package org.thingsboard.server.service.security.auth.oauth2;

import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.OAuth2ClientId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.oauth2.OAuth2Client;
import org.thingsboard.server.common.data.security.model.JwtPair;
import org.thingsboard.server.dao.oauth2.OAuth2ClientService;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.system.SystemSecurityService;

@TbCoreComponent
@Component("oauth2AuthenticationSuccessHandler")
/* loaded from: input_file:org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.class */
public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    private static final Logger log = LoggerFactory.getLogger(Oauth2AuthenticationSuccessHandler.class);
    private final JwtTokenFactory tokenFactory;
    private final OAuth2ClientMapperProvider oauth2ClientMapperProvider;
    private final OAuth2ClientService oAuth2ClientService;
    private final OAuth2AuthorizedClientService oAuth2AuthorizedClientService;
    private final HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
    private final SystemSecurityService systemSecurityService;

    @Autowired
    public Oauth2AuthenticationSuccessHandler(JwtTokenFactory jwtTokenFactory, OAuth2ClientMapperProvider oAuth2ClientMapperProvider, OAuth2ClientService oAuth2ClientService, OAuth2AuthorizedClientService oAuth2AuthorizedClientService, HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository, SystemSecurityService systemSecurityService) {
        this.tokenFactory = jwtTokenFactory;
        this.oauth2ClientMapperProvider = oAuth2ClientMapperProvider;
        this.oAuth2ClientService = oAuth2ClientService;
        this.oAuth2AuthorizedClientService = oAuth2AuthorizedClientService;
        this.httpCookieOAuth2AuthorizationRequestRepository = httpCookieOAuth2AuthorizationRequestRepository;
        this.systemSecurityService = systemSecurityService;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        String baseUrl;
        String str = (String) this.httpCookieOAuth2AuthorizationRequestRepository.loadAuthorizationRequest(httpServletRequest).getAttribute(TbOAuth2ParameterNames.CALLBACK_URL_SCHEME);
        if (StringUtils.isEmpty(str)) {
            baseUrl = this.systemSecurityService.getBaseUrl(TenantId.SYS_TENANT_ID, new CustomerId(EntityId.NULL_UUID), httpServletRequest);
            Optional<Cookie> cookie = CookieUtils.getCookie(httpServletRequest, HttpCookieOAuth2AuthorizationRequestRepository.PREV_URI_COOKIE_NAME);
            if (cookie.isPresent()) {
                baseUrl = baseUrl + cookie.get().getValue();
                CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, HttpCookieOAuth2AuthorizationRequestRepository.PREV_URI_COOKIE_NAME);
            }
        } else {
            baseUrl = str + ":";
        }
        try {
            OAuth2AuthenticationToken oAuth2AuthenticationToken = (OAuth2AuthenticationToken) authentication;
            OAuth2Client findOAuth2ClientById = this.oAuth2ClientService.findOAuth2ClientById(TenantId.SYS_TENANT_ID, new OAuth2ClientId(UUID.fromString(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId())));
            SecurityUser orCreateUserByClientPrincipal = this.oauth2ClientMapperProvider.getOAuth2ClientMapperByType(findOAuth2ClientById.getMapperConfig().getType()).getOrCreateUserByClientPrincipal(httpServletRequest, oAuth2AuthenticationToken, this.oAuth2AuthorizedClientService.loadAuthorizedClient(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oAuth2AuthenticationToken.getPrincipal().getName()).getAccessToken().getTokenValue(), findOAuth2ClientById);
            clearAuthenticationAttributes(httpServletRequest, httpServletResponse);
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, getRedirectUrl(baseUrl, this.tokenFactory.createTokenPair(orCreateUserByClientPrincipal)));
            this.systemSecurityService.logLoginAction(orCreateUserByClientPrincipal, new RestAuthenticationDetails(httpServletRequest), ActionType.LOGIN, findOAuth2ClientById.getName(), null);
        } catch (Exception e) {
            log.debug("Error occurred during processing authentication success result. request [{}], response [{}], authentication [{}]", new Object[]{httpServletRequest, httpServletResponse, authentication, e});
            clearAuthenticationAttributes(httpServletRequest, httpServletResponse);
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, baseUrl + (!StringUtils.isEmpty(str) ? "/?error=" : "/login?loginError=") + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.toString()));
        }
    }

    protected void clearAuthenticationAttributes(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super.clearAuthenticationAttributes(httpServletRequest);
        this.httpCookieOAuth2AuthorizationRequestRepository.removeAuthorizationRequestCookies(httpServletRequest, httpServletResponse);
    }

    String getRedirectUrl(String str, JwtPair jwtPair) {
        return (str.indexOf("?") > 0 ? str + "&" : str + "/?") + "accessToken=" + jwtPair.getToken() + "&refreshToken=" + jwtPair.getRefreshToken();
    }
}
