package org.georchestra.gateway.security;

import java.net.URI;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.DefaultServerRedirectStrategy;
import org.springframework.security.web.server.ServerRedirectStrategy;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/ExtendedRedirectServerAuthenticationFailureHandler.class */
public class ExtendedRedirectServerAuthenticationFailureHandler extends RedirectServerAuthenticationFailureHandler {
    private URI location;
    private static String INVALID_CREDENTIALS = "invalid_credentials";
    private static String EXPIRED_PASSWORD = "expired_password";
    private static String EXPIRED_MESSAGE = "Your password has expired";
    private ServerRedirectStrategy redirectStrategy;

    public ExtendedRedirectServerAuthenticationFailureHandler(String str) {
        super(str);
        this.redirectStrategy = new DefaultServerRedirectStrategy();
        Assert.notNull(str, "location cannot be null");
        this.location = URI.create(str);
    }

    @Override // org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler, org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler
    public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException authenticationException) {
        this.location = URI.create("login?error");
        if (authenticationException instanceof BadCredentialsException) {
            this.location = URI.create("login?error=" + INVALID_CREDENTIALS);
        } else if ((authenticationException instanceof LockedException) && authenticationException.getMessage().equals(EXPIRED_MESSAGE)) {
            this.location = URI.create("login?error=" + EXPIRED_PASSWORD);
        }
        return this.redirectStrategy.sendRedirect(webFilterExchange.getExchange(), this.location);
    }
}
