package org.tbk.spring.lnurl.security.session;

import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.tbk.lnurl.auth.K1;
import org.tbk.lnurl.simple.auth.SimpleK1;

/* loaded from: input_file:org/tbk/spring/lnurl/security/session/LnurlAuthSessionAuthenticationFilter.class */
public class LnurlAuthSessionAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger log = LoggerFactory.getLogger(LnurlAuthSessionAuthenticationFilter.class);
    private final String k1AttributeName;
    private final RequestMatcher sessionLoginUrlRequestMather;

    @FunctionalInterface
    /* loaded from: input_file:org/tbk/spring/lnurl/security/session/LnurlAuthSessionAuthenticationFilter$SuccessHandlerCustomizer.class */
    public interface SuccessHandlerCustomizer {
        void customize(LnurlAuthSessionAuthenticationSuccessHandler lnurlAuthSessionAuthenticationSuccessHandler);
    }

    public LnurlAuthSessionAuthenticationFilter(RequestMatcher requestMatcher, String str, SuccessHandlerCustomizer successHandlerCustomizer) {
        super(requestMatcher);
        Assert.hasText(str, "k1AttributeName cannot be empty");
        this.k1AttributeName = str;
        Assert.notNull(requestMatcher, "requiresAuthenticationRequestMatcher cannot be null");
        this.sessionLoginUrlRequestMather = requestMatcher;
        Assert.notNull(successHandlerCustomizer, "successHandlerCustomizer cannot be null");
        LnurlAuthSessionAuthenticationSuccessHandler lnurlAuthSessionAuthenticationSuccessHandler = new LnurlAuthSessionAuthenticationSuccessHandler();
        successHandlerCustomizer.customize(lnurlAuthSessionAuthenticationSuccessHandler);
        setAuthenticationSuccessHandler(lnurlAuthSessionAuthenticationSuccessHandler);
        setAllowSessionCreation(false);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Optional<K1> obtainK1 = obtainK1(httpServletRequest);
        if (log.isDebugEnabled()) {
            log.debug("got lnurl-auth session migration request for k1 '{}'", obtainK1.map((v0) -> {
                return v0.toHex();
            }).orElse(null));
        }
        if (obtainK1.isEmpty()) {
            throw new AuthenticationServiceException("'k1' is missing or invalid.");
        }
        LnurlAuthSessionToken lnurlAuthSessionToken = new LnurlAuthSessionToken(obtainK1.get());
        setDetails(httpServletRequest, lnurlAuthSessionToken);
        return getAuthenticationManager().authenticate(lnurlAuthSessionToken);
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
        removeK1(httpServletRequest);
    }

    private Optional<K1> obtainK1(HttpServletRequest httpServletRequest) {
        return Optional.of(httpServletRequest).map(httpServletRequest2 -> {
            return httpServletRequest2.getSession(false);
        }).map(httpSession -> {
            return (String) httpSession.getAttribute(this.k1AttributeName);
        }).map(SimpleK1::fromHex);
    }

    private void removeK1(HttpServletRequest httpServletRequest) {
        Optional.of(httpServletRequest).map(httpServletRequest2 -> {
            return httpServletRequest2.getSession(false);
        }).ifPresent(httpSession -> {
            httpSession.removeAttribute(this.k1AttributeName);
        });
    }

    protected void setDetails(HttpServletRequest httpServletRequest, LnurlAuthSessionToken lnurlAuthSessionToken) {
        lnurlAuthSessionToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    public String getK1AttributeName() {
        return this.k1AttributeName;
    }

    public RequestMatcher getSessionLoginUrlRequestMather() {
        return this.sessionLoginUrlRequestMather;
    }
}
