package io.micronaut.security.session;

import io.micronaut.context.annotation.Replaces;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpResponse;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.MediaType;
import io.micronaut.http.MutableHttpResponse;
import io.micronaut.security.authentication.AuthorizationException;
import io.micronaut.security.authentication.DefaultAuthorizationExceptionHandler;
import java.net.URI;
import java.net.URISyntaxException;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Replaces(DefaultAuthorizationExceptionHandler.class)
/* loaded from: input_file:io/micronaut/security/session/SessionAuthorizationExceptionHandler.class */
public class SessionAuthorizationExceptionHandler extends DefaultAuthorizationExceptionHandler {
    private static final Logger LOG = LoggerFactory.getLogger(SessionAuthorizationExceptionHandler.class);
    private final SecuritySessionConfiguration configuration;

    public SessionAuthorizationExceptionHandler(SecuritySessionConfiguration securitySessionConfiguration) {
        this.configuration = securitySessionConfiguration;
    }

    public MutableHttpResponse<?> handle(HttpRequest httpRequest, AuthorizationException authorizationException) {
        if (!shouldHandleRequest(httpRequest)) {
            return super.handle(httpRequest, authorizationException);
        }
        try {
            URI uri = new URI(getRedirectUri(httpRequest, authorizationException));
            return !httpRequest.getUri().equals(uri) ? httpResponseWithUri(uri) : super.handle(httpRequest, authorizationException);
        } catch (URISyntaxException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Rejection redirect URL is invalid", e);
            }
            return HttpResponse.serverError();
        }
    }

    protected boolean shouldHandleRequest(HttpRequest<?> httpRequest) {
        return this.configuration.isRedirectOnRejection() && httpRequest.getHeaders().accept().stream().anyMatch(mediaType -> {
            return mediaType.equals(MediaType.TEXT_HTML_TYPE);
        });
    }

    protected String getRedirectUri(HttpRequest<?> httpRequest, AuthorizationException authorizationException) {
        String forbiddenTargetUrl = authorizationException.isForbidden() ? this.configuration.getForbiddenTargetUrl() : this.configuration.getUnauthorizedTargetUrl();
        if (LOG.isDebugEnabled()) {
            LOG.debug("redirect uri: {}", forbiddenTargetUrl);
        }
        return forbiddenTargetUrl;
    }

    protected MutableHttpResponse<?> httpResponseWithUri(URI uri) {
        return HttpResponse.status(HttpStatus.SEE_OTHER).headers(mutableHttpHeaders -> {
            mutableHttpHeaders.location(uri);
        });
    }
}
