package org.apache.shindig.auth;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.shindig.auth.AuthenticationHandler;
import org.apache.shindig.common.Nullable;
import org.apache.shindig.common.logging.i18n.MessageKeys;
import org.apache.shindig.common.servlet.InjectedFilter;

/* loaded from: input_file:WEB-INF/lib/shindig-common-2.5.1.jar:org/apache/shindig/auth/AuthenticationServletFilter.class */
public class AuthenticationServletFilter extends InjectedFilter {
    public static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static final String CLASSNAME = AuthenticationServletFilter.class.getName();
    private static final Logger LOG = Logger.getLogger(CLASSNAME, MessageKeys.MESSAGES);
    private String realm = "shindig";
    private List<AuthenticationHandler> handlers;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/shindig-common-2.5.1.jar:org/apache/shindig/auth/AuthenticationServletFilter$StashedBodyRequestwrapper.class */
    public static class StashedBodyRequestwrapper extends HttpServletRequestWrapper {
        final InputStream rawStream;
        ServletInputStream stream;
        BufferedReader reader;

        StashedBodyRequestwrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
            this.rawStream = new ByteArrayInputStream((byte[]) httpServletRequest.getAttribute(AuthenticationHandler.STASHED_BODY));
        }

        public ServletInputStream getInputStream() throws IOException {
            Preconditions.checkState(this.reader == null, "The methods getInputStream() and getReader() are mutually exclusive.");
            if (this.stream == null) {
                this.stream = new ServletInputStream() { // from class: org.apache.shindig.auth.AuthenticationServletFilter.StashedBodyRequestwrapper.1
                    public int read() throws IOException {
                        return StashedBodyRequestwrapper.this.rawStream.read();
                    }
                };
            }
            return this.stream;
        }

        public BufferedReader getReader() throws IOException {
            Preconditions.checkState(this.stream == null, "The methods getInputStream() and getReader() are mutually exclusive.");
            if (this.reader == null) {
                Charset forName = Charset.forName(getCharacterEncoding());
                if (forName == null) {
                    forName = Charsets.UTF_8;
                }
                this.reader = new BufferedReader(new InputStreamReader(this.rawStream, forName));
            }
            return this.reader;
        }
    }

    @Inject(optional = true)
    public void setAuthenticationRealm(@Named("shindig.authentication.realm") String str) {
        this.realm = str;
    }

    @Inject
    public void setAuthenticationHandlers(List<AuthenticationHandler> list) {
        this.handlers = list;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Auth filter can only handle HTTP");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            for (AuthenticationHandler authenticationHandler : this.handlers) {
                String wWWAuthenticateHeader = authenticationHandler.getWWWAuthenticateHeader(getRealm(httpServletRequest));
                SecurityToken securityTokenFromRequest = authenticationHandler.getSecurityTokenFromRequest(httpServletRequest);
                if (securityTokenFromRequest != null) {
                    AuthInfoUtil.setAuthTypeForRequest(httpServletRequest, authenticationHandler.getName());
                    AuthInfoUtil.setSecurityTokenForRequest(httpServletRequest, securityTokenFromRequest);
                    callChain(filterChain, httpServletRequest, httpServletResponse);
                    return;
                }
                setAuthHeader(wWWAuthenticateHeader, httpServletResponse);
            }
            callChain(filterChain, httpServletRequest, httpServletResponse);
        } catch (AuthenticationHandler.InvalidAuthenticationException e) {
            Throwable cause = e.getCause();
            if (LOG.isLoggable(Level.INFO)) {
                LOG.logp(Level.INFO, CLASSNAME, "doFilter", MessageKeys.ERROR_PARSING_SECURE_TOKEN, cause);
            }
            if (e.getAdditionalHeaders() != null) {
                for (Map.Entry<String, String> entry : e.getAdditionalHeaders().entrySet()) {
                    httpServletResponse.addHeader(entry.getKey(), entry.getValue());
                }
            }
            if (e.getRedirect() != null) {
                onRedirect(httpServletRequest, httpServletResponse, e);
            } else {
                setAuthHeader(null, httpServletResponse);
                onError(httpServletRequest, httpServletResponse, e);
            }
        }
    }

    protected String getRealm(HttpServletRequest httpServletRequest) {
        return this.realm;
    }

    protected void onError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationHandler.InvalidAuthenticationException invalidAuthenticationException) throws IOException {
        Throwable cause = invalidAuthenticationException.getCause();
        httpServletResponse.sendError(401, cause == null ? invalidAuthenticationException.getMessage() : invalidAuthenticationException.getMessage() + cause.getMessage());
    }

    protected void onRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationHandler.InvalidAuthenticationException invalidAuthenticationException) throws IOException {
        httpServletResponse.sendRedirect(invalidAuthenticationException.getRedirect());
    }

    private void setAuthHeader(@Nullable String str, HttpServletResponse httpServletResponse) {
        if (str != null) {
            httpServletResponse.addHeader("WWW-Authenticate", str);
        }
    }

    private void callChain(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (httpServletRequest.getAttribute(AuthenticationHandler.STASHED_BODY) != null) {
            filterChain.doFilter(new StashedBodyRequestwrapper(httpServletRequest), httpServletResponse);
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }
}
