package org.springframework.security.web.server.ui;

import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.Assert;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-6.4.4.jar:org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.class */
public class LoginPageGeneratingWebFilter implements WebFilter {
    private boolean formLoginEnabled;
    private String generateOneTimeTokenUrl;
    private static final String LOGIN_PAGE_TEMPLATE = "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n    <title>Please sign in</title>\n    <link href=\"{{contextPath}}/default-ui.css\" rel=\"stylesheet\" />\n  </head>\n  <body>\n    <div class=\"content\">\n{{formLogin}}\n{{oneTimeTokenLogin}}\n{{oauth2Login}}\n    </div>\n  </body>\n</html>";
    private static final String LOGIN_FORM_TEMPLATE = "      <form class=\"login-form\" method=\"post\" action=\"{{loginUrl}}\">\n        <h2>Please sign in</h2>\n{{errorMessage}}{{logoutMessage}}\n        <p>\n          <label for=\"username\" class=\"screenreader\">Username</label>\n          <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n        </p>\n        <p>\n          <label for=\"password\" class=\"screenreader\">Password</label>\n          <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n        </p>\n{{csrf}}\n        <button type=\"submit\" class=\"primary\">Sign in</button>\n      </form>";
    private static final String CSRF_INPUT_TEMPLATE = "<input name=\"{{name}}\" type=\"hidden\" value=\"{{value}}\" />\n";
    private static final String OAUTH2_LOGIN_TEMPLATE = "<h2>Login with OAuth 2.0</h2>\n{{errorMessage}}\n<table class=\"table table-striped\">\n{{oauth2Rows}}\n</table>";
    private static final String OAUTH2_ROW_TEMPLATE = "<tr><td><a href=\"{{url}}\">{{clientName}}</a></td></tr>";
    private static final String ONE_TIME_TEMPLATE = "      <form id=\"ott-form\" class=\"login-form\" method=\"post\" action=\"{{generateOneTimeTokenUrl}}\">\n        <h2>Request a One-Time Token</h2>\n      {{errorMessage}}{{logoutMessage}}\n        <p>\n          <label for=\"ott-username\" class=\"screenreader\">Username</label>\n          <input type=\"text\" id=\"ott-username\" name=\"username\" placeholder=\"Username\" required>\n        </p>\n        {{csrf}}\n        <button class=\"primary\" type=\"submit\" form=\"ott-form\">Send Token</button>\n      </form>\n";
    private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
    private Map<String, String> oauth2AuthenticationUrlToClientName = new HashMap();
    private boolean oneTimeTokenEnabled = false;

    public void setGenerateOneTimeTokenUrl(String str) {
        Assert.isTrue(StringUtils.hasText(str), "generateOneTimeTokenUrl cannot be null or empty");
        this.generateOneTimeTokenUrl = str;
    }

    public void setFormLoginEnabled(boolean z) {
        this.formLoginEnabled = z;
    }

    public void setOneTimeTokenEnabled(boolean z) {
        this.oneTimeTokenEnabled = z;
    }

    public void setOauth2AuthenticationUrlToClientName(Map<String, String> map) {
        Assert.notNull(map, "oauth2AuthenticationUrlToClientName cannot be null");
        this.oauth2AuthenticationUrlToClientName = map;
    }

    @Override // org.springframework.web.server.WebFilter
    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return this.matcher.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            return render(serverWebExchange);
        });
    }

    private Mono<Void> render(ServerWebExchange serverWebExchange) {
        ServerHttpResponse response = serverWebExchange.getResponse();
        response.setStatusCode(HttpStatus.OK);
        response.getHeaders().setContentType(MediaType.TEXT_HTML);
        return response.writeWith(createBuffer(serverWebExchange));
    }

    private Mono<DataBuffer> createBuffer(ServerWebExchange serverWebExchange) {
        return ((Mono) serverWebExchange.getAttributeOrDefault(CsrfToken.class.getName(), Mono.empty())).map(LoginPageGeneratingWebFilter::csrfToken).defaultIfEmpty("").map(str -> {
            return serverWebExchange.getResponse().bufferFactory().wrap(createPage(serverWebExchange, str));
        });
    }

    private byte[] createPage(ServerWebExchange serverWebExchange, String str) {
        MultiValueMap<String, String> queryParams = serverWebExchange.getRequest().getQueryParams();
        String value = serverWebExchange.getRequest().getPath().contextPath().value();
        return HtmlTemplates.fromTemplate(LOGIN_PAGE_TEMPLATE).withRawHtml("contextPath", value).withRawHtml("formLogin", formLogin(queryParams, value, str)).withRawHtml("oneTimeTokenLogin", renderOneTimeTokenLogin(queryParams, value, str)).withRawHtml("oauth2Login", oauth2Login(queryParams, value, this.oauth2AuthenticationUrlToClientName)).render().getBytes(Charset.defaultCharset());
    }

    private String formLogin(MultiValueMap<String, String> multiValueMap, String str, String str2) {
        if (!this.formLoginEnabled) {
            return "";
        }
        return HtmlTemplates.fromTemplate(LOGIN_FORM_TEMPLATE).withValue("loginUrl", str + "/login").withRawHtml("errorMessage", createError(multiValueMap.containsKey(DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME))).withRawHtml("logoutMessage", createLogoutSuccess(multiValueMap.containsKey("logout"))).withRawHtml("csrf", str2).render();
    }

    private String renderOneTimeTokenLogin(MultiValueMap<String, String> multiValueMap, String str, String str2) {
        if (!this.oneTimeTokenEnabled) {
            return "";
        }
        return HtmlTemplates.fromTemplate(ONE_TIME_TEMPLATE).withValue("generateOneTimeTokenUrl", str + this.generateOneTimeTokenUrl).withRawHtml("errorMessage", createError(multiValueMap.containsKey(DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME))).withRawHtml("logoutMessage", createLogoutSuccess(multiValueMap.containsKey("logout"))).withRawHtml("csrf", str2).render();
    }

    private static String oauth2Login(MultiValueMap<String, String> multiValueMap, String str, Map<String, String> map) {
        if (map.isEmpty()) {
            return "";
        }
        boolean containsKey = multiValueMap.containsKey(DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME);
        return HtmlTemplates.fromTemplate(OAUTH2_LOGIN_TEMPLATE).withRawHtml("errorMessage", createError(containsKey)).withRawHtml("oauth2Rows", ((String) map.entrySet().stream().map(entry -> {
            return oauth2LoginLink(str, (String) entry.getKey(), (String) entry.getValue());
        }).collect(Collectors.joining(org.apache.commons.lang3.StringUtils.LF))).indent(2)).render();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String oauth2LoginLink(String str, String str2, String str3) {
        return HtmlTemplates.fromTemplate(OAUTH2_ROW_TEMPLATE).withValue("url", str + str2).withValue("clientName", str3).render();
    }

    private static String csrfToken(CsrfToken csrfToken) {
        return HtmlTemplates.fromTemplate(CSRF_INPUT_TEMPLATE).withValue("name", csrfToken.getParameterName()).withValue("value", csrfToken.getToken()).render();
    }

    private static String createError(boolean z) {
        return z ? "<div class=\"alert alert-danger\" role=\"alert\">Invalid credentials</div>" : "";
    }

    private static String createLogoutSuccess(boolean z) {
        return z ? "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div>" : "";
    }
}
