package com.c4_soft.springaddons.security.oidc.starter.reactive.client;

import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import java.net.URI;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsOauth2ServerAuthenticationFailureHandler.class */
public class SpringAddonsOauth2ServerAuthenticationFailureHandler implements ServerAuthenticationFailureHandler {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(SpringAddonsOauth2ServerAuthenticationFailureHandler.class);
    private final URI defaultRedirectUri;
    private final HttpStatus postAuthorizationFailureStatus;

    public SpringAddonsOauth2ServerAuthenticationFailureHandler(SpringAddonsOidcProperties springAddonsOidcProperties) {
        this.defaultRedirectUri = springAddonsOidcProperties.getClient().getLoginErrorRedirectPath().orElse(URI.create("/"));
        this.postAuthorizationFailureStatus = springAddonsOidcProperties.getClient().getOauth2Redirections().getPostAuthorizationFailure();
    }

    public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException authenticationException) {
        return webFilterExchange.getExchange().getSession().flatMap(webSession -> {
            String uri = UriComponentsBuilder.fromUri((URI) webSession.getAttributeOrDefault("post_login_failure_uri", this.defaultRedirectUri)).queryParam(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_CAUSE_ATTRIBUTE, new Object[]{HtmlUtils.htmlEscape(authenticationException.getMessage())}).build().toUri().toString();
            ServerHttpResponse response = webFilterExchange.getExchange().getResponse();
            response.setStatusCode(this.postAuthorizationFailureStatus);
            response.getHeaders().add("Location", uri);
            response.getHeaders().add(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_CAUSE_ATTRIBUTE, authenticationException.getMessage());
            log.debug("Login failure. Status: {}, location: {}, message: {}", new Object[]{this.postAuthorizationFailureStatus, uri, authenticationException.getMessage()});
            return (this.postAuthorizationFailureStatus.is4xxClientError() || this.postAuthorizationFailureStatus.is5xxServerError()) ? response.writeWith(Flux.just(response.bufferFactory().wrap(authenticationException.getMessage().getBytes()))) : response.setComplete();
        });
    }
}
