package com.vaadin.flow.spring.security;

import com.vaadin.copilot.ApplicationInitializer;
import com.vaadin.flow.server.auth.NavigationAccessControl;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/vaadin-spring-24.4.4.jar:com/vaadin/flow/spring/security/VaadinSavedRequestAwareAuthenticationSuccessHandler.class */
public class VaadinSavedRequestAwareAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    private static final String SOURCE_HEADER = "source";
    private static final String RESULT_HEADER = "Result";
    private static final String DEFAULT_URL_HEADER = "Default-url";
    private static final String SAVED_URL_HEADER = "Saved-url";
    private static final String SPRING_CSRF_HEADER = "Spring-CSRF-header";
    private static final String SPRING_CSRF_TOKEN = "Spring-CSRF-token";
    private RequestCache requestCache = new HttpSessionRequestCache();
    private CsrfTokenRepository csrfTokenRepository;

    /* loaded from: input_file:BOOT-INF/lib/vaadin-spring-24.4.4.jar:com/vaadin/flow/spring/security/VaadinSavedRequestAwareAuthenticationSuccessHandler$RedirectStrategy.class */
    public static class RedirectStrategy extends DefaultRedirectStrategy {
        public void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
            if (!VaadinSavedRequestAwareAuthenticationSuccessHandler.isTypescriptLogin(httpServletRequest)) {
                super.sendRedirect(httpServletRequest, httpServletResponse, str);
                return;
            }
            httpServletResponse.setHeader(VaadinSavedRequestAwareAuthenticationSuccessHandler.RESULT_HEADER, ApplicationInitializer.SUCCESS_KEY);
            Object attribute = httpServletRequest.getAttribute(CsrfToken.class.getName());
            if (attribute instanceof CsrfToken) {
                CsrfToken csrfToken = (CsrfToken) attribute;
                httpServletResponse.setHeader(VaadinSavedRequestAwareAuthenticationSuccessHandler.SPRING_CSRF_HEADER, csrfToken.getHeaderName());
                httpServletResponse.setHeader(VaadinSavedRequestAwareAuthenticationSuccessHandler.SPRING_CSRF_TOKEN, csrfToken.getToken());
            }
        }
    }

    public VaadinSavedRequestAwareAuthenticationSuccessHandler() {
        setRedirectStrategy(new RedirectStrategy());
        setTargetUrlParameter(SAVED_URL_HEADER);
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws ServletException, IOException {
        if (isTypescriptLogin(httpServletRequest)) {
            httpServletResponse.setHeader(DEFAULT_URL_HEADER, determineTargetUrl(httpServletRequest, httpServletResponse));
            if (this.csrfTokenRepository != null) {
                this.csrfTokenRepository.saveToken(this.csrfTokenRepository.generateToken(httpServletRequest), httpServletRequest, httpServletResponse);
            }
        }
        SavedRequest request = this.requestCache.getRequest(httpServletRequest, httpServletResponse);
        String storedServerNavigation = getStoredServerNavigation(httpServletRequest);
        if (request != null) {
            String targetUrlParameter = getTargetUrlParameter();
            if (!isAlwaysUseDefaultTargetUrl() && (targetUrlParameter == null || !StringUtils.hasText(httpServletRequest.getParameter(targetUrlParameter)))) {
                clearAuthenticationAttributes(httpServletRequest);
                String redirectUrl = request.getRedirectUrl();
                httpServletResponse.setHeader(SAVED_URL_HEADER, redirectUrl);
                getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, redirectUrl);
                return;
            }
            this.requestCache.removeRequest(httpServletRequest, httpServletResponse);
        } else if (storedServerNavigation != null) {
            httpServletResponse.setHeader(SAVED_URL_HEADER, storedServerNavigation);
        }
        super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!isAlwaysUseDefaultTargetUrl() && getTargetUrlParameter() != null) {
            String header = httpServletResponse.getHeader(getTargetUrlParameter());
            if (StringUtils.hasText(header)) {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace(LogMessage.format("Using url %s from response header %s", header, getTargetUrlParameter()));
                }
                return header;
            }
        }
        return super.determineTargetUrl(httpServletRequest, httpServletResponse);
    }

    private static String getStoredServerNavigation(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        String str = (String) session.getAttribute(NavigationAccessControl.SESSION_STORED_REDIRECT_ABSOLUTE);
        session.removeAttribute(NavigationAccessControl.SESSION_STORED_REDIRECT_ABSOLUTE);
        return str;
    }

    static boolean isTypescriptLogin(HttpServletRequest httpServletRequest) {
        return "typescript".equals(httpServletRequest.getHeader("source"));
    }

    public void setRequestCache(RequestCache requestCache) {
        super.setRequestCache(requestCache);
        this.requestCache = requestCache;
    }

    public void setCsrfTokenRepository(CsrfTokenRepository csrfTokenRepository) {
        this.csrfTokenRepository = csrfTokenRepository;
    }
}
