package com.elitescloud.boot.auth.provider.config.servlet.oauth2.handler;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.auth.provider.common.LoginParameterNames;
import com.elitescloud.boot.auth.provider.config.servlet.oauth2.OAuth2AuthorizationCodeRequestCache;
import com.elitescloud.boot.auth.resolver.UniqueRequestResolver;
import com.elitescloud.boot.util.ObjUtil;
import java.io.IOException;
import java.net.URI;
import java.time.Duration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotBlank;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeRequestAuthenticationConverter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/config/servlet/oauth2/handler/OAuth2ServerLoginUrlAuthenticationEntryPointHandler.class */
public class OAuth2ServerLoginUrlAuthenticationEntryPointHandler extends LoginUrlAuthenticationEntryPoint {
    private static final Logger log = LogManager.getLogger(OAuth2ServerLoginUrlAuthenticationEntryPointHandler.class);
    private final AuthorizationProperties properties;
    private final RegisteredClientRepository registeredClientRepository;
    private final OAuth2AuthorizationCodeRequestCache authorizationCodeRequestCache;
    private UniqueRequestResolver uniqueRequestResolver;
    private RequestCache requestCache;
    private final ThreadLocal<String> seqLocal;

    public OAuth2ServerLoginUrlAuthenticationEntryPointHandler(AuthorizationProperties authorizationProperties, RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationCodeRequestCache oAuth2AuthorizationCodeRequestCache) {
        super(authorizationProperties.getLoginPage());
        this.uniqueRequestResolver = null;
        this.seqLocal = new ThreadLocal<>();
        this.properties = authorizationProperties;
        this.registeredClientRepository = registeredClientRepository;
        this.authorizationCodeRequestCache = oAuth2AuthorizationCodeRequestCache;
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        log.info("{}未认证，将转向登录页", httpServletRequest.getRequestURI());
        if (this.uniqueRequestResolver != null) {
            OAuth2AuthorizationCodeRequestAuthenticationToken convert = new OAuth2AuthorizationCodeRequestAuthenticationConverter().convert(httpServletRequest);
            String signRequest = this.uniqueRequestResolver.signRequest(httpServletResponse);
            this.seqLocal.set(signRequest);
            this.authorizationCodeRequestCache.setAuthenticationToken(signRequest, convert, Duration.ofDays(7L));
        }
        if (this.requestCache != null) {
            this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
        }
        try {
            super.commence(httpServletRequest, httpServletResponse, authenticationException);
            this.seqLocal.remove();
        } catch (Throwable th) {
            this.seqLocal.remove();
            throw th;
        }
    }

    protected String determineUrlToUseForThisRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        String obtainClientId = obtainClientId(httpServletRequest);
        log.info("authorize client: {}", obtainClientId);
        if (StringUtils.hasText(obtainClientId)) {
            String obtainClientLoginPage = obtainClientLoginPage(obtainClientId);
            if (StringUtils.hasText(obtainClientLoginPage)) {
                String str = this.seqLocal.get();
                if (StringUtils.hasText(str)) {
                    obtainClientLoginPage = (obtainClientLoginPage.contains("?") ? obtainClientLoginPage + "&" : obtainClientLoginPage + "?") + "ClientId=" + obtainClientId + "Urq=" + str;
                }
                String normalizeRedirectUrl = normalizeRedirectUrl(obtainClientLoginPage, httpServletRequest.getHeader("Referer"));
                log.info("client customize loginUrl：{}", normalizeRedirectUrl);
                return normalizeRedirectUrl;
            }
        }
        String loginPage = this.properties.getLoginPage();
        if (!StringUtils.hasText(loginPage)) {
            log.warn("未配置登录页地址");
            return loginPage;
        }
        String str2 = (loginPage.contains("?") ? loginPage + "&" : loginPage + "?") + "ClientId=" + ((String) ObjUtil.defaultIfNull(obtainClientId, ""));
        String normalizeRedirectUrl2 = normalizeRedirectUrl(str2, httpServletRequest.getParameter("authSvr"));
        log.info("loginUrl:{} -> {}", str2, normalizeRedirectUrl2);
        return normalizeRedirectUrl2;
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.uniqueRequestResolver = uniqueRequestResolver;
    }

    public void setRequestCache(RequestCache requestCache) {
        this.requestCache = requestCache;
    }

    private String normalizeRedirectUrl(@NotBlank String str, String str2) {
        String lowerCase = str.toLowerCase();
        if (lowerCase.startsWith("http://") || lowerCase.startsWith("https://")) {
            return str;
        }
        String str3 = null;
        if (StringUtils.hasText(str2)) {
            String path = URI.create(str2).getPath();
            str3 = StringUtils.hasText(path) ? str2.substring(0, str2.indexOf(path)) : str2;
        }
        if (!StringUtils.hasText(str3)) {
            str3 = this.properties.getRedirectUriPrefix();
        }
        if (str3 == null) {
            str3 = "/";
        }
        return str.startsWith("/") ? str3 + str : str3 + "/" + str;
    }

    private String convertUrlForRefer(String str, String str2) {
        String blankToDefault = CharSequenceUtil.blankToDefault(URI.create(str).getPath(), "");
        String path = URI.create(str2).getPath();
        return !StringUtils.hasText(path) ? str2 + blankToDefault : str2.substring(0, str2.indexOf(path)) + blankToDefault;
    }

    private String obtainClientLoginPage(String str) {
        RegisteredClient findByClientId = this.registeredClientRepository.findByClientId(str);
        if (findByClientId == null) {
            return null;
        }
        return (String) findByClientId.getClientSettings().getSetting("loginUrl");
    }

    private String obtainClientId(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(LoginParameterNames.CLIENT_ID);
    }
}
