package org.springframework.security.oauth2.client.web;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.converter.AuthorizationCodeAuthorizationResponseAttributesConverter;
import org.springframework.security.oauth2.client.web.converter.ErrorResponseAttributesConverter;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.security.web.util.matcher.RequestVariablesExtractor;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationProcessingFilter.class */
public class AuthorizationCodeAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    public static final String DEFAULT_AUTHORIZATION_RESPONSE_BASE_URI = "/oauth2/authorize/code";
    public static final String CLIENT_ALIAS_URI_VARIABLE_NAME = "clientAlias";
    public static final String DEFAULT_AUTHORIZATION_RESPONSE_URI = "/oauth2/authorize/code/{clientAlias}";
    private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
    private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
    private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
    private final ErrorResponseAttributesConverter errorResponseConverter;
    private final AuthorizationCodeAuthorizationResponseAttributesConverter authorizationCodeResponseConverter;
    private RequestMatcher authorizationResponseMatcher;
    private ClientRegistrationRepository clientRegistrationRepository;
    private AuthorizationRequestRepository authorizationRequestRepository;

    public AuthorizationCodeAuthenticationProcessingFilter() {
        super(DEFAULT_AUTHORIZATION_RESPONSE_URI);
        this.errorResponseConverter = new ErrorResponseAttributesConverter();
        this.authorizationCodeResponseConverter = new AuthorizationCodeAuthorizationResponseAttributesConverter();
        this.authorizationResponseMatcher = new AntPathRequestMatcher(DEFAULT_AUTHORIZATION_RESPONSE_URI);
        this.authorizationRequestRepository = new HttpSessionAuthorizationRequestRepository();
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        ErrorResponseAttributes apply = this.errorResponseConverter.apply(httpServletRequest);
        if (apply != null) {
            OAuth2Error oAuth2Error = new OAuth2Error(apply.getErrorCode(), apply.getDescription(), apply.getUri());
            getAuthorizationRequestRepository().removeAuthorizationRequest(httpServletRequest);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }
        AuthorizationRequestAttributes resolveAuthorizationRequest = resolveAuthorizationRequest(httpServletRequest);
        AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken = new AuthorizationCodeAuthenticationToken(this.authorizationCodeResponseConverter.apply(httpServletRequest).getCode(), new ClientRegistration.Builder(getClientRegistrationRepository().getRegistrationByClientId(resolveAuthorizationRequest.getClientId())).redirectUri(resolveAuthorizationRequest.getRedirectUri()).build());
        authorizationCodeAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return getAuthenticationManager().authenticate(authorizationCodeAuthenticationToken);
    }

    public RequestMatcher getAuthorizationResponseMatcher() {
        return this.authorizationResponseMatcher;
    }

    public final <T extends RequestMatcher & RequestVariablesExtractor> void setAuthorizationResponseMatcher(T t) {
        Assert.notNull(t, "authorizationResponseMatcher cannot be null");
        this.authorizationResponseMatcher = t;
        setRequiresAuthenticationRequestMatcher(t);
    }

    protected ClientRegistrationRepository getClientRegistrationRepository() {
        return this.clientRegistrationRepository;
    }

    public final void setClientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notEmpty(clientRegistrationRepository.getRegistrations(), "clientRegistrationRepository cannot be empty");
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    protected AuthorizationRequestRepository getAuthorizationRequestRepository() {
        return this.authorizationRequestRepository;
    }

    public final void setAuthorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
    }

    private AuthorizationRequestAttributes resolveAuthorizationRequest(HttpServletRequest httpServletRequest) {
        AuthorizationRequestAttributes loadAuthorizationRequest = getAuthorizationRequestRepository().loadAuthorizationRequest(httpServletRequest);
        if (loadAuthorizationRequest == null) {
            OAuth2Error oAuth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }
        getAuthorizationRequestRepository().removeAuthorizationRequest(httpServletRequest);
        assertMatchingAuthorizationRequest(httpServletRequest, loadAuthorizationRequest);
        return loadAuthorizationRequest;
    }

    private void assertMatchingAuthorizationRequest(HttpServletRequest httpServletRequest, AuthorizationRequestAttributes authorizationRequestAttributes) {
        if (!authorizationRequestAttributes.getState().equals(httpServletRequest.getParameter("state"))) {
            OAuth2Error oAuth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }
        if (httpServletRequest.getRequestURL().toString().equals(authorizationRequestAttributes.getRedirectUri())) {
            return;
        }
        OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE);
        throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString());
    }
}
