package org.springframework.security.web.authentication.ui;

import ch.qos.logback.classic.encoder.JsonEncoder;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.class */
public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
    public static final String DEFAULT_LOGIN_PAGE_URL = "/login";
    public static final String ERROR_PARAMETER_NAME = "error";
    private String loginPageUrl;
    private String logoutSuccessUrl;
    private String failureUrl;
    private boolean formLoginEnabled;
    private boolean oauth2LoginEnabled;
    private boolean saml2LoginEnabled;
    private boolean passkeysEnabled;
    private boolean oneTimeTokenEnabled;
    private String authenticationUrl;
    private String generateOneTimeTokenUrl;
    private String usernameParameter;
    private String passwordParameter;
    private String rememberMeParameter;
    private Map<String, String> oauth2AuthenticationUrlToClientName;
    private Map<String, String> saml2AuthenticationUrlToProviderName;
    private Function<HttpServletRequest, Map<String, String>> resolveHiddenInputs;
    private Function<HttpServletRequest, Map<String, String>> resolveHeaders;
    private static final String CSRF_HEADERS = "{\"{{headerName}}\" : \"{{headerValue}}\"}";
    private static final String PASSKEY_SCRIPT_TEMPLATE = "\t<script type=\"text/javascript\" src=\"{{contextPath}}/login/webauthn.js\"></script>\n\t<script type=\"text/javascript\">\n\t<!--\n\t\tdocument.addEventListener(\"DOMContentLoaded\",() => setupLogin({{csrfHeaders}}, \"{{contextPath}}\", document.getElementById('passkey-signin')));\n\n\t//-->\n\t</script>\n";
    private static final String PASSKEY_FORM_TEMPLATE = "<div class=\"login-form\">\n<h2>Login with Passkeys</h2>\n<button id=\"passkey-signin\" type=\"submit\" class=\"primary\">Sign in with a passkey</button>\n</div>\n";
    private static final String LOGIN_PAGE_TEMPLATE = "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n    <title>Please sign in</title>\n    <link href=\"{{contextPath}}/default-ui.css\" rel=\"stylesheet\" />{{javaScript}}\n  </head>\n  <body>\n    <div class=\"content\">\n{{formLogin}}\n{{oneTimeTokenLogin}}{{passkeyLogin}}\n{{oauth2Login}}\n{{saml2Login}}\n    </div>\n  </body>\n</html>";
    private static final String LOGIN_FORM_TEMPLATE = "      <form class=\"login-form\" method=\"post\" action=\"{{loginUrl}}\">\n        <h2>Please sign in</h2>\n{{errorMessage}}{{logoutMessage}}\n        <p>\n          <label for=\"username\" class=\"screenreader\">Username</label>\n          <input type=\"text\" id=\"username\" name=\"{{usernameParameter}}\" placeholder=\"Username\" required autofocus>\n        </p>\n        <p>\n          <label for=\"password\" class=\"screenreader\">Password</label>\n          <input type=\"password\" id=\"password\" name=\"{{passwordParameter}}\" placeholder=\"Password\" {{autocomplete}}required>\n        </p>\n{{rememberMeInput}}\n{{hiddenInputs}}\n        <button type=\"submit\" class=\"primary\">Sign in</button>\n      </form>";
    private static final String HIDDEN_HTML_INPUT_TEMPLATE = "<input name=\"{{name}}\" type=\"hidden\" value=\"{{value}}\" />\n";
    private static final String ALERT_TEMPLATE = "<div class=\"alert alert-danger\" role=\"alert\">{{message}}</div>";
    private static final String OAUTH2_LOGIN_TEMPLATE = "<h2>Login with OAuth 2.0</h2>\n{{errorMessage}}{{logoutMessage}}\n<table class=\"table table-striped\">\n  {{oauth2Rows}}\n</table>";
    private static final String OAUTH2_ROW_TEMPLATE = "<tr><td><a href=\"{{url}}\">{{clientName}}</a></td></tr>";
    private static final String SAML_LOGIN_TEMPLATE = "<h2>Login with SAML 2.0</h2>\n{{errorMessage}}{{logoutMessage}}\n<table class=\"table table-striped\">\n  {{samlRows}}\n</table>";
    private static final String SAML_ROW_TEMPLATE = "<tr><td><a href=\"{{url}}\">{{clientName}}</a></td></tr>";
    private static final String ONE_TIME_TEMPLATE = "      <form id=\"ott-form\" class=\"login-form\" method=\"post\" action=\"{{generateOneTimeTokenUrl}}\">\n        <h2>Request a One-Time Token</h2>\n{{errorMessage}}{{logoutMessage}}\n        <p>\n          <label for=\"ott-username\" class=\"screenreader\">Username</label>\n          <input type=\"text\" id=\"ott-username\" name=\"username\" placeholder=\"Username\" required>\n        </p>\n{{hiddenInputs}}\n        <button class=\"primary\" type=\"submit\" form=\"ott-form\">Send Token</button>\n      </form>\n";

    public DefaultLoginPageGeneratingFilter() {
        this.resolveHiddenInputs = httpServletRequest -> {
            return Collections.emptyMap();
        };
        this.resolveHeaders = httpServletRequest2 -> {
            return Collections.emptyMap();
        };
    }

    public DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter) {
        this.resolveHiddenInputs = httpServletRequest -> {
            return Collections.emptyMap();
        };
        this.resolveHeaders = httpServletRequest2 -> {
            return Collections.emptyMap();
        };
        this.loginPageUrl = DEFAULT_LOGIN_PAGE_URL;
        this.logoutSuccessUrl = RedirectServerLogoutSuccessHandler.DEFAULT_LOGOUT_SUCCESS_URL;
        this.failureUrl = "/login?error";
        if (usernamePasswordAuthenticationFilter != null) {
            initAuthFilter(usernamePasswordAuthenticationFilter);
        }
    }

    private void initAuthFilter(UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter) {
        this.formLoginEnabled = true;
        this.usernameParameter = usernamePasswordAuthenticationFilter.getUsernameParameter();
        this.passwordParameter = usernamePasswordAuthenticationFilter.getPasswordParameter();
        RememberMeServices rememberMeServices = usernamePasswordAuthenticationFilter.getRememberMeServices();
        if (rememberMeServices instanceof AbstractRememberMeServices) {
            this.rememberMeParameter = ((AbstractRememberMeServices) rememberMeServices).getParameter();
        }
    }

    public void setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>> function) {
        Assert.notNull(function, "resolveHiddenInputs cannot be null");
        this.resolveHiddenInputs = function;
    }

    public void setResolveHeaders(Function<HttpServletRequest, Map<String, String>> function) {
        Assert.notNull(function, "resolveHeaders cannot be null");
        this.resolveHeaders = function;
    }

    public boolean isEnabled() {
        return this.formLoginEnabled || this.oauth2LoginEnabled || this.saml2LoginEnabled || this.oneTimeTokenEnabled;
    }

    public void setLogoutSuccessUrl(String str) {
        this.logoutSuccessUrl = str;
    }

    public String getLoginPageUrl() {
        return this.loginPageUrl;
    }

    public void setLoginPageUrl(String str) {
        this.loginPageUrl = str;
    }

    public void setFailureUrl(String str) {
        this.failureUrl = str;
    }

    public void setFormLoginEnabled(boolean z) {
        this.formLoginEnabled = z;
    }

    public void setOauth2LoginEnabled(boolean z) {
        this.oauth2LoginEnabled = z;
    }

    public void setOneTimeTokenEnabled(boolean z) {
        this.oneTimeTokenEnabled = z;
    }

    public void setSaml2LoginEnabled(boolean z) {
        this.saml2LoginEnabled = z;
    }

    public void setPasskeysEnabled(boolean z) {
        this.passkeysEnabled = z;
    }

    public void setAuthenticationUrl(String str) {
        this.authenticationUrl = str;
    }

    public void setOneTimeTokenGenerationUrl(String str) {
        this.generateOneTimeTokenUrl = str;
    }

    public void setUsernameParameter(String str) {
        this.usernameParameter = str;
    }

    public void setPasswordParameter(String str) {
        this.passwordParameter = str;
    }

    public void setRememberMeParameter(String str) {
        this.rememberMeParameter = str;
    }

    public void setOauth2AuthenticationUrlToClientName(Map<String, String> map) {
        this.oauth2AuthenticationUrlToClientName = map;
    }

    public void setSaml2AuthenticationUrlToProviderName(Map<String, String> map) {
        this.saml2AuthenticationUrlToProviderName = map;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isErrorPage = isErrorPage(httpServletRequest);
        boolean isLogoutSuccess = isLogoutSuccess(httpServletRequest);
        if (!isLoginUrlRequest(httpServletRequest) && !isErrorPage && !isLogoutSuccess) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String generateLoginPageHtml = generateLoginPageHtml(httpServletRequest, isErrorPage, isLogoutSuccess);
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.setContentLength(generateLoginPageHtml.getBytes(StandardCharsets.UTF_8).length);
        httpServletResponse.getWriter().write(generateLoginPageHtml);
    }

    private String generateLoginPageHtml(HttpServletRequest httpServletRequest, boolean z, boolean z2) {
        String contextPath = httpServletRequest.getContextPath();
        return HtmlTemplates.fromTemplate(LOGIN_PAGE_TEMPLATE).withRawHtml("contextPath", contextPath).withRawHtml("javaScript", renderJavaScript(httpServletRequest, contextPath)).withRawHtml("formLogin", renderFormLogin(httpServletRequest, z, z2, contextPath, "Invalid credentials")).withRawHtml("oneTimeTokenLogin", renderOneTimeTokenLogin(httpServletRequest, z, z2, contextPath, "Invalid credentials")).withRawHtml("oauth2Login", renderOAuth2Login(z, z2, "Invalid credentials", contextPath)).withRawHtml("saml2Login", renderSaml2Login(z, z2, "Invalid credentials", contextPath)).withRawHtml("passkeyLogin", renderPasskeyLogin()).render();
    }

    private String renderJavaScript(HttpServletRequest httpServletRequest, String str) {
        return this.passkeysEnabled ? HtmlTemplates.fromTemplate(PASSKEY_SCRIPT_TEMPLATE).withValue("loginPageUrl", this.loginPageUrl).withValue("contextPath", str).withRawHtml("csrfHeaders", renderHeaders(httpServletRequest)).render() : "";
    }

    private String renderPasskeyLogin() {
        return this.passkeysEnabled ? PASSKEY_FORM_TEMPLATE : "";
    }

    private String renderHeaders(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry<String, String> entry : this.resolveHeaders.apply(httpServletRequest).entrySet()) {
            stringBuffer.append(HtmlTemplates.fromTemplate(CSRF_HEADERS).withValue("headerName", entry.getKey()).withValue("headerValue", entry.getValue()).render());
        }
        return stringBuffer.toString();
    }

    private String renderFormLogin(HttpServletRequest httpServletRequest, boolean z, boolean z2, String str, String str2) {
        if (this.formLoginEnabled) {
            return HtmlTemplates.fromTemplate(LOGIN_FORM_TEMPLATE).withValue("loginUrl", str + this.authenticationUrl).withRawHtml("errorMessage", renderError(z, str2)).withRawHtml("logoutMessage", renderSuccess(z2)).withValue("usernameParameter", this.usernameParameter).withValue("passwordParameter", this.passwordParameter).withRawHtml("rememberMeInput", renderRememberMe(this.rememberMeParameter)).withRawHtml("hiddenInputs", (String) this.resolveHiddenInputs.apply(httpServletRequest).entrySet().stream().map(entry -> {
                return renderHiddenInput((String) entry.getKey(), (String) entry.getValue());
            }).collect(Collectors.joining("\n"))).withRawHtml("autocomplete", this.passkeysEnabled ? "autocomplete=\"password webauthn\" " : "").render();
        }
        return "";
    }

    private String renderOneTimeTokenLogin(HttpServletRequest httpServletRequest, boolean z, boolean z2, String str, String str2) {
        if (!this.oneTimeTokenEnabled) {
            return "";
        }
        return HtmlTemplates.fromTemplate(ONE_TIME_TEMPLATE).withValue("generateOneTimeTokenUrl", str + this.generateOneTimeTokenUrl).withRawHtml("errorMessage", renderError(z, str2)).withRawHtml("logoutMessage", renderSuccess(z2)).withRawHtml("hiddenInputs", (String) this.resolveHiddenInputs.apply(httpServletRequest).entrySet().stream().map(entry -> {
            return renderHiddenInput((String) entry.getKey(), (String) entry.getValue());
        }).collect(Collectors.joining("\n"))).render();
    }

    private String renderOAuth2Login(boolean z, boolean z2, String str, String str2) {
        if (!this.oauth2LoginEnabled) {
            return "";
        }
        return HtmlTemplates.fromTemplate(OAUTH2_LOGIN_TEMPLATE).withRawHtml("errorMessage", renderError(z, str)).withRawHtml("logoutMessage", renderSuccess(z2)).withRawHtml("oauth2Rows", (String) this.oauth2AuthenticationUrlToClientName.entrySet().stream().map(entry -> {
            return renderOAuth2Row(str2, (String) entry.getKey(), (String) entry.getValue());
        }).collect(Collectors.joining("\n"))).render();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String renderOAuth2Row(String str, String str2, String str3) {
        return HtmlTemplates.fromTemplate("<tr><td><a href=\"{{url}}\">{{clientName}}</a></td></tr>").withValue("url", str + str2).withValue("clientName", str3).render();
    }

    private String renderSaml2Login(boolean z, boolean z2, String str, String str2) {
        if (!this.saml2LoginEnabled) {
            return "";
        }
        return HtmlTemplates.fromTemplate(SAML_LOGIN_TEMPLATE).withRawHtml("errorMessage", renderError(z, str)).withRawHtml("logoutMessage", renderSuccess(z2)).withRawHtml("samlRows", (String) this.saml2AuthenticationUrlToProviderName.entrySet().stream().map(entry -> {
            return renderSaml2Row(str2, (String) entry.getKey(), (String) entry.getValue());
        }).collect(Collectors.joining("\n"))).render();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String renderSaml2Row(String str, String str2, String str3) {
        return HtmlTemplates.fromTemplate("<tr><td><a href=\"{{url}}\">{{clientName}}</a></td></tr>").withValue("url", str + str2).withValue("clientName", str3).render();
    }

    private String renderHiddenInput(String str, String str2) {
        return HtmlTemplates.fromTemplate(HIDDEN_HTML_INPUT_TEMPLATE).withValue("name", str).withValue("value", str2).render();
    }

    private String renderRememberMe(String str) {
        return str == null ? "" : HtmlTemplates.fromTemplate("<p><input type='checkbox' name='{{paramName}}'/> Remember me on this computer.</p>").withValue("paramName", str).render();
    }

    private boolean isLogoutSuccess(HttpServletRequest httpServletRequest) {
        return this.logoutSuccessUrl != null && matches(httpServletRequest, this.logoutSuccessUrl);
    }

    private boolean isLoginUrlRequest(HttpServletRequest httpServletRequest) {
        return matches(httpServletRequest, this.loginPageUrl);
    }

    private boolean isErrorPage(HttpServletRequest httpServletRequest) {
        return matches(httpServletRequest, this.failureUrl);
    }

    private String renderError(boolean z, String str) {
        return !z ? "" : HtmlTemplates.fromTemplate(ALERT_TEMPLATE).withValue(JsonEncoder.MESSAGE_ATTR_NAME, str).render();
    }

    private String renderSuccess(boolean z) {
        return !z ? "" : "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>";
    }

    private boolean matches(HttpServletRequest httpServletRequest, String str) {
        if (!HttpGet.METHOD_NAME.equals(httpServletRequest.getMethod()) || str == null) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        if (httpServletRequest.getQueryString() != null) {
            requestURI = requestURI + "?" + httpServletRequest.getQueryString();
        }
        return "".equals(httpServletRequest.getContextPath()) ? requestURI.equals(str) : requestURI.equals(httpServletRequest.getContextPath() + str);
    }
}
