package org.springframework.social.security;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.social.UserIdSource;
import org.springframework.social.connect.Connection;
import org.springframework.social.connect.ConnectionData;
import org.springframework.social.connect.ConnectionRepository;
import org.springframework.social.connect.UsersConnectionRepository;
import org.springframework.social.connect.web.ProviderSignInAttempt;
import org.springframework.social.security.provider.SocialAuthenticationService;
import org.springframework.util.Assert;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

/* loaded from: input_file:org/springframework/social/security/SocialAuthenticationFilter.class */
public class SocialAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private SocialAuthenticationServiceLocator authServiceLocator;
    private String signupUrl;
    private String connectionAddedRedirectUrl;
    private boolean updateConnections;
    private UserIdSource userIdSource;
    private UsersConnectionRepository usersConnectionRepository;
    private SimpleUrlAuthenticationFailureHandler delegateAuthenticationFailureHandler;
    private static final String DEFAULT_FAILURE_URL = "/signin";

    public SocialAuthenticationFilter(AuthenticationManager authenticationManager, UserIdSource userIdSource, UsersConnectionRepository usersConnectionRepository, SocialAuthenticationServiceLocator socialAuthenticationServiceLocator) {
        super("/auth");
        this.signupUrl = "/signup";
        this.connectionAddedRedirectUrl = "/";
        this.updateConnections = true;
        setAuthenticationManager(authenticationManager);
        this.userIdSource = userIdSource;
        this.usersConnectionRepository = usersConnectionRepository;
        this.authServiceLocator = socialAuthenticationServiceLocator;
        this.delegateAuthenticationFailureHandler = new SimpleUrlAuthenticationFailureHandler(DEFAULT_FAILURE_URL);
        super.setAuthenticationFailureHandler(new SocialAuthenticationFailureHandler(this.delegateAuthenticationFailureHandler));
    }

    public void setSignupUrl(String str) {
        this.signupUrl = str;
    }

    public void setDefaultFailureUrl(String str) {
        this.delegateAuthenticationFailureHandler.setDefaultFailureUrl(str);
    }

    public void setConnectionAddedRedirectUrl(String str) {
        this.connectionAddedRedirectUrl = str;
    }

    public void setUpdateConnections(boolean z) {
        this.updateConnections = z;
    }

    public void setPostLoginUrl(String str) {
        AbstractAuthenticationTargetUrlRequestHandler successHandler = getSuccessHandler();
        if (!(successHandler instanceof AbstractAuthenticationTargetUrlRequestHandler)) {
            throw new IllegalStateException("can't set postLoginUrl on unknown successHandler, type is " + successHandler.getClass().getName());
        }
        successHandler.setDefaultTargetUrl(str);
    }

    public void setAlwaysUsePostLoginUrl(boolean z) {
        AbstractAuthenticationTargetUrlRequestHandler successHandler = getSuccessHandler();
        if (!(successHandler instanceof AbstractAuthenticationTargetUrlRequestHandler)) {
            throw new IllegalStateException("can't set alwaysUsePostLoginUrl on unknown successHandler, type is " + successHandler.getClass().getName());
        }
        successHandler.setAlwaysUseDefaultTargetUrl(z);
    }

    public void setPostFailureUrl(String str) {
        SimpleUrlAuthenticationFailureHandler failureHandler = getFailureHandler();
        if (!(failureHandler instanceof SimpleUrlAuthenticationFailureHandler)) {
            throw new IllegalStateException("can't set postFailureUrl on unknown failureHandler, type is " + failureHandler.getClass().getName());
        }
        failureHandler.setDefaultFailureUrl(str);
    }

    public UsersConnectionRepository getUsersConnectionRepository() {
        return this.usersConnectionRepository;
    }

    public SocialAuthenticationServiceLocator getAuthServiceLocator() {
        return this.authServiceLocator;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (detectRejection(httpServletRequest)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("A rejection was detected. Failing authentication.");
            }
            throw new SocialAuthenticationException("Authentication failed because user rejected authorization.");
        }
        Authentication authentication = null;
        Set<String> registeredAuthenticationProviderIds = this.authServiceLocator.registeredAuthenticationProviderIds();
        String requestedProviderId = getRequestedProviderId(httpServletRequest);
        if (!registeredAuthenticationProviderIds.isEmpty() && requestedProviderId != null && registeredAuthenticationProviderIds.contains(requestedProviderId)) {
            authentication = attemptAuthService(this.authServiceLocator.getAuthenticationService(requestedProviderId), httpServletRequest, httpServletResponse);
            if (authentication == null) {
                throw new AuthenticationServiceException("authentication failed");
            }
        }
        return authentication;
    }

    protected boolean detectRejection(HttpServletRequest httpServletRequest) {
        Set keySet = httpServletRequest.getParameterMap().keySet();
        return (keySet.size() <= 0 || keySet.contains("oauth_token") || keySet.contains("code") || keySet.contains("scope")) ? false : true;
    }

    @Deprecated
    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestedProviderId = getRequestedProviderId(httpServletRequest);
        if (requestedProviderId != null) {
            return this.authServiceLocator.registeredAuthenticationProviderIds().contains(requestedProviderId);
        }
        return false;
    }

    protected Connection<?> addConnection(SocialAuthenticationService<?> socialAuthenticationService, String str, ConnectionData connectionData) {
        HashSet hashSet = new HashSet();
        hashSet.add(connectionData.getProviderUserId());
        Set findUserIdsConnectedTo = this.usersConnectionRepository.findUserIdsConnectedTo(connectionData.getProviderId(), hashSet);
        if (findUserIdsConnectedTo.contains(str)) {
            return null;
        }
        if (!socialAuthenticationService.getConnectionCardinality().isMultiUserId() && !findUserIdsConnectedTo.isEmpty()) {
            return null;
        }
        ConnectionRepository createConnectionRepository = this.usersConnectionRepository.createConnectionRepository(str);
        if (!socialAuthenticationService.getConnectionCardinality().isMultiProviderUserId() && !createConnectionRepository.findConnections(connectionData.getProviderId()).isEmpty()) {
            return null;
        }
        Connection<?> createConnection = socialAuthenticationService.mo1getConnectionFactory().createConnection(connectionData);
        createConnection.sync();
        createConnectionRepository.addConnection(createConnection);
        return createConnection;
    }

    private Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    private Authentication attemptAuthService(SocialAuthenticationService<?> socialAuthenticationService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SocialAuthenticationRedirectException, AuthenticationException {
        SocialAuthenticationToken authToken = socialAuthenticationService.getAuthToken(httpServletRequest, httpServletResponse);
        if (authToken == null) {
            return null;
        }
        Assert.notNull(authToken.getConnection());
        Authentication authentication = getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return doAuthentication(socialAuthenticationService, httpServletRequest, authToken);
        }
        addConnection(socialAuthenticationService, httpServletRequest, authToken, authentication);
        return null;
    }

    private String getRequestedProviderId(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        String substring = requestURI.substring(httpServletRequest.getContextPath().length());
        if (!substring.startsWith(getFilterProcessesUrl())) {
            return null;
        }
        String substring2 = substring.substring(getFilterProcessesUrl().length());
        if (substring2.startsWith("/")) {
            return substring2.substring(1);
        }
        return null;
    }

    private void addConnection(SocialAuthenticationService<?> socialAuthenticationService, HttpServletRequest httpServletRequest, SocialAuthenticationToken socialAuthenticationToken, Authentication authentication) {
        Connection<?> addConnection;
        String userId = this.userIdSource.getUserId();
        Serializable m0getPrincipal = socialAuthenticationToken.m0getPrincipal();
        if (userId == null || !(m0getPrincipal instanceof ConnectionData) || (addConnection = addConnection(socialAuthenticationService, userId, (ConnectionData) m0getPrincipal)) == null) {
            return;
        }
        String connectionAddedRedirectUrl = socialAuthenticationService.getConnectionAddedRedirectUrl(httpServletRequest, addConnection);
        if (connectionAddedRedirectUrl == null) {
            connectionAddedRedirectUrl = this.connectionAddedRedirectUrl;
        }
        throw new SocialAuthenticationRedirectException(connectionAddedRedirectUrl);
    }

    private Authentication doAuthentication(SocialAuthenticationService<?> socialAuthenticationService, HttpServletRequest httpServletRequest, SocialAuthenticationToken socialAuthenticationToken) {
        try {
            if (!socialAuthenticationService.getConnectionCardinality().isAuthenticatePossible()) {
                return null;
            }
            socialAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            Authentication authenticate = getAuthenticationManager().authenticate(socialAuthenticationToken);
            Assert.isInstanceOf(SocialUserDetails.class, authenticate.getPrincipal(), "unexpected principle type");
            updateConnections(socialAuthenticationService, socialAuthenticationToken, authenticate);
            return authenticate;
        } catch (BadCredentialsException e) {
            if (this.signupUrl == null) {
                throw e;
            }
            addSignInAttempt(httpServletRequest.getSession(), socialAuthenticationToken.getConnection());
            throw new SocialAuthenticationRedirectException(buildSignupUrl(httpServletRequest));
        }
    }

    private String buildSignupUrl(HttpServletRequest httpServletRequest) {
        return (this.signupUrl.startsWith("http://") || this.signupUrl.startsWith("https://")) ? this.signupUrl : !this.signupUrl.startsWith("/") ? ServletUriComponentsBuilder.fromContextPath(httpServletRequest).path("/" + this.signupUrl).build().toUriString() : ServletUriComponentsBuilder.fromContextPath(httpServletRequest).path(this.signupUrl).build().toUriString();
    }

    private void updateConnections(SocialAuthenticationService<?> socialAuthenticationService, SocialAuthenticationToken socialAuthenticationToken, Authentication authentication) {
        if (this.updateConnections) {
            String userId = ((SocialUserDetails) authentication.getPrincipal()).getUserId();
            getUsersConnectionRepository().createConnectionRepository(userId).updateConnection(socialAuthenticationToken.getConnection());
        }
    }

    private void addSignInAttempt(HttpSession httpSession, Connection<?> connection) {
        httpSession.setAttribute(ProviderSignInAttempt.SESSION_ATTRIBUTE, new ProviderSignInAttempt(connection, this.authServiceLocator, this.usersConnectionRepository));
    }
}
