package org.springframework.security.config.annotation.web.configurers.ott;

import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Collections;
import java.util.Map;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ott.InMemoryOneTimeTokenService;
import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider;
import org.springframework.security.authentication.ott.OneTimeTokenService;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter;
import org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter;
import org.springframework.security.web.authentication.ott.OneTimeTokenGenerationSuccessHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:ingrid-codelist-repository-7.5.0/lib/spring-security-config-6.4.2.jar:org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.class */
public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<OneTimeTokenLoginConfigurer<H>, H> {
    private final ApplicationContext context;
    private OneTimeTokenService oneTimeTokenService;
    private AuthenticationFailureHandler authenticationFailureHandler;
    private OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler;
    private AuthenticationProvider authenticationProvider;
    private AuthenticationConverter authenticationConverter = new OneTimeTokenAuthenticationConverter();
    private AuthenticationSuccessHandler authenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    private String defaultSubmitPageUrl = "/login/ott";
    private boolean submitPageEnabled = true;
    private String loginProcessingUrl = "/login/ott";
    private String tokenGeneratingUrl = "/ott/generate";

    public OneTimeTokenLoginConfigurer(ApplicationContext applicationContext) {
        this.context = applicationContext;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(H h) {
        h.authenticationProvider((AuthenticationProvider) postProcess(getAuthenticationProvider(h)));
        configureDefaultLoginPage(h);
    }

    private void configureDefaultLoginPage(H h) {
        DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = (DefaultLoginPageGeneratingFilter) h.getSharedObject(DefaultLoginPageGeneratingFilter.class);
        if (defaultLoginPageGeneratingFilter == null) {
            return;
        }
        defaultLoginPageGeneratingFilter.setOneTimeTokenEnabled(true);
        defaultLoginPageGeneratingFilter.setOneTimeTokenGenerationUrl(this.tokenGeneratingUrl);
        if (this.authenticationFailureHandler == null && StringUtils.hasText(defaultLoginPageGeneratingFilter.getLoginPageUrl())) {
            this.authenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler(defaultLoginPageGeneratingFilter.getLoginPageUrl() + "?error");
        }
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) {
        configureSubmitPage(h);
        configureOttGenerateFilter(h);
        configureOttAuthenticationFilter(h);
    }

    private void configureOttAuthenticationFilter(H h) {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter((AuthenticationManager) h.getSharedObject(AuthenticationManager.class), this.authenticationConverter);
        authenticationFilter.setSecurityContextRepository(getSecurityContextRepository(h));
        authenticationFilter.setRequestMatcher(AntPathRequestMatcher.antMatcher(HttpMethod.POST, this.loginProcessingUrl));
        authenticationFilter.setFailureHandler(getAuthenticationFailureHandler());
        authenticationFilter.setSuccessHandler(this.authenticationSuccessHandler);
        h.addFilter((Filter) postProcess(authenticationFilter));
    }

    private SecurityContextRepository getSecurityContextRepository(H h) {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) h.getSharedObject(SecurityContextRepository.class);
        return securityContextRepository != null ? securityContextRepository : new HttpSessionSecurityContextRepository();
    }

    private void configureOttGenerateFilter(H h) {
        GenerateOneTimeTokenFilter generateOneTimeTokenFilter = new GenerateOneTimeTokenFilter(getOneTimeTokenService(h), getOneTimeTokenGenerationSuccessHandler(h));
        generateOneTimeTokenFilter.setRequestMatcher(AntPathRequestMatcher.antMatcher(HttpMethod.POST, this.tokenGeneratingUrl));
        h.addFilter((Filter) postProcess(generateOneTimeTokenFilter));
        h.addFilter(DefaultResourcesFilter.css());
    }

    private OneTimeTokenGenerationSuccessHandler getOneTimeTokenGenerationSuccessHandler(H h) {
        if (this.oneTimeTokenGenerationSuccessHandler == null) {
            this.oneTimeTokenGenerationSuccessHandler = (OneTimeTokenGenerationSuccessHandler) getBeanOrNull(h, OneTimeTokenGenerationSuccessHandler.class);
        }
        if (this.oneTimeTokenGenerationSuccessHandler == null) {
            throw new IllegalStateException("A OneTimeTokenGenerationSuccessHandler is required to enable oneTimeTokenLogin().\nPlease provide it as a bean or pass it to the oneTimeTokenLogin() DSL.\n");
        }
        return this.oneTimeTokenGenerationSuccessHandler;
    }

    private void configureSubmitPage(H h) {
        if (this.submitPageEnabled) {
            DefaultOneTimeTokenSubmitPageGeneratingFilter defaultOneTimeTokenSubmitPageGeneratingFilter = new DefaultOneTimeTokenSubmitPageGeneratingFilter();
            defaultOneTimeTokenSubmitPageGeneratingFilter.setResolveHiddenInputs(this::hiddenInputs);
            defaultOneTimeTokenSubmitPageGeneratingFilter.setRequestMatcher(AntPathRequestMatcher.antMatcher(HttpMethod.GET, this.defaultSubmitPageUrl));
            defaultOneTimeTokenSubmitPageGeneratingFilter.setLoginProcessingUrl(this.loginProcessingUrl);
            h.addFilter((Filter) postProcess(defaultOneTimeTokenSubmitPageGeneratingFilter));
        }
    }

    private AuthenticationProvider getAuthenticationProvider(H h) {
        if (this.authenticationProvider != null) {
            return this.authenticationProvider;
        }
        this.authenticationProvider = new OneTimeTokenAuthenticationProvider(getOneTimeTokenService(h), (UserDetailsService) getContext().getBean(UserDetailsService.class));
        return this.authenticationProvider;
    }

    public OneTimeTokenLoginConfigurer<H> authenticationProvider(AuthenticationProvider authenticationProvider) {
        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
        this.authenticationProvider = authenticationProvider;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenGeneratingUrl(String str) {
        Assert.hasText(str, "tokenGeneratingUrl cannot be null or empty");
        this.tokenGeneratingUrl = str;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler) {
        Assert.notNull(oneTimeTokenGenerationSuccessHandler, "oneTimeTokenGenerationSuccessHandler cannot be null");
        this.oneTimeTokenGenerationSuccessHandler = oneTimeTokenGenerationSuccessHandler;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> loginProcessingUrl(String str) {
        Assert.hasText(str, "loginProcessingUrl cannot be null or empty");
        this.loginProcessingUrl = str;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> showDefaultSubmitPage(boolean z) {
        this.submitPageEnabled = z;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> defaultSubmitPageUrl(String str) {
        Assert.hasText(str, "submitPageUrl cannot be null or empty");
        this.defaultSubmitPageUrl = str;
        showDefaultSubmitPage(true);
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenService(OneTimeTokenService oneTimeTokenService) {
        Assert.notNull(oneTimeTokenService, "oneTimeTokenService cannot be null");
        this.oneTimeTokenService = oneTimeTokenService;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> authenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> authenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
        this.authenticationSuccessHandler = authenticationSuccessHandler;
        return this;
    }

    private AuthenticationFailureHandler getAuthenticationFailureHandler() {
        if (this.authenticationFailureHandler != null) {
            return this.authenticationFailureHandler;
        }
        this.authenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler("/login?error");
        return this.authenticationFailureHandler;
    }

    private OneTimeTokenService getOneTimeTokenService(H h) {
        if (this.oneTimeTokenService != null) {
            return this.oneTimeTokenService;
        }
        OneTimeTokenService oneTimeTokenService = (OneTimeTokenService) getBeanOrNull(h, OneTimeTokenService.class);
        if (oneTimeTokenService != null) {
            this.oneTimeTokenService = oneTimeTokenService;
        } else {
            this.oneTimeTokenService = new InMemoryOneTimeTokenService();
        }
        return this.oneTimeTokenService;
    }

    private <C> C getBeanOrNull(H h, Class<C> cls) {
        ApplicationContext applicationContext = (ApplicationContext) h.getSharedObject(ApplicationContext.class);
        if (applicationContext == null) {
            return null;
        }
        return (C) applicationContext.getBeanProvider(cls).getIfUnique();
    }

    private Map<String, String> hiddenInputs(HttpServletRequest httpServletRequest) {
        CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
        return csrfToken != null ? Collections.singletonMap(csrfToken.getParameterName(), csrfToken.getToken()) : Collections.emptyMap();
    }

    public ApplicationContext getContext() {
        return this.context;
    }
}
