package io.spotnext.spring.web.security;

import io.spotnext.core.infrastructure.exception.SerializationException;
import io.spotnext.core.infrastructure.http.DataResponse;
import io.spotnext.core.infrastructure.service.SerializationService;
import io.spotnext.spring.web.dto.UserStatus;
import java.io.IOException;
import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;

/* loaded from: input_file:io/spotnext/spring/web/security/RestAuthenticationHandler.class */
public class RestAuthenticationHandler implements AuthenticationEntryPoint, AuthenticationSuccessHandler, AuthenticationFailureHandler, LogoutSuccessHandler, AccessDeniedHandler {

    @Resource
    protected CsrfTokenRepository csrfTokenRepository;

    @Resource
    protected SerializationService serializationService;

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        UserStatus userStatus = new UserStatus();
        userStatus.setAuthenticated(true);
        userStatus.setSessionId(httpServletRequest.getSession().getId());
        userStatus.setUsername(getUsername(authentication));
        sendResponse(httpServletResponse, HttpStatus.OK, userStatus, (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName()), null);
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        UserStatus userStatus = new UserStatus();
        userStatus.setSessionId(httpServletRequest.getSession().getId());
        sendResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, userStatus, (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName()), authenticationException);
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        onAuthenticationFailure(httpServletRequest, httpServletResponse, new InsufficientAuthenticationException(StringUtils.isNotBlank(accessDeniedException.getMessage()) ? accessDeniedException.getMessage() : "Not authenticated", accessDeniedException));
    }

    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        UserStatus userStatus = new UserStatus();
        userStatus.setRedirectUrl("/");
        userStatus.setSessionId(httpServletRequest.getSession().getId());
        sendResponse(httpServletResponse, HttpStatus.OK, userStatus, this.csrfTokenRepository.generateToken(httpServletRequest), null);
    }

    protected String getUsername(Authentication authentication) {
        String str = "";
        if (authentication.getDetails() instanceof User) {
            str = ((User) authentication.getDetails()).getUsername();
        } else if (authentication.getPrincipal() instanceof String) {
            str = (String) authentication.getPrincipal();
        }
        if (StringUtils.isBlank(str)) {
            str = authentication.getName();
        }
        return str;
    }

    protected void sendResponse(HttpServletResponse httpServletResponse, HttpStatus httpStatus, UserStatus userStatus, CsrfToken csrfToken, AuthenticationException authenticationException) throws IOException {
        httpServletResponse.setHeader(csrfToken.getHeaderName(), csrfToken.getToken());
        httpServletResponse.setStatus(httpStatus.value());
        httpServletResponse.setContentType("application/json");
        DataResponse withPayload = DataResponse.ok().withPayload(userStatus);
        if (authenticationException != null) {
            withPayload.withError("login.error", authenticationException.getMessage());
        }
        try {
            httpServletResponse.getWriter().println(this.serializationService.toJson(withPayload));
            httpServletResponse.getWriter().flush();
        } catch (SerializationException e) {
            throw new IOException("Could not serialize authentication response payload", e);
        }
    }

    protected String getCsrfToken(HttpServletRequest httpServletRequest) {
        return this.csrfTokenRepository.loadToken(httpServletRequest).getToken();
    }
}
