package org.dspace.app.rest.security;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.authenticate.ShibAuthentication;
import org.dspace.core.Utils;
import org.dspace.services.ConfigurationService;
import org.dspace.services.factory.DSpaceServicesFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/dspace/app/rest/security/ShibbolethLoginFilter.class */
public class ShibbolethLoginFilter extends StatelessLoginFilter {
    private static final Logger log = LogManager.getLogger(ShibbolethLoginFilter.class);
    private ConfigurationService configurationService;

    public ShibbolethLoginFilter(String str, String str2, AuthenticationManager authenticationManager, RestAuthenticationService restAuthenticationService) {
        super(str, str2, authenticationManager, restAuthenticationService);
        this.configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
    }

    @Override // org.dspace.app.rest.security.StatelessLoginFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (ShibAuthentication.isEnabled()) {
            return this.authenticationManager.authenticate(new DSpaceAuthentication());
        }
        throw new ProviderNotFoundException("Shibboleth is disabled.");
    }

    @Override // org.dspace.app.rest.security.StatelessLoginFilter
    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        DSpaceAuthentication dSpaceAuthentication = (DSpaceAuthentication) authentication;
        log.debug("Shib authentication successful for EPerson {}. Sending back temporary auth cookie", dSpaceAuthentication.getName());
        this.restAuthenticationService.addAuthenticationDataForUser(httpServletRequest, httpServletResponse, dSpaceAuthentication, true);
        redirectAfterSuccess(httpServletRequest, httpServletResponse);
    }

    private void redirectAfterSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("redirectUrl");
        if (StringUtils.isEmpty(parameter)) {
            parameter = this.configurationService.getProperty("dspace.ui.url");
        }
        String hostName = Utils.getHostName(parameter);
        String hostName2 = Utils.getHostName(this.configurationService.getProperty("dspace.server.url"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(hostName2);
        for (String str : this.configurationService.getArrayProperty("rest.cors.allowed-origins")) {
            arrayList.add(Utils.getHostName(str));
        }
        if (StringUtils.equalsAnyIgnoreCase(hostName, (CharSequence[]) arrayList.toArray(new String[0]))) {
            log.debug("Shibboleth redirecting to " + parameter);
            httpServletResponse.sendRedirect(parameter);
        } else {
            log.error("Invalid Shibboleth redirectURL=" + parameter + ". URL doesn't match hostname of server or UI!");
            httpServletResponse.sendError(400, "Invalid redirectURL! Must match server or ui hostname.");
        }
    }
}
