package org.cattleframework.oauth.authorization.portal.oidc.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.Optional;
import org.cattleframework.form.web.authentication.WebAuthenticationDetailsSource;
import org.cattleframework.oauth.authorization.portal.oidc.authentication.LogoutBackendAuthenticationToken;
import org.cattleframework.oauth.authorization.portal.oidc.web.authentication.LogoutBackendAuthenticationConverter;
import org.cattleframework.web.security.DelegatingAuthenticationConverter;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/cattleframework/oauth/authorization/portal/oidc/web/LogoutBackendEndpointFilter.class */
public class LogoutBackendEndpointFilter extends OncePerRequestFilter {
    private final AuthenticationManager authenticationManager;
    private final RequestMatcher endpointMatcher;
    private AuthenticationConverter authenticationConverter;
    protected AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationSuccessHandler authenticationSuccessHandler = this::onAuthenticationSuccess;
    private AuthenticationFailureHandler authenticationFailureHandler = this::sendErrorResponse;

    public LogoutBackendEndpointFilter(AuthenticationManager authenticationManager, RequestMatcher requestMatcher) {
        Assert.notNull(authenticationManager, "authenticationManager不能为空值");
        Assert.notNull(requestMatcher, "endpointMatcher不能为空值");
        this.authenticationManager = authenticationManager;
        this.endpointMatcher = requestMatcher;
        this.authenticationConverter = new DelegatingAuthenticationConverter(Arrays.asList(new LogoutBackendAuthenticationConverter()));
    }

    public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter不能为空值");
        this.authenticationConverter = authenticationConverter;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler不能为空值");
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler不能为空值");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.endpointMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            LogoutBackendAuthenticationToken logoutBackendAuthenticationToken = (LogoutBackendAuthenticationToken) this.authenticationConverter.convert(httpServletRequest);
            setDetails(httpServletRequest, logoutBackendAuthenticationToken);
            this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(logoutBackendAuthenticationToken));
        } catch (OAuth2AuthenticationException e) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Logout request failed: %s", e.getError()), e);
            }
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        } catch (Exception e2) {
            OAuth2Error oAuth2Error = new OAuth2Error("invalid_request", "OpenID Connect 1.0 RP-Initiated Logout Error: " + e2.getMessage(), "https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling");
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(oAuth2Error, e2);
            }
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new OAuth2AuthenticationException(oAuth2Error));
        }
    }

    private void setDetails(HttpServletRequest httpServletRequest, LogoutBackendAuthenticationToken logoutBackendAuthenticationToken) {
        logoutBackendAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource不能为空值");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    private void sendErrorResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), ((OAuth2AuthenticationException) authenticationException).getError().toString());
    }

    private void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        if (authentication != null) {
            try {
                if (LogoutBackendAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
                    Optional.ofNullable(((LogoutBackendAuthenticationToken) authentication).getState()).ifPresent(str -> {
                        servletServerHttpResponse.getHeaders().set("state", str);
                    });
                }
            } catch (Throwable th) {
                try {
                    servletServerHttpResponse.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        servletServerHttpResponse.setStatusCode(HttpStatus.OK);
        servletServerHttpResponse.close();
    }
}
