package org.springframework.security.web.authentication;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.PortMapper;
import org.springframework.security.web.PortMapperImpl;
import org.springframework.security.web.PortResolver;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.RedirectUrlBuilder;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.2.3.jar:org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.class */
public class LoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
    private static final Log logger = LogFactory.getLog(LoginUrlAuthenticationEntryPoint.class);
    private String loginFormUrl;
    private PortMapper portMapper = new PortMapperImpl();
    private PortResolver portResolver = new PortResolverImpl();
    private boolean forceHttps = false;
    private boolean useForward = false;
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    public LoginUrlAuthenticationEntryPoint(String str) {
        Assert.notNull(str, "loginFormUrl cannot be null");
        this.loginFormUrl = str;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.isTrue(StringUtils.hasText(this.loginFormUrl) && UrlUtils.isValidRedirectUrl(this.loginFormUrl), "loginFormUrl must be specified and must be a valid redirect URL");
        Assert.isTrue((this.useForward && UrlUtils.isAbsoluteUrl(this.loginFormUrl)) ? false : true, "useForward must be false if using an absolute loginFormURL");
        Assert.notNull(this.portMapper, "portMapper must be specified");
        Assert.notNull(this.portResolver, "portResolver must be specified");
    }

    protected String determineUrlToUseForThisRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        return getLoginFormUrl();
    }

    @Override // org.springframework.security.web.AuthenticationEntryPoint
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        if (!this.useForward) {
            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, buildRedirectUrlToLoginPage(httpServletRequest, httpServletResponse, authenticationException));
            return;
        }
        String str = null;
        if (this.forceHttps && "http".equals(httpServletRequest.getScheme())) {
            str = buildHttpsRedirectUrlForRequest(httpServletRequest);
        }
        if (str != null) {
            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, str);
            return;
        }
        String determineUrlToUseForThisRequest = determineUrlToUseForThisRequest(httpServletRequest, httpServletResponse, authenticationException);
        logger.debug(LogMessage.format("Server side forward to: %s", determineUrlToUseForThisRequest));
        httpServletRequest.getRequestDispatcher(determineUrlToUseForThisRequest).forward(httpServletRequest, httpServletResponse);
    }

    protected String buildRedirectUrlToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        String determineUrlToUseForThisRequest = determineUrlToUseForThisRequest(httpServletRequest, httpServletResponse, authenticationException);
        if (UrlUtils.isAbsoluteUrl(determineUrlToUseForThisRequest)) {
            return determineUrlToUseForThisRequest;
        }
        int serverPort = this.portResolver.getServerPort(httpServletRequest);
        String scheme = httpServletRequest.getScheme();
        RedirectUrlBuilder redirectUrlBuilder = new RedirectUrlBuilder();
        redirectUrlBuilder.setScheme(scheme);
        redirectUrlBuilder.setServerName(httpServletRequest.getServerName());
        redirectUrlBuilder.setPort(serverPort);
        redirectUrlBuilder.setContextPath(httpServletRequest.getContextPath());
        redirectUrlBuilder.setPathInfo(determineUrlToUseForThisRequest);
        if (this.forceHttps && "http".equals(scheme)) {
            Integer lookupHttpsPort = this.portMapper.lookupHttpsPort(Integer.valueOf(serverPort));
            if (lookupHttpsPort != null) {
                redirectUrlBuilder.setScheme("https");
                redirectUrlBuilder.setPort(lookupHttpsPort.intValue());
            } else {
                logger.warn(LogMessage.format("Unable to redirect to HTTPS as no port mapping found for HTTP port %s", Integer.valueOf(serverPort)));
            }
        }
        return redirectUrlBuilder.getUrl();
    }

    protected String buildHttpsRedirectUrlForRequest(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        int serverPort = this.portResolver.getServerPort(httpServletRequest);
        Integer lookupHttpsPort = this.portMapper.lookupHttpsPort(Integer.valueOf(serverPort));
        if (lookupHttpsPort == null) {
            logger.warn(LogMessage.format("Unable to redirect to HTTPS as no port mapping found for HTTP port %s", Integer.valueOf(serverPort)));
            return null;
        }
        RedirectUrlBuilder redirectUrlBuilder = new RedirectUrlBuilder();
        redirectUrlBuilder.setScheme("https");
        redirectUrlBuilder.setServerName(httpServletRequest.getServerName());
        redirectUrlBuilder.setPort(lookupHttpsPort.intValue());
        redirectUrlBuilder.setContextPath(httpServletRequest.getContextPath());
        redirectUrlBuilder.setServletPath(httpServletRequest.getServletPath());
        redirectUrlBuilder.setPathInfo(httpServletRequest.getPathInfo());
        redirectUrlBuilder.setQuery(httpServletRequest.getQueryString());
        return redirectUrlBuilder.getUrl();
    }

    public void setForceHttps(boolean z) {
        this.forceHttps = z;
    }

    protected boolean isForceHttps() {
        return this.forceHttps;
    }

    public String getLoginFormUrl() {
        return this.loginFormUrl;
    }

    public void setPortMapper(PortMapper portMapper) {
        Assert.notNull(portMapper, "portMapper cannot be null");
        this.portMapper = portMapper;
    }

    protected PortMapper getPortMapper() {
        return this.portMapper;
    }

    public void setPortResolver(PortResolver portResolver) {
        Assert.notNull(portResolver, "portResolver cannot be null");
        this.portResolver = portResolver;
    }

    protected PortResolver getPortResolver() {
        return this.portResolver;
    }

    public void setUseForward(boolean z) {
        this.useForward = z;
    }

    protected boolean isUseForward() {
        return this.useForward;
    }
}
