package io.gardenerframework.camellia.authentication.server.main.spring;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.common.configuration.AuthenticationServerPathOption;
import io.gardenerframework.camellia.authentication.server.main.exception.NestedAuthenticationException;
import io.gardenerframework.camellia.authentication.server.main.exception.OAuth2ErrorCodes;
import io.gardenerframework.camellia.authentication.server.main.exception.ResponseStatusCodeAuthenticationException;
import io.gardenerframework.camellia.authentication.server.main.exception.ResponseStatusCodeOAuth2AuthenticationException;
import io.gardenerframework.camellia.authentication.server.main.exception.SpringHardCodedErrors;
import io.gardenerframework.camellia.authentication.server.main.mfa.exception.client.MfaRequiredException;
import io.gardenerframework.camellia.authentication.server.main.schema.LoginAuthenticationRequestToken;
import io.gardenerframework.fragrans.api.standard.error.ApiErrorFactory;
import io.gardenerframework.fragrans.api.standard.error.DefaultApiErrorConstants;
import io.gardenerframework.fragrans.api.standard.error.support.event.InitializingApiErrorPropertiesEvent;
import io.gardenerframework.fragrans.api.standard.schema.ApiError;
import io.gardenerframework.fragrans.log.GenericLoggerStaticAccessor;
import io.gardenerframework.fragrans.log.common.schema.state.Failed;
import io.gardenerframework.fragrans.log.common.schema.verb.Process;
import io.gardenerframework.fragrans.log.schema.content.GenericBasicLogContent;
import io.gardenerframework.fragrans.log.schema.content.GenericOperationLogContent;
import io.gardenerframework.fragrans.log.schema.details.Detail;
import io.gardenerframework.fragrans.log.schema.word.Word;
import io.gardenerframework.fragrans.messages.EnhancedMessageSource;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationListener;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/AuthenticationEndpointAuthenticationFailureHandler.class */
public class AuthenticationEndpointAuthenticationFailureHandler implements AuthenticationFailureHandler, ApplicationListener<InitializingApiErrorPropertiesEvent> {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationEndpointAuthenticationFailureHandler.class);
    private static final Map<String, HttpStatus> OAUTH2_ERROR_CODE_STATUS = new ConcurrentHashMap();
    private static final Pattern OAUTH2_PARAMETER_ERROR_PATTERN = Pattern.compile("OAuth 2.0 Parameter: (.+)$");
    private static final Pattern OAUTH2_CLIENT_AUTHENTICATION_ERROR_PATTERN = Pattern.compile("Client authentication failed: (.+)$");
    private final AuthenticationServerPathOption authenticationServerPathOption;
    private final EnhancedMessageSource messageSource;
    private final ObjectMapper mapper;
    private final ApiErrorFactory apiErrorFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/AuthenticationEndpointAuthenticationFailureHandler$DescriptionDetail.class */
    public static class DescriptionDetail implements Detail {
        private String description;

        public DescriptionDetail(String str) {
            this.description = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/AuthenticationEndpointAuthenticationFailureHandler$Unresolvable.class */
    public static class Unresolvable implements Word {
        private Unresolvable() {
        }

        public String toString() {
            return "无法解析";
        }
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(LoginAuthenticationRequestToken.class).operation(new Process()).state(new Failed()).build(), authenticationException);
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationEndpointAuthenticationFailureHandler.class.getName(), true);
        ApiError createApiError = this.apiErrorFactory.createApiError(hashMap, authenticationException, LocaleContextHolder.getLocale());
        if (authenticationException instanceof OAuth2AuthenticationException) {
            handleTokenEndpointAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException, createApiError);
        } else {
            handleWebAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException, createApiError);
        }
    }

    private void handleTokenEndpointAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException, ApiError apiError) throws IOException, ServletException {
        OAuth2Error error = ((OAuth2AuthenticationException) authenticationException).getError();
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        servletServerHttpResponse.setStatusCode((HttpStatus) Objects.requireNonNull(HttpStatus.resolve(apiError.getStatus())));
        this.mapper.writeValue(servletServerHttpResponse.getBody(), convertOAuth2ExceptionToErrorAttributes(new OAuth2Error(error.getErrorCode(), tryConvertSpringHardCodedDescription(error.getDescription(), apiError), (String) null), apiError));
    }

    private String tryConvertSpringHardCodedDescription(String str, ApiError apiError) {
        if (!StringUtils.hasText(str)) {
            return apiError.getMessage();
        }
        Matcher matcher = OAUTH2_PARAMETER_ERROR_PATTERN.matcher(str);
        if (matcher.find()) {
            return this.messageSource.getMessage(new SpringHardCodedErrors.OAuth2ParameterError(matcher.group(1)), this.messageSource.getMessage(DefaultApiErrorConstants.GENERIC_ERROR, LocaleContextHolder.getLocale()), LocaleContextHolder.getLocale());
        }
        Matcher matcher2 = OAUTH2_CLIENT_AUTHENTICATION_ERROR_PATTERN.matcher(str);
        if (matcher2.find()) {
            return this.messageSource.getMessage(new SpringHardCodedErrors.OAuth2ClientAuthenticationError(matcher2.group(1)), this.messageSource.getMessage(DefaultApiErrorConstants.GENERIC_ERROR, LocaleContextHolder.getLocale()), LocaleContextHolder.getLocale());
        }
        GenericLoggerStaticAccessor.basicLogger().debug(log, GenericBasicLogContent.builder().what(SpringHardCodedErrors.class).how(new Unresolvable()).detail(new DescriptionDetail(str)).build(), (Throwable) null);
        return this.messageSource.getMessage(DefaultApiErrorConstants.GENERIC_ERROR, LocaleContextHolder.getLocale());
    }

    private Map<String, Object> convertOAuth2ExceptionToErrorAttributes(OAuth2Error oAuth2Error, ApiError apiError) {
        HashMap hashMap = new HashMap(5);
        hashMap.put("error", oAuth2Error.getErrorCode());
        if (StringUtils.hasText(oAuth2Error.getDescription())) {
            hashMap.put("error_description", oAuth2Error.getDescription());
        }
        if (StringUtils.hasText(oAuth2Error.getUri())) {
            hashMap.put("error_uri", oAuth2Error.getUri());
        }
        hashMap.put("error_code", apiError.getError());
        hashMap.put("details", apiError.getDetails());
        return hashMap;
    }

    private void forwardToMfaWebPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MfaRequiredException mfaRequiredException) throws IOException, ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(this.authenticationServerPathOption.getWebMfaChallengePage());
        mfaRequiredException.getDetails().forEach((str, obj) -> {
            fromUriString.queryParam(str, new Object[]{UriUtils.encode(String.valueOf(obj), "utf-8")});
        });
        httpServletResponse.sendRedirect(fromUriString.build().toString());
    }

    private void handleWebAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException, ApiError apiError) throws IOException, ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        if (authenticationException instanceof MfaRequiredException) {
            forwardToMfaWebPage(httpServletRequest, httpServletResponse, (MfaRequiredException) authenticationException);
            return;
        }
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(this.authenticationServerPathOption.getWebAuthenticationErrorPage());
        fromUriString.queryParam("status", new Object[]{Integer.valueOf(apiError.getStatus())});
        fromUriString.queryParam("phrase", new Object[]{apiError.getReason()});
        fromUriString.queryParam("message", new Object[]{UriUtils.encode(apiError.getMessage(), "utf-8")});
        fromUriString.queryParam("code", new Object[]{UriUtils.encode(apiError.getError(), "utf-8")});
        if (apiError.getDetails() != null) {
            fromUriString.queryParam("details", new Object[]{Base64.getUrlEncoder().encodeToString(this.mapper.writeValueAsString(apiError.getDetails()).getBytes(StandardCharsets.UTF_8))});
        }
        httpServletResponse.sendRedirect(fromUriString.build().toString());
    }

    private HttpStatus getStatus(Exception exc) {
        ResponseStatus findAnnotation = AnnotationUtils.findAnnotation(exc.getClass(), ResponseStatus.class);
        if (findAnnotation != null) {
            return findAnnotation.value();
        }
        if (exc instanceof ResponseStatusCodeAuthenticationException) {
            return ((ResponseStatusCodeAuthenticationException) exc).getStatus();
        }
        if (exc instanceof ResponseStatusCodeOAuth2AuthenticationException) {
            return ((ResponseStatusCodeOAuth2AuthenticationException) exc).getHttpStatus();
        }
        OAuth2AuthenticationException realCause = getRealCause(exc);
        if (exc != realCause) {
            return realCause instanceof AuthenticationServiceException ? HttpStatus.INTERNAL_SERVER_ERROR : getStatus(realCause);
        }
        if (!(realCause instanceof OAuth2AuthenticationException)) {
            return realCause instanceof AuthenticationServiceException ? HttpStatus.INTERNAL_SERVER_ERROR : HttpStatus.UNAUTHORIZED;
        }
        HttpStatus httpStatus = OAUTH2_ERROR_CODE_STATUS.get(realCause.getError().getErrorCode());
        return httpStatus != null ? httpStatus : HttpStatus.BAD_REQUEST;
    }

    private Exception getRealCause(Exception exc) {
        Throwable th;
        Throwable th2 = exc;
        while (true) {
            th = th2;
            if (!isCauseContainer(th)) {
                break;
            }
            th2 = th.getCause();
        }
        if (th != null && (th instanceof Exception)) {
            return (Exception) th;
        }
        return exc;
    }

    private boolean isCauseContainer(Throwable th) {
        return (th instanceof ResponseStatusCodeAuthenticationException) || (th instanceof OAuth2AuthenticationException) || (th instanceof NestedAuthenticationException);
    }

    public void onApplicationEvent(InitializingApiErrorPropertiesEvent initializingApiErrorPropertiesEvent) {
        Object error = initializingApiErrorPropertiesEvent.getError();
        Map errorAttributes = initializingApiErrorPropertiesEvent.getErrorAttributes();
        if (errorAttributes == null || errorAttributes.get(AuthenticationEndpointAuthenticationFailureHandler.class.getName()) == null) {
            return;
        }
        ApiError apiError = initializingApiErrorPropertiesEvent.getApiError();
        HttpStatus status = getStatus((Exception) error);
        apiError.setStatus(status.value());
        apiError.setReason(status.getReasonPhrase());
        Exception realCause = getRealCause((Exception) error);
        if (realCause == error) {
            if (isCauseContainer((Exception) error)) {
                apiError.setMessage((String) null);
            }
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(AuthenticationEndpointAuthenticationFailureHandler.class.getName(), true);
            ApiError createApiError = this.apiErrorFactory.createApiError(hashMap, realCause, LocaleContextHolder.getLocale());
            apiError.setMessage(createApiError.getMessage());
            apiError.setDetails(createApiError.getDetails());
            apiError.setError(createApiError.getError());
        }
    }

    public AuthenticationServerPathOption getAuthenticationServerPathOption() {
        return this.authenticationServerPathOption;
    }

    public EnhancedMessageSource getMessageSource() {
        return this.messageSource;
    }

    public ObjectMapper getMapper() {
        return this.mapper;
    }

    public ApiErrorFactory getApiErrorFactory() {
        return this.apiErrorFactory;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof AuthenticationEndpointAuthenticationFailureHandler)) {
            return false;
        }
        AuthenticationEndpointAuthenticationFailureHandler authenticationEndpointAuthenticationFailureHandler = (AuthenticationEndpointAuthenticationFailureHandler) obj;
        if (!authenticationEndpointAuthenticationFailureHandler.canEqual(this)) {
            return false;
        }
        AuthenticationServerPathOption authenticationServerPathOption = getAuthenticationServerPathOption();
        AuthenticationServerPathOption authenticationServerPathOption2 = authenticationEndpointAuthenticationFailureHandler.getAuthenticationServerPathOption();
        if (authenticationServerPathOption == null) {
            if (authenticationServerPathOption2 != null) {
                return false;
            }
        } else if (!authenticationServerPathOption.equals(authenticationServerPathOption2)) {
            return false;
        }
        EnhancedMessageSource messageSource = getMessageSource();
        EnhancedMessageSource messageSource2 = authenticationEndpointAuthenticationFailureHandler.getMessageSource();
        if (messageSource == null) {
            if (messageSource2 != null) {
                return false;
            }
        } else if (!messageSource.equals(messageSource2)) {
            return false;
        }
        ObjectMapper mapper = getMapper();
        ObjectMapper mapper2 = authenticationEndpointAuthenticationFailureHandler.getMapper();
        if (mapper == null) {
            if (mapper2 != null) {
                return false;
            }
        } else if (!mapper.equals(mapper2)) {
            return false;
        }
        ApiErrorFactory apiErrorFactory = getApiErrorFactory();
        ApiErrorFactory apiErrorFactory2 = authenticationEndpointAuthenticationFailureHandler.getApiErrorFactory();
        return apiErrorFactory == null ? apiErrorFactory2 == null : apiErrorFactory.equals(apiErrorFactory2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof AuthenticationEndpointAuthenticationFailureHandler;
    }

    public int hashCode() {
        AuthenticationServerPathOption authenticationServerPathOption = getAuthenticationServerPathOption();
        int hashCode = (1 * 59) + (authenticationServerPathOption == null ? 43 : authenticationServerPathOption.hashCode());
        EnhancedMessageSource messageSource = getMessageSource();
        int hashCode2 = (hashCode * 59) + (messageSource == null ? 43 : messageSource.hashCode());
        ObjectMapper mapper = getMapper();
        int hashCode3 = (hashCode2 * 59) + (mapper == null ? 43 : mapper.hashCode());
        ApiErrorFactory apiErrorFactory = getApiErrorFactory();
        return (hashCode3 * 59) + (apiErrorFactory == null ? 43 : apiErrorFactory.hashCode());
    }

    public String toString() {
        return "AuthenticationEndpointAuthenticationFailureHandler(authenticationServerPathOption=" + getAuthenticationServerPathOption() + ", messageSource=" + getMessageSource() + ", mapper=" + getMapper() + ", apiErrorFactory=" + getApiErrorFactory() + ")";
    }

    public AuthenticationEndpointAuthenticationFailureHandler(AuthenticationServerPathOption authenticationServerPathOption, EnhancedMessageSource enhancedMessageSource, ObjectMapper objectMapper, ApiErrorFactory apiErrorFactory) {
        this.authenticationServerPathOption = authenticationServerPathOption;
        this.messageSource = enhancedMessageSource;
        this.mapper = objectMapper;
        this.apiErrorFactory = apiErrorFactory;
    }

    static {
        OAUTH2_ERROR_CODE_STATUS.put("invalid_client", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("unauthorized", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("unauthorized_client", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("access_denied", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("invalid_token", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("mfa_required", HttpStatus.UNAUTHORIZED);
        OAUTH2_ERROR_CODE_STATUS.put("invalid_scope", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("invalid_request", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("invalid_grant", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("unsupported_token_type", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("insufficient_scope", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("unsupported_response_type", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("unsupported_grant_type", HttpStatus.BAD_REQUEST);
        OAUTH2_ERROR_CODE_STATUS.put("server_error", HttpStatus.INTERNAL_SERVER_ERROR);
        OAUTH2_ERROR_CODE_STATUS.put("temporarily_unavailable", HttpStatus.INTERNAL_SERVER_ERROR);
        HashSet hashSet = new HashSet();
        for (Field field : OAuth2ErrorCodes.class.getDeclaredFields()) {
            try {
                if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType()) && OAUTH2_ERROR_CODE_STATUS.get(field.get(null)) == null) {
                    hashSet.add(field.getName());
                }
            } catch (IllegalAccessException e) {
                throw new IllegalStateException(e);
            }
        }
        if (!CollectionUtils.isEmpty(hashSet)) {
            throw new IllegalStateException(String.join(",", hashSet) + " did not define a status code");
        }
    }
}
