package org.springframework.security.oauth2.server.authorization.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.LinkedHashMap;
import java.util.Map;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.core.log.LogMessage;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.converter.GenericHttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2PushedAuthorizationRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2AuthorizationCodeRequestAuthenticationConverter;
import org.springframework.security.oauth2.server.authorization.web.authentication.OAuth2ErrorAuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/OAuth2PushedAuthorizationRequestEndpointFilter.class */
public final class OAuth2PushedAuthorizationRequestEndpointFilter extends OncePerRequestFilter {
    private static final String DEFAULT_PUSHED_AUTHORIZATION_REQUEST_ENDPOINT_URI = "/oauth2/par";
    private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.server.authorization.web.OAuth2PushedAuthorizationRequestEndpointFilter.1
    };
    private static final GenericHttpMessageConverter<Object> JSON_MESSAGE_CONVERTER = HttpMessageConverters.getJsonMessageConverter();
    private final AuthenticationManager authenticationManager;
    private final RequestMatcher pushedAuthorizationRequestEndpointMatcher;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private AuthenticationConverter authenticationConverter;
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    private AuthenticationFailureHandler authenticationFailureHandler;

    public OAuth2PushedAuthorizationRequestEndpointFilter(AuthenticationManager authenticationManager) {
        this(authenticationManager, DEFAULT_PUSHED_AUTHORIZATION_REQUEST_ENDPOINT_URI);
    }

    public OAuth2PushedAuthorizationRequestEndpointFilter(AuthenticationManager authenticationManager, String str) {
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.authenticationSuccessHandler = this::sendPushedAuthorizationResponse;
        this.authenticationFailureHandler = new OAuth2ErrorAuthenticationFailureHandler();
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.hasText(str, "pushedAuthorizationRequestEndpointUri cannot be empty");
        this.authenticationManager = authenticationManager;
        this.pushedAuthorizationRequestEndpointMatcher = new AntPathRequestMatcher(str, HttpMethod.POST.name());
        this.authenticationConverter = new OAuth2AuthorizationCodeRequestAuthenticationConverter();
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.pushedAuthorizationRequestEndpointMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            AbstractAuthenticationToken convert = this.authenticationConverter.convert(httpServletRequest);
            if (convert instanceof AbstractAuthenticationToken) {
                convert.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            }
            this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(convert));
        } catch (OAuth2AuthenticationException e) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Pushed authorization request failed: %s", e.getError()), e);
            }
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
        }
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setAuthenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    private void sendPushedAuthorizationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        OAuth2PushedAuthorizationRequestAuthenticationToken oAuth2PushedAuthorizationRequestAuthenticationToken = (OAuth2PushedAuthorizationRequestAuthenticationToken) authentication;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("request_uri", oAuth2PushedAuthorizationRequestAuthenticationToken.getRequestUri());
        linkedHashMap.put("expires_in", Long.valueOf(ChronoUnit.SECONDS.between(Instant.now(), oAuth2PushedAuthorizationRequestAuthenticationToken.getRequestUriExpiresAt())));
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        servletServerHttpResponse.setStatusCode(HttpStatus.CREATED);
        JSON_MESSAGE_CONVERTER.write(linkedHashMap, STRING_OBJECT_MAP.getType(), MediaType.APPLICATION_JSON, servletServerHttpResponse);
    }
}
