package org.keycloak.adapters.springsecurity.authentication;

import ch.qos.logback.classic.spi.CallerData;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.springsecurity.facade.SimpleHttpFacade;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/keycloak-spring-security-adapter-14.0.0.jar:org/keycloak/adapters/springsecurity/authentication/KeycloakAuthenticationEntryPoint.class */
public class KeycloakAuthenticationEntryPoint implements AuthenticationEntryPoint {
    public static final String DEFAULT_LOGIN_URI = "/sso/login";
    private static final String DEFAULT_REALM = "Unknown";
    private static final RequestMatcher DEFAULT_API_REQUEST_MATCHER = new HttpHeaderInspectingApiRequestMatcher();
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeycloakAuthenticationEntryPoint.class);
    private final RequestMatcher apiRequestMatcher;
    private String loginUri;
    private String realm;
    private AdapterDeploymentContext adapterDeploymentContext;

    public KeycloakAuthenticationEntryPoint(AdapterDeploymentContext adapterDeploymentContext) {
        this(adapterDeploymentContext, DEFAULT_API_REQUEST_MATCHER);
    }

    public KeycloakAuthenticationEntryPoint(AdapterDeploymentContext adapterDeploymentContext, RequestMatcher requestMatcher) {
        this.loginUri = DEFAULT_LOGIN_URI;
        this.realm = "Unknown";
        Assert.notNull(requestMatcher, "apiRequestMatcher required");
        Assert.notNull(adapterDeploymentContext, "adapterDeploymentContext required");
        this.adapterDeploymentContext = adapterDeploymentContext;
        this.apiRequestMatcher = requestMatcher;
    }

    @Override // org.springframework.security.web.AuthenticationEntryPoint
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SimpleHttpFacade simpleHttpFacade = new SimpleHttpFacade(httpServletRequest, httpServletResponse);
        if (this.apiRequestMatcher.matches(httpServletRequest) || this.adapterDeploymentContext.resolveDeployment(simpleHttpFacade).isBearerOnly()) {
            commenceUnauthorizedResponse(httpServletRequest, httpServletResponse);
        } else {
            commenceLoginRedirect(httpServletRequest, httpServletResponse);
        }
    }

    protected void commenceLoginRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getSession(false) == null && KeycloakCookieBasedRedirect.getRedirectUrlFromCookie(httpServletRequest) == null) {
            httpServletResponse.addCookie(KeycloakCookieBasedRedirect.createCookieFromRedirectUrl(httpServletRequest.getRequestURI()));
        }
        String str = httpServletRequest.getContextPath() + this.loginUri + (StringUtils.isEmpty(httpServletRequest.getQueryString()) ? "" : CallerData.NA + httpServletRequest.getQueryString());
        log.debug("Redirecting to login URI {}", str);
        httpServletResponse.sendRedirect(str);
    }

    protected void commenceUnauthorizedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.addHeader("WWW-Authenticate", String.format("Bearer realm=\"%s\"", this.realm));
        httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
    }

    public void setLoginUri(String str) {
        Assert.notNull(str, "loginUri cannot be null");
        this.loginUri = str;
    }

    public void setRealm(String str) {
        Assert.notNull(str, "realm cannot be null");
        this.realm = str;
    }
}
