package com.appiancorp.security.auth.oidc;

import com.google.common.base.Strings;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

/* loaded from: input_file:com/appiancorp/security/auth/oidc/OidcFilter.class */
public class OidcFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(OidcFilter.class);
    private final RedirectStrategy appianRedirectStrategy;
    private final AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final OidcFilterPredicate oidcFilterPredicate;
    private final OidcAuthCodeManager oidcAuthCodeManager;
    private final OidcReturnUrlManager oidcReturnUrlManager;

    public OidcFilter(RedirectStrategy redirectStrategy, AuthenticationManager authenticationManager, AuthenticationSuccessHandler authenticationSuccessHandler, SessionAuthenticationStrategy sessionAuthenticationStrategy, ClientRegistrationRepository clientRegistrationRepository, AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository, OidcFilterPredicate oidcFilterPredicate, OidcAuthCodeManager oidcAuthCodeManager, OidcReturnUrlManager oidcReturnUrlManager) {
        super("/j_spring_security_filter");
        setAuthenticationManager(authenticationManager);
        this.appianRedirectStrategy = redirectStrategy;
        this.authorizationRequestRepository = authorizationRequestRepository;
        this.oidcFilterPredicate = oidcFilterPredicate;
        setAuthenticationSuccessHandler(authenticationSuccessHandler);
        setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.oidcAuthCodeManager = oidcAuthCodeManager;
        this.oidcReturnUrlManager = oidcReturnUrlManager;
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.oidcFilterPredicate.shouldUseFilter(httpServletRequest, httpServletResponse);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        if (this.oidcFilterPredicate.isOidcCallbackUri(httpServletRequest)) {
            LOG.debug("OidcCallbackUri step");
            OidcAuthToken process = this.oidcAuthCodeManager.process(httpServletRequest, httpServletResponse, () -> {
                return this.authenticationDetailsSource;
            });
            setReturnUrlOnRequest(httpServletRequest, process.getState());
            LOG.debug("Verifying at authentication at Oidc Call Back URL, state: {}", process.getState());
            return getAuthenticationManager().authenticate(process);
        }
        OAuth2AuthorizationRequest resolve = new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, "/oauth2/authorization").resolve(httpServletRequest, this.oidcFilterPredicate.getRegistrationId(httpServletRequest, httpServletResponse));
        this.oidcReturnUrlManager.saveReturnUrl(httpServletRequest, resolve.getState());
        this.authorizationRequestRepository.saveAuthorizationRequest(resolve, httpServletRequest, httpServletResponse);
        LOG.info("Redirecting browser to: {}", resolve.getAuthorizationRequestUri());
        this.appianRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, resolve.getAuthorizationRequestUri());
        return null;
    }

    public void setReturnUrlOnRequest(HttpServletRequest httpServletRequest, String str) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        OidcReturnUrlManager oidcReturnUrlManager = this.oidcReturnUrlManager;
        httpServletRequest.setAttribute("OIDC-RETURN-URL-KEY", OidcReturnUrlManager.getReturnUrlForRequest(httpServletRequest, str));
    }
}
