package com.stormpath.spring.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.servlet.filter.ContentNegotiationResolver;
import com.stormpath.sdk.servlet.filter.DefaultLoginPageRedirector;
import com.stormpath.sdk.servlet.filter.LoginPageRedirector;
import com.stormpath.sdk.servlet.http.MediaType;
import com.stormpath.sdk.servlet.http.UnresolvedMediaTypeException;
import com.stormpath.spring.errors.Error;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;

/* loaded from: input_file:com/stormpath/spring/config/StormpathAuthenticationEntryPoint.class */
public class StormpathAuthenticationEntryPoint implements AuthenticationEntryPoint {
    private static final Logger log = LoggerFactory.getLogger(StormpathAuthenticationEntryPoint.class);
    private String loginUri;
    private String meUri;
    private String applicationName;
    private final List<MediaType> supportedMediaTypes;
    private final LoginPageRedirector loginPageRedirector;
    private final ObjectMapper om;

    public StormpathAuthenticationEntryPoint(String str, String str2, String str3, String str4) {
        Assert.hasText(str, "loginUri cannot be null or empty");
        Assert.hasText(str2, "produces cannot be null or empty");
        Assert.hasText(str3, "meUri cannot be null or empty");
        this.loginUri = str;
        this.meUri = str3;
        this.applicationName = str4;
        this.supportedMediaTypes = MediaType.parseMediaTypes(str2);
        this.loginPageRedirector = new DefaultLoginPageRedirector(str);
        this.om = new ObjectMapper();
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        log.debug("Pre-authenticated entry point called. Rejecting access");
        httpServletResponse.setStatus(401);
        httpServletResponse.addHeader("WWW-Authenticate", String.format("Bearer realm=\"%s\"", this.applicationName));
        if (!isJsonPreferred(httpServletRequest, httpServletResponse)) {
            sendRedirect(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setContentType("application/json");
            this.om.writeValue(httpServletResponse.getOutputStream(), new Error("error.accessDenied", authenticationException.getMessage()));
        }
    }

    private boolean isJsonPreferred(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return MediaType.APPLICATION_JSON.equals(ContentNegotiationResolver.INSTANCE.getContentType(httpServletRequest, httpServletResponse, this.supportedMediaTypes));
        } catch (UnresolvedMediaTypeException e) {
            log.error("Couldn't resolve content type", e);
            return false;
        }
    }

    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) {
            return false;
        }
        return authentication.isAuthenticated();
    }

    private void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isAuthenticated()) {
            return;
        }
        try {
            if (isJsonPreferred(httpServletRequest, httpServletResponse) && httpServletRequest.getRequestURI().startsWith(this.meUri)) {
                httpServletResponse.setStatus(401);
            } else {
                this.loginPageRedirector.redirectToLoginPage(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            throw new RuntimeException("Couldn't redirect to login", e);
        } catch (UnresolvedMediaTypeException e2) {
            log.error("Couldn't resolve media type: {}", e2.getMessage(), e2);
        }
    }
}
