package nl._42.boot.saml.web;

import java.util.Optional;
import java.util.stream.Stream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl._42.boot.saml.SAMLProperties;
import nl._42.boot.saml.UserNotAllowedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

/* loaded from: input_file:nl/_42/boot/saml/web/SAMLFailureHandler.class */
public class SAMLFailureHandler implements AuthenticationFailureHandler {
    private static final Logger log = LoggerFactory.getLogger(SAMLFailureHandler.class);
    private final SAMLProperties properties;

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        String forbiddenUrl = this.properties.getForbiddenUrl();
        if (authenticationException instanceof UserNotAllowedException) {
            log.warn("Attempted to login with unauthorized role...", authenticationException);
        } else {
            log.warn("Could not authenticate, clearing sessions and cookies...", authenticationException);
            httpServletRequest.getSession().invalidate();
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            if (this.properties.isRemoveAllCookiesUponAuthenticationFailure()) {
                removeAllCookies(httpServletRequest, httpServletResponse);
            }
            forbiddenUrl = this.properties.getExpiredUrl();
        }
        redirectTo(httpServletResponse, forbiddenUrl);
    }

    private void redirectTo(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader("Location", str);
        httpServletResponse.setStatus(HttpStatus.SEE_OTHER.value());
    }

    private void removeAllCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        getCookies(httpServletRequest).forEach(cookie -> {
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
        });
    }

    private Stream<Cookie> getCookies(HttpServletRequest httpServletRequest) {
        return (Stream) Optional.ofNullable(httpServletRequest.getCookies()).map((v0) -> {
            return Stream.of(v0);
        }).orElseGet(Stream::empty);
    }

    public SAMLFailureHandler(SAMLProperties sAMLProperties) {
        this.properties = sAMLProperties;
    }
}
