package org.picketlink.authentication.web;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.helix.alerts.ExpressionParser;
import org.picketlink.Identity;
import org.picketlink.common.util.StringUtil;
import org.picketlink.credential.DefaultLoginCredentials;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/picketlink-api-2.6.0.CR1.jar:org/picketlink/authentication/web/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    public static final String AUTH_TYPE_INIT_PARAM = "authType";
    public static final String UNPROTECTED_METHODS_INIT_PARAM = "unprotectedMethods";
    public static final String FORCE_REAUTHENTICATION_INIT_PARAM = "forceReAuthentication";
    private final Map<AuthType, Class<? extends HTTPAuthenticationScheme>> authenticationSchemes = new HashMap();
    private final Set<String> unprotectedMethods;
    private boolean forceReAuthentication;

    @Inject
    private Instance<Identity> identityInstance;

    @Inject
    private Instance<DefaultLoginCredentials> credentialsInstance;
    private HTTPAuthenticationScheme authenticationScheme;

    /* loaded from: input_file:WEB-INF/lib/picketlink-api-2.6.0.CR1.jar:org/picketlink/authentication/web/AuthenticationFilter$AuthType.class */
    public enum AuthType {
        BASIC,
        DIGEST,
        FORM,
        CLIENT_CERT
    }

    public AuthenticationFilter() {
        this.authenticationSchemes.put(AuthType.DIGEST, DigestAuthenticationScheme.class);
        this.authenticationSchemes.put(AuthType.BASIC, BasicAuthenticationScheme.class);
        this.authenticationSchemes.put(AuthType.FORM, FormAuthenticationScheme.class);
        this.authenticationSchemes.put(AuthType.CLIENT_CERT, ClientCertAuthenticationScheme.class);
        this.unprotectedMethods = new HashSet();
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        initAuthenticationScheme(filterConfig);
        String initParameter = filterConfig.getInitParameter("unprotectedMethods");
        if (initParameter != null) {
            if (initParameter.contains(",")) {
                for (String str : initParameter.split(",")) {
                    this.unprotectedMethods.add(str.trim().toUpperCase());
                }
            } else {
                this.unprotectedMethods.add(initParameter.trim().toUpperCase());
            }
        }
        String initParameter2 = filterConfig.getInitParameter("forceReAuthentication");
        if (StringUtil.isNullOrEmpty(initParameter2)) {
            initParameter2 = "false";
        }
        this.forceReAuthentication = Boolean.valueOf(initParameter2).booleanValue();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!HttpServletRequest.class.isInstance(servletRequest)) {
            throw new ServletException("This filter can only process HttpServletRequest requests.");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Identity identity = getIdentity();
        if (extractCredentials(httpServletRequest).getCredential() != null && this.forceReAuthentication) {
            identity.logout();
            extractCredentials(httpServletRequest);
        }
        if (!isProtected(httpServletRequest) || identity.isLoggedIn()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletRequest.getSession();
        identity.login();
        if (!identity.isLoggedIn()) {
            this.authenticationScheme.challengeClient(httpServletRequest, httpServletResponse);
        } else if (this.authenticationScheme.postAuthentication(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private void initAuthenticationScheme(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("authType");
        if (initParameter == null) {
            throw new IllegalArgumentException("Null authentication type provided.");
        }
        try {
            AuthType valueOf = AuthType.valueOf(initParameter.toUpperCase());
            Class<? extends HTTPAuthenticationScheme> cls = this.authenticationSchemes.get(valueOf);
            if (cls == null) {
                throw new IllegalArgumentException("Authentication type of [" + valueOf + "] does not match a HTTPAuthenticationScheme type.");
            }
            try {
                this.authenticationScheme = cls.getConstructor(FilterConfig.class).newInstance(filterConfig);
            } catch (Exception e) {
                throw new IllegalStateException("Could not create authentication scheme instance [" + cls + "].", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new IllegalArgumentException("Unsupported authentication type. Possible values are: [" + AuthType.values() + ExpressionParser.statFieldDelim, e2);
        }
    }

    private DefaultLoginCredentials extractCredentials(HttpServletRequest httpServletRequest) {
        DefaultLoginCredentials credentials = getCredentials();
        this.authenticationScheme.extractCredential(httpServletRequest, credentials);
        return credentials;
    }

    private DefaultLoginCredentials getCredentials() {
        if (this.credentialsInstance.isUnsatisfied()) {
            throw new IllegalStateException("DefaultLoginCredentials not found - please ensure that the DefaultLoginCredentials component is created on startup.");
        }
        if (this.credentialsInstance.isAmbiguous()) {
            throw new IllegalStateException("DefaultLoginCredentials is ambiguous. Make sure you have a single @RequestScoped instance.");
        }
        try {
            return this.credentialsInstance.get();
        } catch (Exception e) {
            throw new IllegalStateException("Could not retrieve credentials.", e);
        }
    }

    private Identity getIdentity() throws ServletException {
        if (this.identityInstance.isUnsatisfied()) {
            throw new IllegalStateException("Identity not found.");
        }
        if (this.identityInstance.isAmbiguous()) {
            throw new IllegalStateException("Identity is ambiguous.");
        }
        try {
            return this.identityInstance.get();
        } catch (Exception e) {
            throw new IllegalStateException("Could not retrieve Identity.", e);
        }
    }

    private boolean isProtected(HttpServletRequest httpServletRequest) {
        return !this.unprotectedMethods.contains(httpServletRequest.getMethod().toUpperCase());
    }
}
