package me.tfeng.play.security.oauth2;

import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import me.tfeng.play.plugins.OAuth2Plugin;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Request;
import play.Logger;
import play.core.enhancers.PropertiesEnhancer;
import play.libs.F;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import play.mvc.Results;

@PropertiesEnhancer.GeneratedAccessor
@PropertiesEnhancer.RewrittenAccessor
/* loaded from: input_file:me/tfeng/play/security/oauth2/OAuth2AuthenticationAction.class */
public class OAuth2AuthenticationAction extends Action<OAuth2Authentication> {
    public static String ACCESS_TOKEN = "access_token";
    public static String AUTHORIZATION = "Authorization";
    public static String BEARER = "Bearer";
    private static final Logger.ALogger LOG = Logger.of(OAuth2AuthenticationAction.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public static F.Promise<Result> authorizeAndCall(Http.Context context, Action<?> action) throws Throwable {
        org.springframework.security.core.Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            String authorizationToken = getAuthorizationToken(context.request());
            if (authorizationToken != null) {
                F.Promise<Result> recover = OAuth2Plugin.getInstance().getAuthenticationManager().authenticate(authorizationToken).flatMap(authentication2 -> {
                    SecurityContextHolder.getContext().setAuthentication(new org.springframework.security.oauth2.provider.OAuth2Authentication(getOAuth2Request(authentication2.getClient()), getAuthentication(authentication2.getUser())));
                    try {
                        return action.call(context).recover(th -> {
                            return handleAuthenticationError(th);
                        });
                    } catch (Throwable th2) {
                        return F.Promise.pure(handleAuthenticationError(th2));
                    }
                }).recover(th -> {
                    return handleAuthenticationError(th);
                });
                SecurityContextHolder.getContext().setAuthentication(authentication);
                return recover;
            }
            SecurityContextHolder.clearContext();
            try {
                F.Promise<Result> recover2 = action.call(context).recover(th2 -> {
                    return handleAuthenticationError(th2);
                });
                SecurityContextHolder.getContext().setAuthentication(authentication);
                return recover2;
            } catch (Throwable th3) {
                F.Promise<Result> pure = F.Promise.pure(handleAuthenticationError(th3));
                SecurityContextHolder.getContext().setAuthentication(authentication);
                return pure;
            }
        } catch (Throwable th4) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th4;
        }
    }

    protected static UsernamePasswordAuthenticationToken getAuthentication(UserAuthentication userAuthentication) {
        if (userAuthentication == null) {
            return null;
        }
        return new UsernamePasswordAuthenticationToken(userAuthentication.getId().toString(), (Object) null, (List) userAuthentication.getAuthorities().stream().map(str -> {
            return new SimpleGrantedAuthority(str.toString());
        }).collect(Collectors.toList()));
    }

    private static String getAuthorizationToken(Http.Request request) {
        String[] strArr = (String[]) request.headers().get(AUTHORIZATION);
        if (strArr != null) {
            for (String str : strArr) {
                if (str.toLowerCase().startsWith(BEARER.toLowerCase())) {
                    return str.substring(BEARER.length()).trim().split(",")[0];
                }
            }
        }
        return request.getQueryString(ACCESS_TOKEN);
    }

    private static OAuth2Request getOAuth2Request(ClientAuthentication clientAuthentication) {
        return new OAuth2Request(Collections.emptyMap(), clientAuthentication.getId().toString(), (List) clientAuthentication.getAuthorities().stream().map(str -> {
            return new SimpleGrantedAuthority(str.toString());
        }).collect(Collectors.toList()), true, (Set) clientAuthentication.getScopes().stream().map(str2 -> {
            return str2.toString();
        }).collect(Collectors.toSet()), Collections.emptySet(), (String) null, Collections.emptySet(), Collections.emptyMap());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Result handleAuthenticationError(Throwable th) throws Throwable {
        if (!OAuth2Plugin.isAuthenticationError(th)) {
            throw th;
        }
        LOG.warn("Authentication failed", th);
        return Results.unauthorized();
    }

    public F.Promise<Result> call(Http.Context context) throws Throwable {
        return authorizeAndCall(context, this.delegate);
    }
}
