package com.github.shawven.security.oauth2;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.shawven.security.authorization.ResponseData;
import com.github.shawven.security.authorization.Responses;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/* loaded from: input_file:com/github/shawven/security/oauth2/OAuth2AuthenticationSuccessHandler.class */
public class OAuth2AuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private PasswordEncoder passwordEncoder;
    private ClientDetailsService clientDetailsService;
    private AuthorizationServerTokenServices tokenServices;
    private AdaptedAuthenticationHandler handler;

    public OAuth2AuthenticationSuccessHandler(ClientDetailsService clientDetailsService, PasswordEncoder passwordEncoder, AuthorizationServerTokenServices authorizationServerTokenServices) {
        this.clientDetailsService = clientDetailsService;
        this.passwordEncoder = passwordEncoder;
        this.tokenServices = authorizationServerTokenServices;
    }

    public AuthenticationSuccessHandler adapt(AdaptedAuthenticationHandler adaptedAuthenticationHandler) {
        this.handler = adaptedAuthenticationHandler;
        return this;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        String[] clientInfo = getClientInfo(httpServletRequest);
        String str = clientInfo[0];
        String str2 = clientInfo[1];
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str);
        if (loadClientByClientId == null) {
            output(httpServletResponse, Responses.noSuchClient());
            return;
        }
        if (!authenticateClient(this.passwordEncoder, loadClientByClientId.getClientSecret(), str2)) {
            output(httpServletResponse, Responses.badClientCredentials());
            return;
        }
        try {
            OAuth2AccessToken createAccessToken = this.tokenServices.createAccessToken(new OAuth2Authentication(new TokenRequest(Collections.emptyMap(), str, loadClientByClientId.getScope(), "custom").createOAuth2Request(loadClientByClientId), authentication));
            if (this.handler != null) {
                this.handler.onSuccess(httpServletRequest, httpServletResponse, authentication, createAccessToken);
            }
        } catch (AuthenticationException e) {
            if (this.handler != null) {
                this.handler.onFailure(httpServletRequest, httpServletResponse, e);
            }
        }
    }

    private String[] getClientInfo(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("client_id");
        String parameter2 = httpServletRequest.getParameter("client_secret");
        if (parameter != null && parameter.length() > 0) {
            return new String[]{parameter, parameter2};
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            return new String[2];
        }
        try {
            String str = new String(Base64.getDecoder().decode(header.substring(6).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
            int indexOf = str.indexOf(":");
            return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1)};
        } catch (Exception e) {
            return new String[2];
        }
    }

    private boolean authenticateClient(PasswordEncoder passwordEncoder, String str, String str2) throws BadCredentialsException {
        String str3 = str == null ? "" : str;
        String str4 = str2 == null ? "" : str2;
        if (StringUtils.isBlank(str4) && StringUtils.isBlank(str3)) {
            return true;
        }
        return passwordEncoder.matches(str4, str3);
    }

    private void output(HttpServletResponse httpServletResponse, ResponseData responseData) throws IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json,charset=utf-8");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.getWriter().write(new ObjectMapper().writeValueAsString(responseData));
    }
}
