package org.springframework.security.config.annotation.web.configurers.ott;

import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Collections;
import java.util.Map;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ott.InMemoryOneTimeTokenService;
import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider;
import org.springframework.security.authentication.ott.OneTimeTokenService;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.RequestMatcherFactory;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.ott.DefaultGenerateOneTimeTokenRequestResolver;
import org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter;
import org.springframework.security.web.authentication.ott.GenerateOneTimeTokenRequestResolver;
import org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationFilter;
import org.springframework.security.web.authentication.ott.OneTimeTokenGenerationSuccessHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-6.5.0.jar:org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.class */
public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H, OneTimeTokenLoginConfigurer<H>, OneTimeTokenAuthenticationFilter> {
    private final ApplicationContext context;
    private OneTimeTokenService oneTimeTokenService;
    private String defaultSubmitPageUrl;
    private boolean submitPageEnabled;
    private String loginProcessingUrl;
    private String tokenGeneratingUrl;
    private OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler;
    private AuthenticationProvider authenticationProvider;
    private GenerateOneTimeTokenRequestResolver requestResolver;

    public OneTimeTokenLoginConfigurer(ApplicationContext applicationContext) {
        super(new OneTimeTokenAuthenticationFilter(), "/login/ott");
        this.defaultSubmitPageUrl = "/login/ott";
        this.submitPageEnabled = true;
        this.loginProcessingUrl = "/login/ott";
        this.tokenGeneratingUrl = GenerateOneTimeTokenFilter.DEFAULT_GENERATE_URL;
        this.context = applicationContext;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(H h) throws Exception {
        super.init((OneTimeTokenLoginConfigurer<H>) h);
        h.authenticationProvider((AuthenticationProvider) postProcess(getAuthenticationProvider()));
        intiDefaultLoginFilter(h);
    }

    private void intiDefaultLoginFilter(H h) {
        DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = (DefaultLoginPageGeneratingFilter) h.getSharedObject(DefaultLoginPageGeneratingFilter.class);
        if (defaultLoginPageGeneratingFilter == null || isCustomLoginPage()) {
            return;
        }
        defaultLoginPageGeneratingFilter.setOneTimeTokenEnabled(true);
        defaultLoginPageGeneratingFilter.setOneTimeTokenGenerationUrl(this.tokenGeneratingUrl);
        if (StringUtils.hasText(defaultLoginPageGeneratingFilter.getLoginPageUrl())) {
            return;
        }
        defaultLoginPageGeneratingFilter.setLoginPageUrl("/login");
        defaultLoginPageGeneratingFilter.setFailureUrl("/login?error");
        defaultLoginPageGeneratingFilter.setLogoutSuccessUrl(RedirectServerLogoutSuccessHandler.DEFAULT_LOGOUT_SUCCESS_URL);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        super.configure((OneTimeTokenLoginConfigurer<H>) h);
        configureSubmitPage(h);
        configureOttGenerateFilter(h);
    }

    private void configureOttGenerateFilter(H h) {
        GenerateOneTimeTokenFilter generateOneTimeTokenFilter = new GenerateOneTimeTokenFilter(getOneTimeTokenService(), getOneTimeTokenGenerationSuccessHandler());
        generateOneTimeTokenFilter.setRequestMatcher(RequestMatcherFactory.matcher(HttpMethod.POST, this.tokenGeneratingUrl));
        generateOneTimeTokenFilter.setRequestResolver(getGenerateRequestResolver());
        h.addFilter((Filter) postProcess(generateOneTimeTokenFilter));
        h.addFilter(DefaultResourcesFilter.css());
    }

    private OneTimeTokenGenerationSuccessHandler getOneTimeTokenGenerationSuccessHandler() {
        if (this.oneTimeTokenGenerationSuccessHandler == null) {
            this.oneTimeTokenGenerationSuccessHandler = (OneTimeTokenGenerationSuccessHandler) this.context.getBeanProvider(OneTimeTokenGenerationSuccessHandler.class).getIfUnique();
        }
        if (this.oneTimeTokenGenerationSuccessHandler == null) {
            throw new IllegalStateException("A OneTimeTokenGenerationSuccessHandler is required to enable oneTimeTokenLogin().\nPlease provide it as a bean or pass it to the oneTimeTokenLogin() DSL.\n");
        }
        return this.oneTimeTokenGenerationSuccessHandler;
    }

    private void configureSubmitPage(H h) {
        if (this.submitPageEnabled) {
            DefaultOneTimeTokenSubmitPageGeneratingFilter defaultOneTimeTokenSubmitPageGeneratingFilter = new DefaultOneTimeTokenSubmitPageGeneratingFilter();
            defaultOneTimeTokenSubmitPageGeneratingFilter.setResolveHiddenInputs(this::hiddenInputs);
            defaultOneTimeTokenSubmitPageGeneratingFilter.setRequestMatcher(RequestMatcherFactory.matcher(HttpMethod.GET, this.defaultSubmitPageUrl));
            defaultOneTimeTokenSubmitPageGeneratingFilter.setLoginProcessingUrl(getLoginProcessingUrl());
            h.addFilter((Filter) postProcess(defaultOneTimeTokenSubmitPageGeneratingFilter));
        }
    }

    private AuthenticationProvider getAuthenticationProvider() {
        if (this.authenticationProvider != null) {
            return this.authenticationProvider;
        }
        this.authenticationProvider = new OneTimeTokenAuthenticationProvider(getOneTimeTokenService(), (UserDetailsService) this.context.getBean(UserDetailsService.class));
        return this.authenticationProvider;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    protected RequestMatcher createLoginProcessingUrlMatcher(String str) {
        return RequestMatcherFactory.matcher(HttpMethod.POST, str);
    }

    public OneTimeTokenLoginConfigurer<H> authenticationProvider(AuthenticationProvider authenticationProvider) {
        Assert.notNull(authenticationProvider, "authenticationProvider cannot be null");
        this.authenticationProvider = authenticationProvider;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenGeneratingUrl(String str) {
        Assert.hasText(str, "tokenGeneratingUrl cannot be null or empty");
        this.tokenGeneratingUrl = str;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler oneTimeTokenGenerationSuccessHandler) {
        Assert.notNull(oneTimeTokenGenerationSuccessHandler, "oneTimeTokenGenerationSuccessHandler cannot be null");
        this.oneTimeTokenGenerationSuccessHandler = oneTimeTokenGenerationSuccessHandler;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    public OneTimeTokenLoginConfigurer<H> loginProcessingUrl(String str) {
        Assert.hasText(str, "loginProcessingUrl cannot be null or empty");
        super.loginProcessingUrl(str);
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    public OneTimeTokenLoginConfigurer<H> loginPage(String str) {
        return (OneTimeTokenLoginConfigurer) super.loginPage(str);
    }

    public OneTimeTokenLoginConfigurer<H> showDefaultSubmitPage(boolean z) {
        this.submitPageEnabled = z;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> defaultSubmitPageUrl(String str) {
        Assert.hasText(str, "submitPageUrl cannot be null or empty");
        this.defaultSubmitPageUrl = str;
        showDefaultSubmitPage(true);
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> tokenService(OneTimeTokenService oneTimeTokenService) {
        Assert.notNull(oneTimeTokenService, "oneTimeTokenService cannot be null");
        this.oneTimeTokenService = oneTimeTokenService;
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> authenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        getAuthenticationFilter().setAuthenticationConverter(authenticationConverter);
        return this;
    }

    @Deprecated(since = "6.5")
    public OneTimeTokenLoginConfigurer<H> authenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "authenticationFailureHandler cannot be null");
        super.failureHandler(authenticationFailureHandler);
        return this;
    }

    @Deprecated(since = "6.5")
    public OneTimeTokenLoginConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        Assert.notNull(authenticationSuccessHandler, "authenticationSuccessHandler cannot be null");
        super.successHandler(authenticationSuccessHandler);
        return this;
    }

    public OneTimeTokenLoginConfigurer<H> generateRequestResolver(GenerateOneTimeTokenRequestResolver generateOneTimeTokenRequestResolver) {
        Assert.notNull(generateOneTimeTokenRequestResolver, "requestResolver cannot be null");
        this.requestResolver = generateOneTimeTokenRequestResolver;
        return this;
    }

    private GenerateOneTimeTokenRequestResolver getGenerateRequestResolver() {
        if (this.requestResolver != null) {
            return this.requestResolver;
        }
        this.requestResolver = (GenerateOneTimeTokenRequestResolver) this.context.getBeanProvider(GenerateOneTimeTokenRequestResolver.class).getIfUnique(DefaultGenerateOneTimeTokenRequestResolver::new);
        return this.requestResolver;
    }

    private OneTimeTokenService getOneTimeTokenService() {
        if (this.oneTimeTokenService != null) {
            return this.oneTimeTokenService;
        }
        this.oneTimeTokenService = (OneTimeTokenService) this.context.getBeanProvider(OneTimeTokenService.class).getIfUnique(InMemoryOneTimeTokenService::new);
        return this.oneTimeTokenService;
    }

    private Map<String, String> hiddenInputs(HttpServletRequest httpServletRequest) {
        CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
        return csrfToken != null ? Collections.singletonMap(csrfToken.getParameterName(), csrfToken.getToken()) : Collections.emptyMap();
    }

    @Deprecated
    public ApplicationContext getContext() {
        return this.context;
    }
}
