhrase());
    }

    private String expandRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration) {
        String uriString = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replaceQuery((String) null).replacePath(httpServletRequest.getContextPath()).build().toUriString();
        HashMap hashMap = new HashMap();
        hashMap.put("baseUrl", uriString);
        hashMap.put(REGISTRATION_ID_URI_VARIABLE_NAME, clientRegistration.getRegistrationId());
        return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate()).buildAndExpand(hashMap).toUriString();
    }
}
