package org.cloudfoundry.identity.uaa.provider.oauth;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.util.URIUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.login.AccountSavingAuthenticationSuccessHandler;
import org.cloudfoundry.identity.uaa.oauth.DisableIdTokenResponseTypeFilter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationFilter.class */
public class XOAuthAuthenticationFilter implements Filter {
    private static Log logger = LogFactory.getLog(XOAuthAuthenticationFilter.class);
    private final XOAuthAuthenticationManager xOAuthAuthenticationManager;
    private final AccountSavingAuthenticationSuccessHandler successHandler;

    public XOAuthAuthenticationFilter(XOAuthAuthenticationManager xOAuthAuthenticationManager, AccountSavingAuthenticationSuccessHandler accountSavingAuthenticationSuccessHandler) {
        this.xOAuthAuthenticationManager = xOAuthAuthenticationManager;
        this.successHandler = accountSavingAuthenticationSuccessHandler;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!containsCredentials(httpServletRequest)) {
            httpServletRequest.getRequestDispatcher("/login_implicit").forward(httpServletRequest, httpServletResponse);
        } else if (authenticationWasSuccessful(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    public boolean containsCredentials(HttpServletRequest httpServletRequest) {
        return StringUtils.hasText(httpServletRequest.getParameter("code")) || StringUtils.hasText(httpServletRequest.getParameter(DisableIdTokenResponseTypeFilter.ID_TOKEN)) || StringUtils.hasText(httpServletRequest.getParameter(OAuth2AccessToken.ACCESS_TOKEN)) || StringUtils.hasText(httpServletRequest.getParameter("signed_request"));
    }

    public boolean authenticationWasSuccessful(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            Authentication authenticate = this.xOAuthAuthenticationManager.authenticate(new XOAuthCodeToken(httpServletRequest.getParameter("code"), URIUtil.getName(String.valueOf(httpServletRequest.getRequestURL())), httpServletRequest.getRequestURL().toString(), httpServletRequest.getParameter(DisableIdTokenResponseTypeFilter.ID_TOKEN), httpServletRequest.getParameter(OAuth2AccessToken.ACCESS_TOKEN), httpServletRequest.getParameter("signed_request"), new UaaAuthenticationDetails(httpServletRequest)));
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            Optional.ofNullable(this.successHandler).ifPresent(accountSavingAuthenticationSuccessHandler -> {
                accountSavingAuthenticationSuccessHandler.setSavedAccountOptionCookie(httpServletRequest, httpServletResponse, authenticate);
            });
            return true;
        } catch (Exception e) {
            logger.error("XOauth Authentication exception", e);
            String message = e.getMessage();
            if (!StringUtils.hasText(message)) {
                message = e.getClass().getSimpleName();
            }
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/oauth_error?error=" + URLEncoder.encode("There was an error when authenticating against the external identity provider: " + message, "UTF-8"));
            return false;
        }
    }

    public void destroy() {
    }
}
