package io.gravitee.am.management.handlers.management.api.authentication.handler;

import io.gravitee.am.common.web.UriBuilder;
import io.gravitee.am.identityprovider.api.SimpleAuthenticationContext;
import io.gravitee.am.management.handlers.management.api.authentication.provider.security.EndUserAuthentication;
import io.gravitee.am.model.Reference;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.AuthenticationAuditBuilder;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/handler/CustomAuthenticationFailureHandler.class */
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Autowired
    private AuditService auditService;
    private String defaultFailureUrl;

    public CustomAuthenticationFailureHandler(String str) {
        this.defaultFailureUrl = str;
        super.setAllowSessionCreation(false);
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        String organizationId = getOrganizationId(httpServletRequest);
        EndUserAuthentication endUserAuthentication = new EndUserAuthentication(httpServletRequest.getParameter("username"), null, new SimpleAuthenticationContext());
        endUserAuthentication.getContext().set("ip_address", remoteAddress(httpServletRequest));
        endUserAuthentication.getContext().set("user_agent", userAgent(httpServletRequest));
        endUserAuthentication.getContext().set("org", organizationId);
        this.auditService.report(((AuthenticationAuditBuilder) AuditBuilder.builder(AuthenticationAuditBuilder.class)).principal(endUserAuthentication).reference(Reference.organization(organizationId)).throwable(authenticationException));
        String str = this.defaultFailureUrl;
        if (!"DEFAULT".equals(organizationId)) {
            str = UriBuilder.fromURIString(this.defaultFailureUrl).addParameter("organizationId", organizationId).buildString();
        }
        super.getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, str);
    }

    private String getOrganizationId(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("org");
        if (parameter == null) {
            parameter = "DEFAULT";
        }
        return parameter;
    }

    private String remoteAddress(HttpServletRequest httpServletRequest) {
        String remoteAddr;
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || header.length() <= 0) {
            remoteAddr = httpServletRequest.getRemoteAddr();
        } else {
            int indexOf = header.indexOf(44);
            String substring = indexOf != -1 ? header.substring(0, indexOf) : header;
            int indexOf2 = substring.indexOf(58);
            remoteAddr = indexOf2 != -1 ? substring.substring(0, indexOf2).trim() : substring.trim();
        }
        return remoteAddr;
    }

    private String userAgent(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("User-Agent");
    }
}
