package org.uberfire.ext.security.server;

import com.google.common.base.Charsets;
import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.jboss.errai.codegen.shade.org.eclipse.jdt.internal.core.JavadocConstants;
import org.jboss.errai.security.shared.exception.FailedAuthenticationException;
import org.jboss.errai.security.shared.service.AuthenticationService;
import org.kie.internal.query.QueryParameterIdentifiers;

/* loaded from: input_file:WEB-INF/lib/uberfire-servlet-security-7.43.0.Final.jar:org/uberfire/ext/security/server/BasicAuthSecurityFilter.class */
public class BasicAuthSecurityFilter implements Filter {
    public static final String REALM_NAME_PARAM = "realmName";
    public static final String INVALIDATE_PARAM = "invalidate";
    public static final String EXCEPTION_PATHS = "excludedPaths";

    @Inject
    AuthenticationService authenticationService;
    private String realmName = "UberFire Security Extension Default Realm";
    private Boolean invalidate = true;
    private Set<String> excludedPaths = new HashSet();

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(REALM_NAME_PARAM);
        if (initParameter != null) {
            this.realmName = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter(INVALIDATE_PARAM);
        if (initParameter2 != null) {
            this.invalidate = Boolean.valueOf(initParameter2);
        }
        String initParameter3 = filterConfig.getInitParameter(EXCEPTION_PATHS);
        if (initParameter3 != null) {
            this.excludedPaths = (Set) Arrays.stream(initParameter3.split(",")).filter(str -> {
                return !StringUtils.isBlank(str);
            }).collect(Collectors.toSet());
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session;
        HttpSession session2;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isExceptionPath(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session3 = httpServletRequest.getSession(false);
        try {
            if (this.authenticationService.getUser() != null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else if (authenticate(httpServletRequest)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                if (httpServletResponse.isCommitted()) {
                    this.authenticationService.logout();
                }
            } else {
                challengeClient(httpServletRequest, httpServletResponse);
            }
            if (session3 == null && this.invalidate.booleanValue() && (session2 = httpServletRequest.getSession(false)) != null) {
                session2.invalidate();
            }
        } catch (Throwable th) {
            if (session3 == null && this.invalidate.booleanValue() && (session = httpServletRequest.getSession(false)) != null) {
                session.invalidate();
            }
            throw th;
        }
    }

    private boolean isExceptionPath(HttpServletRequest httpServletRequest) {
        String str;
        String requestURI = httpServletRequest.getRequestURI();
        while (true) {
            str = requestURI;
            if (str == null || !str.endsWith("/")) {
                break;
            }
            requestURI = str.substring(0, str.length() - 1);
        }
        if (str != null && str.startsWith(httpServletRequest.getContextPath())) {
            str = str.replaceFirst(httpServletRequest.getContextPath(), "");
        }
        return this.excludedPaths.contains(str);
    }

    public void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + JavadocConstants.ANCHOR_PREFIX_END);
        if (isAjaxRequest(httpServletRequest)) {
            httpServletResponse.sendError(403);
        } else {
            httpServletResponse.sendError(401);
        }
    }

    private boolean authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return false;
        }
        String[] split = new String(Base64.decodeBase64(header.substring(header.indexOf(32))), Charsets.UTF_8).split(QueryParameterIdentifiers.VAR_VAL_SEPARATOR, -1);
        try {
            this.authenticationService.login(split[0], split[1]);
            return true;
        } catch (FailedAuthenticationException e) {
            return false;
        }
    }

    private boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(HttpHeaders.X_REQUESTED_WITH) != null && "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader(HttpHeaders.X_REQUESTED_WITH));
    }
}
