package org.pac4j.springframework.web;

import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.pac4j.core.authorization.AuthorizationChecker;
import org.pac4j.core.authorization.DefaultAuthorizationChecker;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.ClientFinder;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.DefaultClientFinder;
import org.pac4j.core.client.DirectClient;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:org/pac4j/springframework/web/RequiresAuthenticationInterceptor.class */
public class RequiresAuthenticationInterceptor extends HandlerInterceptorAdapter {
    protected final Logger logger;
    protected ClientFinder clientFinder;
    protected AuthorizationChecker authorizationChecker;
    protected Config config;
    protected String clientName;
    protected String authorizerName;

    public RequiresAuthenticationInterceptor(Config config) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.clientFinder = new DefaultClientFinder();
        this.authorizationChecker = new DefaultAuthorizationChecker();
        this.config = config;
    }

    public RequiresAuthenticationInterceptor(Config config, String str) {
        this(config);
        this.clientName = str;
    }

    public RequiresAuthenticationInterceptor(Config config, String str, String str2) {
        this(config, str);
        this.authorizerName = str2;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        J2EContext j2EContext = new J2EContext(httpServletRequest, httpServletResponse);
        this.logger.debug("url: {}", j2EContext.getFullRequestURL());
        CommonHelper.assertNotNull("config", this.config);
        Clients clients = this.config.getClients();
        CommonHelper.assertNotNull("configClients", clients);
        this.logger.debug("clientName: {}", this.clientName);
        List<Client> find = this.clientFinder.find(clients, j2EContext, this.clientName);
        this.logger.debug("currentClients: {}", find);
        boolean useSession = useSession(j2EContext, find);
        this.logger.debug("useSession: {}", Boolean.valueOf(useSession));
        ProfileManager profileManager = new ProfileManager(j2EContext);
        UserProfile userProfile = profileManager.get(useSession);
        this.logger.debug("profile: {}", userProfile);
        if (userProfile == null && find != null && find.size() > 0) {
            Iterator<Client> it = find.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Client next = it.next();
                if (next instanceof DirectClient) {
                    this.logger.debug("Performing authentication for client: {}", next);
                    try {
                        Credentials credentials = next.getCredentials(j2EContext);
                        this.logger.debug("credentials: {}", credentials);
                        userProfile = next.getUserProfile(credentials, j2EContext);
                        this.logger.debug("profile: {}", userProfile);
                        if (userProfile != null) {
                            profileManager.save(useSession, userProfile);
                            break;
                        }
                    } catch (RequiresHttpAction e) {
                        throw new TechnicalException("Unexpected HTTP action", e);
                    }
                }
            }
        }
        if (userProfile != null) {
            this.logger.debug("authorizerName: {}", this.authorizerName);
            if (this.authorizationChecker.isAuthorized(j2EContext, userProfile, this.authorizerName, this.config.getAuthorizers())) {
                this.logger.debug("grant access");
                return true;
            }
            this.logger.debug("forbidden");
            forbidden(j2EContext, find, userProfile);
            return false;
        }
        if (!startAuthentication(j2EContext, find)) {
            this.logger.debug("unauthorized");
            unauthorized(j2EContext, find);
            return false;
        }
        this.logger.debug("Starting authentication");
        saveRequestedUrl(j2EContext, find);
        redirectToIdentityProvider(j2EContext, find);
        return false;
    }

    protected boolean useSession(WebContext webContext, List<Client> list) {
        return list == null || list.size() == 0 || (list.get(0) instanceof IndirectClient);
    }

    protected void forbidden(WebContext webContext, List<Client> list, UserProfile userProfile) {
        webContext.setResponseStatus(403);
    }

    protected boolean startAuthentication(WebContext webContext, List<Client> list) {
        return list != null && list.size() > 0 && (list.get(0) instanceof IndirectClient);
    }

    protected void saveRequestedUrl(WebContext webContext, List<Client> list) {
        String fullRequestURL = webContext.getFullRequestURL();
        this.logger.debug("requestedUrl: {}", fullRequestURL);
        webContext.setSessionAttribute("pac4jRequestedUrl", fullRequestURL);
    }

    protected void redirectToIdentityProvider(WebContext webContext, List<Client> list) {
        try {
            list.get(0).redirect(webContext, true);
        } catch (RequiresHttpAction e) {
            this.logger.debug("extra HTTP action required: {}", Integer.valueOf(e.getCode()));
        }
    }

    protected void unauthorized(WebContext webContext, List<Client> list) {
        webContext.setResponseStatus(401);
    }

    public Config getConfig() {
        return this.config;
    }

    public void setConfig(Config config) {
        this.config = config;
    }

    public String getClientName() {
        return this.clientName;
    }

    public void setClientName(String str) {
        this.clientName = str;
    }

    public String getAuthorizerName() {
        return this.authorizerName;
    }

    public void setAuthorizerName(String str) {
        this.authorizerName = str;
    }
}
