package org.picketbox.http.filters;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketbox.core.PicketBoxSubject;
import org.picketbox.core.authentication.AuthenticationManager;
import org.picketbox.core.authentication.manager.DatabaseAuthenticationManager;
import org.picketbox.core.authentication.manager.LDAPAuthenticationManager;
import org.picketbox.core.authentication.manager.PropertiesFileBasedAuthenticationManager;
import org.picketbox.core.authentication.manager.SimpleCredentialAuthenticationManager;
import org.picketbox.core.authorization.AuthorizationManager;
import org.picketbox.core.authorization.impl.SimpleAuthorizationManager;
import org.picketbox.core.ctx.PicketBoxSecurityContext;
import org.picketbox.core.ctx.SecurityContextPropagation;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.exceptions.ProcessingException;
import org.picketbox.http.PicketBoxHTTPManager;
import org.picketbox.http.PicketBoxHTTPMessages;
import org.picketbox.http.authentication.HTTPAuthenticationScheme;
import org.picketbox.http.authentication.HTTPBasicAuthentication;
import org.picketbox.http.authentication.HTTPClientCertAuthentication;
import org.picketbox.http.authentication.HTTPDigestAuthentication;
import org.picketbox.http.authentication.HTTPFormAuthentication;
import org.picketbox.http.authorization.resource.WebResource;
import org.picketbox.http.config.ConfigurationBuilderProvider;
import org.picketbox.http.config.HTTPConfigurationBuilder;
import org.picketbox.http.config.PicketBoxHTTPConfiguration;

/* loaded from: input_file:org/picketbox/http/filters/DelegatingSecurityFilter.class */
public class DelegatingSecurityFilter implements Filter {
    private PicketBoxHTTPManager securityManager;
    private FilterConfig filterConfig;
    private HTTPAuthenticationScheme authenticationScheme;

    public DelegatingSecurityFilter() {
    }

    public DelegatingSecurityFilter(HTTPAuthenticationScheme hTTPAuthenticationScheme, PicketBoxHTTPManager picketBoxHTTPManager) {
        this.securityManager = picketBoxHTTPManager;
        this.authenticationScheme = hTTPAuthenticationScheme;
        this.authenticationScheme.setPicketBoxManager(this.securityManager);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        HTTPConfigurationBuilder hTTPConfigurationBuilder;
        if (this.securityManager != null) {
            return;
        }
        this.filterConfig = filterConfig;
        ServletContext servletContext = this.filterConfig.getServletContext();
        Map<String, Object> hashMap = new HashMap<>();
        hashMap.put("servletContext", servletContext);
        String initParameter = servletContext.getInitParameter("org.picketbox.authentication");
        AuthorizationManager authorizationManager = null;
        AuthenticationManager authenticationManager = null;
        String initParameter2 = servletContext.getInitParameter("org.picketbox.configuration.provider");
        String initParameter3 = servletContext.getInitParameter("org.picketbox.http.session.user.attribute");
        if (initParameter == null || initParameter.isEmpty()) {
            String initParameter4 = this.filterConfig.getInitParameter("authSchemeLoader");
            if (initParameter4 == null) {
                throw PicketBoxHTTPMessages.MESSAGES.missingRequiredInitParameter("authSchemeLoader");
            }
            if (initParameter2 == null) {
                String initParameter5 = this.filterConfig.getInitParameter("org.picketbox.authentication.manager");
                if (initParameter5 != null && !initParameter5.isEmpty()) {
                    authenticationManager = getAuthMgr(initParameter5);
                    hashMap.put("org.picketbox.authentication.manager", authenticationManager);
                }
                String initParameter6 = this.filterConfig.getInitParameter("org.picketbox.authorization.manager");
                if (initParameter6 != null && initParameter6.isEmpty()) {
                    authorizationManager = getAuthzMgr(initParameter6);
                    authorizationManager.start();
                    hashMap.put("org.picketbox.authorization.manager", authorizationManager);
                }
            }
            this.authenticationScheme = (HTTPAuthenticationScheme) SecurityActions.instance(getClass(), initParameter4);
        } else {
            if (initParameter2 == null) {
                String initParameter7 = servletContext.getInitParameter("org.picketbox.authentication.manager");
                String initParameter8 = servletContext.getInitParameter("org.picketbox.authorization.manager");
                if (initParameter8 != null) {
                    authorizationManager = getAuthzMgr(initParameter8);
                    authorizationManager.start();
                    hashMap.put("org.picketbox.authorization.manager", authorizationManager);
                }
                authenticationManager = getAuthMgr(initParameter7);
                hashMap.put("org.picketbox.authentication.manager", authenticationManager);
            }
            this.authenticationScheme = getAuthenticationScheme(initParameter, hashMap);
        }
        if (initParameter2 != null) {
            hTTPConfigurationBuilder = ((ConfigurationBuilderProvider) SecurityActions.instance(getClass(), initParameter2)).getBuilder(servletContext);
        } else {
            hTTPConfigurationBuilder = new HTTPConfigurationBuilder();
            hTTPConfigurationBuilder.authentication().authManager(authenticationManager);
            hTTPConfigurationBuilder.authorization().manager(authorizationManager);
        }
        hTTPConfigurationBuilder.m5sessionManager().userAttributeName(initParameter3);
        this.securityManager = new PicketBoxHTTPManager((PicketBoxHTTPConfiguration) hTTPConfigurationBuilder.build());
        this.securityManager.start();
        this.authenticationScheme.setPicketBoxManager(this.securityManager);
        servletContext.setAttribute("PICKETBOX_MANAGER", this.securityManager);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            propagateSecurityContext(httpServletRequest);
            logout(httpServletRequest, httpServletResponse);
            authenticate(httpServletRequest, httpServletResponse);
            authorize(httpServletRequest, httpServletResponse);
            if (!servletResponse.isCommitted()) {
                filterChain.doFilter(httpServletRequest, servletResponse);
            }
        } finally {
            clearPropagatedSecurityContext();
        }
    }

    private void clearPropagatedSecurityContext() throws ServletException {
        try {
            SecurityContextPropagation.clear();
        } catch (ProcessingException e) {
            throw new ServletException(e);
        }
    }

    private void propagateSecurityContext(HttpServletRequest httpServletRequest) throws ServletException {
        PicketBoxSubject subject = this.securityManager.getSubject(httpServletRequest);
        if (subject != null) {
            try {
                SecurityContextPropagation.setContext(new PicketBoxSecurityContext(subject));
            } catch (ProcessingException e) {
                throw new ServletException(e);
            }
        }
    }

    private void authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletResponse.isCommitted() || this.securityManager.authorize(getAuthenticatedUser(httpServletRequest), createWebResource(httpServletRequest, httpServletResponse)) || httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendError(403);
    }

    private WebResource createWebResource(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WebResource webResource = new WebResource();
        webResource.setContext(httpServletRequest.getServletContext());
        webResource.setRequest(httpServletRequest);
        webResource.setResponse(httpServletResponse);
        return webResource;
    }

    public PicketBoxSubject getAuthenticatedUser(HttpServletRequest httpServletRequest) {
        return this.securityManager.getSubject(httpServletRequest);
    }

    private void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        try {
            this.authenticationScheme.authenticate(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            throw new ServletException(e);
        }
    }

    private void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (isLogoutRequest(httpServletRequest)) {
            this.securityManager.logout(getAuthenticatedUser(httpServletRequest));
            try {
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().contains("/picketbox_logout");
    }

    public void destroy() {
        this.filterConfig = null;
        if (this.securityManager != null) {
            this.securityManager.stop();
        }
    }

    private HTTPAuthenticationScheme getAuthenticationScheme(String str, Map<String, Object> map) throws ServletException {
        return str.equalsIgnoreCase("BASIC") ? new HTTPBasicAuthentication() : str.equalsIgnoreCase("DIGEST") ? new HTTPDigestAuthentication() : str.equalsIgnoreCase("CLIENT_CERT") ? new HTTPClientCertAuthentication() : new HTTPFormAuthentication();
    }

    private AuthenticationManager getAuthMgr(String str) {
        return str.equalsIgnoreCase("Credential") ? new SimpleCredentialAuthenticationManager() : str.equalsIgnoreCase("Properties") ? new PropertiesFileBasedAuthenticationManager() : str.equalsIgnoreCase("Database") ? new DatabaseAuthenticationManager() : str.equalsIgnoreCase("Ldap") ? new LDAPAuthenticationManager() : (str == null || str.isEmpty()) ? new PropertiesFileBasedAuthenticationManager() : (AuthenticationManager) SecurityActions.instance(getClass(), str);
    }

    private AuthorizationManager getAuthzMgr(String str) {
        if (!str.equalsIgnoreCase("Drools") && str.equalsIgnoreCase("Simple")) {
            return new SimpleAuthorizationManager();
        }
        return (AuthorizationManager) SecurityActions.instance(getClass(), "org.picketbox.drools.authorization.PicketBoxDroolsAuthorizationManager");
    }
}
