package org.uberfire.security.server;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
import org.uberfire.security.ResourceManager;
import org.uberfire.security.SecurityContext;
import org.uberfire.security.SecurityManager;
import org.uberfire.security.auth.AuthenticationException;
import org.uberfire.security.auth.AuthenticationManager;
import org.uberfire.security.auth.AuthenticationProvider;
import org.uberfire.security.auth.AuthenticationScheme;
import org.uberfire.security.auth.RoleProvider;
import org.uberfire.security.authz.AuthorizationManager;
import org.uberfire.security.authz.ResourceDecisionManager;
import org.uberfire.security.authz.RoleDecisionManager;
import org.uberfire.security.authz.VotingStrategy;
import org.uberfire.security.impl.authz.ConsensusBasedVoter;
import org.uberfire.security.server.auth.CookieStorage;
import org.uberfire.security.server.auth.FormAuthenticationScheme;
import org.uberfire.security.server.auth.HttpSessionStorage;
import org.uberfire.security.server.auth.RememberMeCookieAuthScheme;
import org.uberfire.security.server.cdi.SecurityFactory;

/* loaded from: input_file:WEB-INF/lib/uberfire-security-server-0.2.0.Alpha2.jar:org/uberfire/security/server/UberFireSecurityFilter.class */
public class UberFireSecurityFilter implements Filter {
    private final Logger LOG = LoggerFactory.getLogger(UberFireSecurityFilter.class);
    private SecurityManager securityManager = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        Map<String, String> buildOptions = buildOptions(filterConfig);
        CookieStorage cookieStorage = getCookieStorage(buildOptions);
        RememberMeCookieAuthScheme rememberMeCookieAuthScheme = new RememberMeCookieAuthScheme(cookieStorage);
        AuthenticationScheme authenticationScheme = getAuthenticationScheme(buildOptions);
        AuthenticationManager authenticationManager = getAuthenticationManager(buildOptions);
        AuthenticationProvider authenticationProvider = getAuthenticationProvider(buildOptions);
        ResourceManager resourceManager = getResourceManager(buildOptions);
        AuthorizationManager authorizationManager = getAuthorizationManager(buildOptions);
        VotingStrategy uRLVotingStrategy = getURLVotingStrategy(buildOptions);
        ResourceDecisionManager uRLAccessDecisionManager = getURLAccessDecisionManager(buildOptions);
        this.securityManager = HttpSecurityManagerImpl.newBuilder().addAuthManager(authenticationManager).addAuthScheme(rememberMeCookieAuthScheme).addAuthScheme(authenticationScheme).addAuthProvider(authenticationProvider).addAuthenticatedStorageProvider(new HttpSessionStorage()).addAuthenticatedStorageProvider(cookieStorage).addRoleProvider(getRoleProvider(buildOptions)).addAuthzManager(authorizationManager).addVotingStrategy(uRLVotingStrategy).addAccessDecisionManager(uRLAccessDecisionManager).addResourceManager(resourceManager).addRoleDecisionManager(getRoleDecisionManager(buildOptions)).loadAvailableAuthenticationSources().build(buildOptions);
        this.securityManager.start();
    }

    private Map<String, String> buildOptions(FilterConfig filterConfig) {
        HashMap hashMap = new HashMap();
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            String initParameter = filterConfig.getInitParameter(str);
            if (!initParameter.trim().isEmpty()) {
                hashMap.put(str, initParameter);
            }
        }
        Enumeration initParameterNames2 = filterConfig.getServletContext().getInitParameterNames();
        while (initParameterNames2.hasMoreElements()) {
            String str2 = (String) initParameterNames2.nextElement();
            String initParameter2 = filterConfig.getServletContext().getInitParameter(str2);
            if (!initParameter2.trim().isEmpty()) {
                hashMap.put(str2, initParameter2);
            }
        }
        return hashMap;
    }

    private CookieStorage getCookieStorage(Map<String, String> map) {
        String str = map.get(SecurityConstants.COOKIE_NAME_KEY);
        if (str == null || str.trim().isEmpty()) {
            throw new RuntimeException("Can't find cookie id.");
        }
        return new CookieStorage(str);
    }

    private RoleProvider getRoleProvider(Map<String, String> map) {
        return (RoleProvider) loadConfigClazz(map.get(SecurityConstants.ROLE_PROVIDER_KEY), RoleProvider.class);
    }

    private RoleDecisionManager getRoleDecisionManager(Map<String, String> map) {
        return (RoleDecisionManager) loadConfigClazz(map.get(SecurityConstants.ROLE_DECISION_MANAGER_KEY), RoleDecisionManager.class);
    }

    private ResourceDecisionManager getURLAccessDecisionManager(Map<String, String> map) {
        return (ResourceDecisionManager) loadConfigClazz(map.get(SecurityConstants.URL_ACCESS_DECISION_MANAGER_KEY), ResourceDecisionManager.class);
    }

    private VotingStrategy getURLVotingStrategy(Map<String, String> map) {
        String str = map.get(SecurityConstants.URL_VOTING_MANAGER_KEY);
        return (str == null || str.isEmpty()) ? new ConsensusBasedVoter() : (VotingStrategy) loadConfigClazz(str, VotingStrategy.class);
    }

    private AuthorizationManager getAuthorizationManager(Map<String, String> map) {
        return (AuthorizationManager) loadConfigClazz(map.get(SecurityConstants.AUTHZ_MANAGER_KEY), AuthorizationManager.class);
    }

    private ResourceManager getResourceManager(Map<String, String> map) {
        String str = map.get(SecurityConstants.RESOURCE_MANAGER_KEY);
        return (str == null || str.isEmpty()) ? new URLResourceManager(map.get(SecurityConstants.RESOURCE_MANAGER_CONFIG_KEY)) : (ResourceManager) loadConfigClazz(str, ResourceManager.class);
    }

    private AuthenticationProvider getAuthenticationProvider(Map<String, String> map) {
        return (AuthenticationProvider) loadConfigClazz(map.get(SecurityConstants.AUTH_PROVIDER_KEY), AuthenticationProvider.class);
    }

    private AuthenticationManager getAuthenticationManager(Map<String, String> map) {
        return (AuthenticationManager) loadConfigClazz(map.get(SecurityConstants.AUTH_MANAGER_KEY), AuthenticationManager.class);
    }

    private AuthenticationScheme getAuthenticationScheme(Map<String, String> map) {
        String str = map.get(SecurityConstants.AUTH_SCHEME_KEY);
        if (str == null || str.isEmpty()) {
            return new FormAuthenticationScheme();
        }
        if (str.equalsIgnoreCase(SecurityConstants.FORM)) {
            return new FormAuthenticationScheme();
        }
        return null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        SecurityContext newSecurityContext = this.securityManager.newSecurityContext(httpServletRequest, httpServletResponse);
        try {
            logout(newSecurityContext, httpServletRequest, httpServletResponse);
            authenticate(newSecurityContext, httpServletResponse);
            authorize(newSecurityContext, httpServletResponse);
            if (!servletResponse.isCommitted()) {
                filterChain.doFilter(servletRequest, servletResponse);
            }
        } catch (AuthenticationException e) {
            if (!servletResponse.isCommitted()) {
                throw new ServletException(e);
            }
        }
    }

    private void logout(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!httpServletResponse.isCommitted() && isLogoutRequest(httpServletRequest)) {
            this.securityManager.logout(securityContext);
            try {
                httpServletResponse.sendRedirect(getBaseUrl(httpServletRequest));
            } catch (IOException e) {
                this.LOG.error("Can't redirect. Message: " + e.toString());
            }
        }
    }

    private String getBaseUrl(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getServerPort() == 80 || httpServletRequest.getServerPort() == 443) ? httpServletRequest.getScheme() + SecUtil.PROTOCOL_DELIM + httpServletRequest.getServerName() + httpServletRequest.getContextPath() : httpServletRequest.getScheme() + SecUtil.PROTOCOL_DELIM + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath();
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().contains(SecurityConstants.LOGOUT_URI);
    }

    private void authenticate(SecurityContext securityContext, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        SecurityFactory.setSubject(this.securityManager.authenticate(securityContext));
    }

    private void authorize(SecurityContext securityContext, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletResponse.isCommitted() || this.securityManager.authorize(securityContext) || httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendError(403);
    }

    private <T> T loadConfigClazz(String str, Class<T> cls) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            Class<?> cls2 = Class.forName(str);
            if (cls2.isAssignableFrom(cls)) {
                return cls.cast(cls2.newInstance());
            }
            this.LOG.error("Invalid class type '" + cls.getName() + "'");
            return null;
        } catch (ClassNotFoundException e) {
            this.LOG.error("Class not found '" + str + "'");
            return null;
        } catch (IllegalAccessException e2) {
            this.LOG.error("The following error ocurred. " + e2.getMessage());
            return null;
        } catch (InstantiationException e3) {
            this.LOG.error("Can't instantiate class '" + str + "'");
            return null;
        }
    }

    public void destroy() {
        this.securityManager.dispose();
    }
}
