package top.dcenter.ums.security.core.oauth.filter.redirect;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpStatus;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import top.dcenter.ums.security.core.api.oauth.state.service.Auth2StateCoder;
import top.dcenter.ums.security.core.api.tenant.handler.TenantContextHolder;
import top.dcenter.ums.security.core.exception.Auth2Exception;
import top.dcenter.ums.security.core.oauth.justauth.request.Auth2DefaultRequest;
import top.dcenter.ums.security.core.util.AuthenticationUtil;
import top.dcenter.ums.security.core.util.MvcUtil;
import top.dcenter.ums.security.core.vo.RedirectVo;

/* loaded from: input_file:top/dcenter/ums/security/core/oauth/filter/redirect/Auth2DefaultRequestRedirectFilter.class */
public class Auth2DefaultRequestRedirectFilter extends OncePerRequestFilter {
    private final Auth2DefaultRequestResolver authorizationRequestResolver;
    private final Auth2StateCoder auth2StateCoder;
    private final SimpleUrlAuthenticationFailureHandler authenticationFailureHandler;
    private final TenantContextHolder tenantContextHolder;
    private final ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
    private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
    private RequestCache requestCache = new HttpSessionRequestCache();

    /* loaded from: input_file:top/dcenter/ums/security/core/oauth/filter/redirect/Auth2DefaultRequestRedirectFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        protected void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, th -> {
                ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                return ((ServletException) th).getRootCause();
            });
        }
    }

    public Auth2DefaultRequestRedirectFilter(@NonNull String str, @Nullable Auth2StateCoder auth2StateCoder, @Nullable TenantContextHolder tenantContextHolder, @NonNull SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler) {
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.authorizationRequestResolver = new Auth2DefaultRequestResolver(str);
        this.auth2StateCoder = auth2StateCoder;
        this.authenticationFailureHandler = simpleUrlAuthenticationFailureHandler;
        this.tenantContextHolder = tenantContextHolder;
    }

    public Auth2DefaultRequestRedirectFilter(@NonNull Auth2DefaultRequestResolver auth2DefaultRequestResolver, @Nullable Auth2StateCoder auth2StateCoder, @Nullable TenantContextHolder tenantContextHolder, @NonNull SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler) {
        Assert.notNull(auth2DefaultRequestResolver, "authorizationRequestResolver cannot be null");
        this.authorizationRequestResolver = auth2DefaultRequestResolver;
        this.auth2StateCoder = auth2StateCoder;
        this.authenticationFailureHandler = simpleUrlAuthenticationFailureHandler;
        this.tenantContextHolder = tenantContextHolder;
    }

    public final void setRequestCache(RequestCache requestCache) {
        Assert.notNull(requestCache, "requestCache cannot be null");
        this.requestCache = requestCache;
    }

    protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull FilterChain filterChain) throws ServletException, IOException {
        try {
            Auth2DefaultRequest resolve = this.authorizationRequestResolver.resolve(httpServletRequest);
            if (resolve != null) {
                if (this.tenantContextHolder != null) {
                    this.tenantContextHolder.tenantIdHandle(httpServletRequest, null);
                }
                sendRedirectForAuthorization(httpServletRequest, httpServletResponse, resolve);
                return;
            }
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (IOException e) {
                throw e;
            } catch (Exception e2) {
                ClientAuthorizationRequiredException firstThrowableOfType = this.throwableAnalyzer.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, this.throwableAnalyzer.determineCauseChain(e2));
                if (firstThrowableOfType == null) {
                    if (e2 instanceof ServletException) {
                        throw e2;
                    }
                    if (!(e2 instanceof RuntimeException)) {
                        throw new RuntimeException((Throwable) e2);
                    }
                    throw ((RuntimeException) e2);
                }
                try {
                    Auth2DefaultRequest resolve2 = this.authorizationRequestResolver.resolve(httpServletRequest, firstThrowableOfType.getClientRegistrationId());
                    if (resolve2 == null) {
                        throw firstThrowableOfType;
                    }
                    sendRedirectForAuthorization(httpServletRequest, httpServletResponse, resolve2);
                    this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
                } catch (Exception e3) {
                    unsuccessfulRedirectForAuthorization(httpServletRequest, httpServletResponse, e3);
                }
            }
        } catch (Exception e4) {
            this.logger.error(e4.getMessage(), e4);
            unsuccessfulRedirectForAuthorization(httpServletRequest, httpServletResponse, e4);
        } catch (Auth2Exception e5) {
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e5);
        }
    }

    private void sendRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Auth2DefaultRequest auth2DefaultRequest) throws IOException {
        String generateState = auth2DefaultRequest.generateState();
        if (this.auth2StateCoder != null) {
            generateState = this.auth2StateCoder.encode(generateState, httpServletRequest);
        }
        String authorize = auth2DefaultRequest.authorize(generateState);
        if (AuthenticationUtil.isAjaxOrJson(httpServletRequest)) {
            AuthenticationUtil.responseWithJson(httpServletResponse, HttpStatus.OK.value(), MvcUtil.toJsonString(RedirectVo.redirect(authorize)));
        } else {
            this.authorizationRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, authorize);
        }
    }

    private void unsuccessfulRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        this.logger.error(LogMessage.format("Authorization Request failed: %s", exc, exc));
        httpServletResponse.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value(), HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase());
    }
}
