package com.elitescloud.cloudt.authorization.api.provider.config.servlet.oauth2.handler;

import com.elitescloud.cloudt.authorization.api.provider.config.servlet.oauth2.OAuth2AuthorizationCodeRequestCache;
import com.elitescloud.cloudt.authorization.sdk.resolver.UniqueRequestResolver;
import com.elitescloud.cloudt.common.base.ApiCode;
import com.elitescloud.cloudt.common.base.ApiResult;
import java.io.IOException;
import java.time.Duration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeRequestAuthenticationConverter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/config/servlet/oauth2/handler/OAuth2ServerAuthenticationEntryPointHandler.class */
public class OAuth2ServerAuthenticationEntryPointHandler extends AbstractOAuth2ServerHandler implements AuthenticationEntryPoint {
    private static final Logger log = LogManager.getLogger(OAuth2ServerAuthenticationEntryPointHandler.class);
    private static final Duration CODE_REQUEST_TTL = Duration.ofMinutes(5);
    private final OAuth2AuthorizationCodeRequestCache authorizationCodeRequestCache;
    private final RequestMatcher oauth2AuthorizationEndpointRequestMatcher;
    private UniqueRequestResolver uniqueRequestResolver;

    public OAuth2ServerAuthenticationEntryPointHandler(OAuth2AuthorizationCodeRequestCache oAuth2AuthorizationCodeRequestCache, String str) {
        this.authorizationCodeRequestCache = oAuth2AuthorizationCodeRequestCache;
        this.oauth2AuthorizationEndpointRequestMatcher = buildOAuth2AuthorizationEndpointRequestMatcher(str);
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        log.info("未认证请求：{}", httpServletRequest.getRequestURI());
        cacheAuthorizeRequest(httpServletRequest, httpServletResponse);
        writeResponse(httpServletResponse, ApiResult.fail(ApiCode.UNAUTHORIZED, "未认证或身份认证已过期，请重新登录"), HttpStatus.UNAUTHORIZED);
    }

    private void cacheAuthorizeRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.oauth2AuthorizationEndpointRequestMatcher.matches(httpServletRequest)) {
            OAuth2AuthorizationCodeRequestAuthenticationToken convert = new OAuth2AuthorizationCodeRequestAuthenticationConverter().convert(httpServletRequest);
            if (this.uniqueRequestResolver != null) {
                this.authorizationCodeRequestCache.setAuthenticationToken(this.uniqueRequestResolver.signRequest(httpServletResponse), convert, CODE_REQUEST_TTL);
            }
        }
    }

    private RequestMatcher buildOAuth2AuthorizationEndpointRequestMatcher(String str) {
        return new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher(str, HttpMethod.GET.name()), new AntPathRequestMatcher(str, HttpMethod.POST.name())});
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.uniqueRequestResolver = uniqueRequestResolver;
    }
}
