package org.jboss.seam.web;

import java.io.IOException;
import java.util.HashMap;
import javax.security.auth.login.LoginException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Synchronized;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.web.Filter;
import org.jboss.seam.contexts.SessionContext;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.NotLoggedInException;
import org.jboss.seam.security.digest.DigestRequest;
import org.jboss.seam.security.digest.DigestUtils;
import org.jboss.seam.security.digest.DigestValidationException;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
import org.jboss.seam.servlet.ServletRequestSessionMap;
import org.jboss.seam.ui.util.HTML;
import org.jboss.seam.util.Base64;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;

@Name("org.jboss.seam.web.authenticationFilter")
@Scope(ScopeType.APPLICATION)
@Filter(within = {"org.jboss.seam.web.exceptionFilter"})
@Install(value = false, precedence = 0)
@BypassInterceptors
/* loaded from: input_file:WEB-INF/lib/jboss-seam-2.1.2.jar:org/jboss/seam/web/AuthenticationFilter.class */
public class AuthenticationFilter extends AbstractFilter {
    private static final String DEFAULT_REALM = "seamApp";
    private static final String AUTH_TYPE_BASIC = "basic";
    private static final String AUTH_TYPE_DIGEST = "digest";

    @Logger
    Log log;
    private String key;
    private String realm = DEFAULT_REALM;
    private int nonceValiditySeconds = 300;
    private String authType = AUTH_TYPE_BASIC;

    /* loaded from: input_file:WEB-INF/lib/jboss-seam-2.1.2.jar:org/jboss/seam/web/AuthenticationFilter$AuthType.class */
    public enum AuthType {
        basic,
        digest
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setAuthType(String str) {
        this.authType = str;
    }

    public String getAuthType() {
        return this.authType;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public int getNonceValiditySeconds() {
        return this.nonceValiditySeconds;
    }

    public void setNonceValiditySeconds(int i) {
        this.nonceValiditySeconds = i;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("This filter can only process HttpServletRequest requests");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletRequest.getSession();
        if (AUTH_TYPE_BASIC.equals(this.authType)) {
            processBasicAuth(httpServletRequest, httpServletResponse, filterChain);
        } else {
            if (!AUTH_TYPE_DIGEST.equals(this.authType)) {
                throw new ServletException("Invalid authentication type");
            }
            processDigestAuth(httpServletRequest, httpServletResponse, filterChain);
        }
    }

    private void processBasicAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        SessionContext sessionContext = new SessionContext(new ServletRequestSessionMap(httpServletRequest));
        Identity identity = (Identity) sessionContext.get(Identity.class);
        if (identity == null) {
            throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
        }
        Credentials credentials = (Credentials) sessionContext.get(Credentials.class);
        boolean z = false;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith("Basic ")) {
            String str = new String(Base64.decode(header.substring(6)));
            String str2 = "";
            String str3 = "";
            int indexOf = str.indexOf(":");
            if (indexOf != -1) {
                str2 = str.substring(0, indexOf);
                str3 = str.substring(indexOf + 1);
            }
            if (!str2.equals(credentials.getUsername()) || !identity.isLoggedIn()) {
                try {
                    credentials.setPassword(str3);
                    authenticate(httpServletRequest, str2);
                } catch (Exception e) {
                    this.log.warn("Error authenticating: " + e.getMessage(), new Object[0]);
                    z = true;
                }
            }
        }
        if (!identity.isLoggedIn() && !credentials.isSet()) {
            z = true;
        }
        if (!z) {
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (NotLoggedInException e2) {
                z = true;
            }
        }
        if (!z || identity.isLoggedIn()) {
            return;
        }
        httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
        httpServletResponse.sendError(401, "Not authorized");
    }

    private void processDigestAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        SessionContext sessionContext = new SessionContext(new ServletRequestSessionMap(httpServletRequest));
        Identity identity = (Identity) sessionContext.get(Identity.class);
        if (identity == null) {
            throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
        }
        Credentials credentials = (Credentials) sessionContext.get(Credentials.class);
        boolean z = false;
        boolean z2 = false;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith("Digest ")) {
            String substring = header.substring(7);
            String[] split = substring.split(",");
            HashMap hashMap = new HashMap();
            for (String str : split) {
                String[] split2 = split(str, HTML.HREF_PARAM_NAME_FROM_VALUE_SEPARATOR);
                hashMap.put(split2[0].trim(), split2[1].replace("\"", "").trim());
            }
            DigestRequest digestRequest = new DigestRequest();
            digestRequest.setHttpMethod(httpServletRequest.getMethod());
            digestRequest.setSystemRealm(this.realm);
            digestRequest.setRealm((String) hashMap.get("realm"));
            digestRequest.setKey(this.key);
            digestRequest.setNonce((String) hashMap.get("nonce"));
            digestRequest.setUri((String) hashMap.get("uri"));
            digestRequest.setClientDigest((String) hashMap.get("response"));
            digestRequest.setQop((String) hashMap.get("qop"));
            digestRequest.setNonceCount((String) hashMap.get("nc"));
            digestRequest.setClientNonce((String) hashMap.get("cnonce"));
            try {
                digestRequest.validate();
                httpServletRequest.getSession().setAttribute(DigestRequest.DIGEST_REQUEST, digestRequest);
                authenticate(httpServletRequest, (String) hashMap.get(STSClientConfig.USERNAME));
            } catch (DigestValidationException e) {
                this.log.warn(String.format("Digest validation failed, header [%s]: %s", substring, e.getMessage()), new Object[0]);
                z = true;
                if (e.isNonceExpired()) {
                    z2 = true;
                }
            } catch (Exception e2) {
                this.log.warn("Error authenticating: " + e2.getMessage(), new Object[0]);
                z = true;
            }
        }
        if (!identity.isLoggedIn() && !credentials.isSet()) {
            z = true;
        }
        if (!z) {
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (NotLoggedInException e3) {
                z = true;
            }
        }
        if (!z || identity.isLoggedIn()) {
            return;
        }
        long currentTimeMillis = System.currentTimeMillis() + (this.nonceValiditySeconds * Synchronized.DEFAULT_TIMEOUT);
        String str2 = "Digest realm=\"" + this.realm + "\", qop=\"auth\", nonce=\"" + Base64.encodeBytes((currentTimeMillis + ":" + DigestUtils.md5Hex(currentTimeMillis + ":" + this.key)).getBytes()) + "\"";
        if (z2) {
            str2 = str2 + ", stale=\"true\"";
        }
        httpServletResponse.addHeader("WWW-Authenticate", str2);
        httpServletResponse.sendError(401);
    }

    private void authenticate(HttpServletRequest httpServletRequest, final String str) throws ServletException, IOException {
        new ContextualHttpServletRequest(httpServletRequest) { // from class: org.jboss.seam.web.AuthenticationFilter.1
            @Override // org.jboss.seam.servlet.ContextualHttpServletRequest
            public void process() throws ServletException, IOException, LoginException {
                Identity instance = Identity.instance();
                instance.getCredentials().setUsername(str);
                instance.authenticate();
            }
        }.run();
    }

    private String[] split(String str, String str2) {
        if (str2.length() != 1) {
            throw new IllegalArgumentException("Delimiter can only be one character in length");
        }
        int indexOf = str.indexOf(str2);
        if (indexOf < 0) {
            return null;
        }
        return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1)};
    }
}
