package io.buji.pac4j;

import io.buji.pac4j.context.session.ShiroSessionStore;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/buji/pac4j/ClientFilter.class */
public class ClientFilter extends AuthenticatingFilter {
    private static Logger log = LoggerFactory.getLogger(ClientFilter.class);
    private String failureUrl;
    private Clients clients;
    private boolean redirectAfterSuccessfulAuthentication = true;

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        J2EContext j2EContext = new J2EContext(WebUtils.toHttp(servletRequest), WebUtils.toHttp(servletResponse), new ShiroSessionStore());
        Client findClient = this.clients.findClient(j2EContext);
        CommonHelper.assertNotNull("client", findClient);
        CommonHelper.assertTrue(findClient instanceof IndirectClient, "only indirect clients are allowed on the callback url");
        log.debug("client : {}", findClient);
        Credentials credentials = findClient.getCredentials(j2EContext);
        log.debug("credentials : {}", credentials);
        return new ClientToken(findClient.getName(), credentials, j2EContext);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        try {
            AuthenticationToken createToken = createToken(servletRequest, servletResponse);
            try {
                Subject subject = getSubject(servletRequest, servletResponse);
                subject.login(createToken);
                return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
            } catch (NoAuthenticationException e) {
                return onLoginSuccess(createToken, null, servletRequest, servletResponse);
            } catch (AuthenticationException e2) {
                return onLoginFailure(createToken, e2, servletRequest, servletResponse);
            }
        } catch (RequiresHttpAction e3) {
            log.debug("requires HTTP action : {}", e3);
            return false;
        }
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return false;
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        log.info("Login success");
        if (false == this.redirectAfterSuccessfulAuthentication) {
            return true;
        }
        issueSuccessRedirect(servletRequest, servletResponse);
        return false;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        log.warn("Login failure", authenticationException);
        if (getSubject(servletRequest, servletResponse).isAuthenticated()) {
            try {
                issueSuccessRedirect(servletRequest, servletResponse);
                return false;
            } catch (Exception e) {
                log.error("Cannot redirect to the default success url", e);
                return false;
            }
        }
        try {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.failureUrl);
            return false;
        } catch (IOException e2) {
            log.error("Cannot redirect to failure url : {}", this.failureUrl, e2);
            return false;
        }
    }

    public String getFailureUrl() {
        return this.failureUrl;
    }

    public void setFailureUrl(String str) {
        this.failureUrl = str;
    }

    public Clients getClients() {
        return this.clients;
    }

    public void setClients(Clients clients) throws TechnicalException {
        this.clients = clients;
        clients.init();
    }

    public boolean getRedirectAfterSuccessfulAuthentication() {
        return this.redirectAfterSuccessfulAuthentication;
    }

    public void setRedirectAfterSuccessfulAuthentication(boolean z) {
        this.redirectAfterSuccessfulAuthentication = z;
    }
}
