package org.springframework.security.oauth2.client.authentication;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/client/authentication/AuthorizationCodeRequestRedirectFilter.class */
public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter {
    public static final String AUTHORIZATION_BASE_URI = "/oauth2/authorization/code";
    private static final String CLIENT_ALIAS_VARIABLE_NAME = "clientAlias";
    private static final String AUTHORIZATION_URI = "/oauth2/authorization/code/{clientAlias}";
    private static final String DEFAULT_REDIRECT_URI_TEMPLATE = "{scheme}://{serverName}:{serverPort}{baseAuthorizeUri}/{clientAlias}";
    private final AntPathRequestMatcher authorizationRequestMatcher;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final AuthorizationRequestUriBuilder authorizationUriBuilder;
    private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy();
    private final StringKeyGenerator stateGenerator = new DefaultStateGenerator();
    private AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();

    public AuthorizationCodeRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository, AuthorizationRequestUriBuilder authorizationRequestUriBuilder) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(authorizationRequestUriBuilder, "authorizationUriBuilder cannot be null");
        this.authorizationRequestMatcher = new AntPathRequestMatcher(AUTHORIZATION_URI);
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizationUriBuilder = authorizationRequestUriBuilder;
    }

    public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!requiresAuthorization(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            sendRedirectForAuthorization(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            unsuccessfulAuthorization(httpServletRequest, httpServletResponse, e);
        }
    }

    protected boolean requiresAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.authorizationRequestMatcher.matches(httpServletRequest);
    }

    protected void sendRedirectForAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String str = (String) this.authorizationRequestMatcher.extractUriTemplateVariables(httpServletRequest).get(CLIENT_ALIAS_VARIABLE_NAME);
        ClientRegistration registrationByClientAlias = this.clientRegistrationRepository.getRegistrationByClientAlias(str);
        if (registrationByClientAlias == null) {
            throw new IllegalArgumentException("Invalid Client Identifier (Alias): " + str);
        }
        AuthorizationRequestAttributes build = AuthorizationRequestAttributes.withAuthorizationCode().clientId(registrationByClientAlias.getClientId()).authorizeUri(registrationByClientAlias.getProviderDetails().getAuthorizationUri()).redirectUri(isDefaultRedirectUri(registrationByClientAlias) ? expandDefaultRedirectUri(httpServletRequest, registrationByClientAlias) : registrationByClientAlias.getRedirectUri()).scopes(registrationByClientAlias.getScopes()).state(this.stateGenerator.generateKey()).build();
        this.authorizationRequestRepository.saveAuthorizationRequest(build, httpServletRequest);
        this.authorizationRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, this.authorizationUriBuilder.build(build).toString());
    }

    protected void unsuccessfulAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws IOException, ServletException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authorization Request failed: " + exc.toString(), exc);
        }
        httpServletResponse.sendError(400, exc.getMessage());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isDefaultRedirectUri(ClientRegistration clientRegistration) {
        return DEFAULT_REDIRECT_URI_TEMPLATE.equals(clientRegistration.getRedirectUri());
    }

    private String expandDefaultRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration) {
        return UriComponentsBuilder.fromUriString(DEFAULT_REDIRECT_URI_TEMPLATE).buildAndExpand(new Object[]{httpServletRequest.getScheme(), httpServletRequest.getServerName(), Integer.valueOf(httpServletRequest.getServerPort()), AuthorizationCodeAuthenticationProcessingFilter.AUTHORIZE_BASE_URI, clientRegistration.getClientAlias()}).encode().toUriString();
    }
}
