package io.camunda.zeebe.shared.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ProblemDetail;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:io/camunda/zeebe/shared/security/ProblemAuthFailureHandler.class */
public final class ProblemAuthFailureHandler implements ServerAuthenticationFailureHandler, ServerAccessDeniedHandler, ServerAuthenticationEntryPoint {
    private final ObjectMapper objectMapper;

    @Autowired
    public ProblemAuthFailureHandler(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }

    public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException authenticationException) {
        return handleFailure(webFilterExchange.getExchange(), HttpStatus.UNAUTHORIZED, authenticationException);
    }

    public Mono<Void> handle(ServerWebExchange serverWebExchange, AccessDeniedException accessDeniedException) {
        return serverWebExchange.getPrincipal().flatMap(principal -> {
            return ((principal instanceof Authentication) && ((Authentication) principal).isAuthenticated()) ? handleFailure(serverWebExchange, HttpStatus.FORBIDDEN, accessDeniedException) : handleFailure(serverWebExchange, HttpStatus.UNAUTHORIZED, accessDeniedException);
        });
    }

    public Mono<Void> commence(ServerWebExchange serverWebExchange, AuthenticationException authenticationException) {
        return handleFailure(serverWebExchange, HttpStatus.UNAUTHORIZED, authenticationException);
    }

    private Mono<Void> handleFailure(ServerWebExchange serverWebExchange, HttpStatus httpStatus, Exception exc) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        ServerHttpResponse response = serverWebExchange.getResponse();
        ProblemDetail forStatus = ProblemDetail.forStatus(httpStatus);
        forStatus.setInstance(request.getURI());
        forStatus.setDetail(exc.getMessage());
        response.setStatusCode(httpStatus);
        response.getHeaders().setContentType(MediaType.APPLICATION_PROBLEM_JSON);
        return response.writeWith(Mono.fromCallable(() -> {
            return this.objectMapper.writeValueAsBytes(forStatus);
        }).map(bArr -> {
            return response.bufferFactory().wrap(bArr);
        }));
    }
}
