package net.coder966.spring.multisecurityrealms.filter;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
import net.coder966.spring.multisecurityrealms.exception.SecurityRealmAuthException;
import net.coder966.spring.multisecurityrealms.model.SecurityRealm;
import net.coder966.spring.multisecurityrealms.model.SecurityRealmAuth;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:net/coder966/spring/multisecurityrealms/filter/SecurityRealmAuthFilter.class */
public class SecurityRealmAuthFilter<T> extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(SecurityRealmAuthFilter.class);
    private final SecurityRealm<T> realm;
    private final String CURRENT_STEP_SESSION_ATTRIBUTE_NAME = "CURRENT_AUTH_STEP";
    private final String NEXT_STEP_RESPONSE_HEADER_NAME = "X-Next-Auth-Step";
    private final String ERROR_CODE_RESPONSE_HEADER_NAME = "X-Auth-Error-Code";

    public SecurityRealmAuthFilter(SecurityRealm<T> securityRealm) {
        this.realm = securityRealm;
    }

    public boolean matchesLogin(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && httpServletRequest.getRequestURI().equals(this.realm.getLoginUrl());
    }

    public boolean matchesLogout(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && httpServletRequest.getRequestURI().equals(this.realm.getLogoutUrl());
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (matchesLogin(httpServletRequest)) {
            log.debug("handling login");
            handleLogin(httpServletRequest, httpServletResponse);
        } else if (!matchesLogout(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            log.debug("handling logout");
            handleLogout(httpServletRequest, httpServletResponse);
        }
    }

    private void handleLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = (String) httpServletRequest.getSession().getAttribute("CURRENT_AUTH_STEP");
        if (str == null) {
            try {
                afterAuthenticate(httpServletRequest, httpServletResponse, this.realm, this.realm.getFirstStepAuthProvider().authenticate(httpServletRequest));
                return;
            } catch (SecurityRealmAuthException e) {
                setAuthErrorCode(httpServletResponse, e.getMessage());
                return;
            }
        }
        try {
            afterAuthenticate(httpServletRequest, httpServletResponse, this.realm, this.realm.getAuthSteps().get(str).authenticate((SecurityRealmAuth) SecurityContextHolder.getContext().getAuthentication(), httpServletRequest));
        } catch (SecurityRealmAuthException e2) {
            setAuthErrorCode(httpServletResponse, e2.getMessage());
        }
    }

    private void handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession().setAttribute("CURRENT_AUTH_STEP", (Object) null);
        SecurityContextHolder.clearContext();
        httpServletResponse.setStatus(200);
    }

    private void afterAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityRealm<?> securityRealm, SecurityRealmAuth<?> securityRealmAuth) {
        if (securityRealmAuth == null) {
            throw new IllegalStateException("MultiRealmAuthProvider should not return null. It should either throw MultiRealmAuthException or return a MultiRealmAuth object.");
        }
        SecurityContextHolder.getContext().setAuthentication(securityRealmAuth);
        if (securityRealmAuth.getNextAuthStep() != null) {
            setNextAuthStep(httpServletRequest, httpServletResponse, securityRealmAuth.getNextAuthStep());
        } else {
            securityRealmAuth.m1getAuthorities().add(new SimpleGrantedAuthority("ROLE_" + securityRealm.getRolePrefix()));
            httpServletRequest.getSession().setAttribute("CURRENT_AUTH_STEP", (Object) null);
        }
    }

    private void setNextAuthStep(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Objects.requireNonNull(str);
        httpServletRequest.getSession().setAttribute("CURRENT_AUTH_STEP", str);
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("X-Next-Auth-Step", str);
    }

    private void setAuthErrorCode(HttpServletResponse httpServletResponse, String str) {
        Objects.requireNonNull(str);
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("X-Auth-Error-Code", str);
    }
}
