package org.eclipse.hawkbit.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.security.DmfTenantSecurityToken;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.util.UrlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-http-security-0.4.0.jar:org/eclipse/hawkbit/security/AbstractHttpControllerAuthenticationFilter.class */
public abstract class AbstractHttpControllerAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractHttpControllerAuthenticationFilter.class);
    private static final String TENANT_PLACE_HOLDER = "tenant";
    private static final String CONTROLLER_ID_PLACE_HOLDER = "controllerId";
    private static final String CONTROLLER_REQUEST_ANT_PATTERN = "/{tenant}/controller/v1/{controllerId}/**";
    private static final String CONTROLLER_DL_REQUEST_ANT_PATTERN = "/{tenant}/controller/artifacts/v1/**";
    protected TenantConfigurationManagement tenantConfigurationManagement;
    protected TenantAware tenantAware;
    protected SystemSecurityContext systemSecurityContext;
    private final AntPathMatcher pathExtractor = new AntPathMatcher();
    private PreAuthenticationFilter abstractControllerAuthenticationFilter;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractHttpControllerAuthenticationFilter(TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, SystemSecurityContext systemSecurityContext) {
        this.tenantConfigurationManagement = tenantConfigurationManagement;
        this.tenantAware = tenantAware;
        this.systemSecurityContext = systemSecurityContext;
    }

    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        DmfTenantSecurityToken createTenantSecurityTokenVariables = createTenantSecurityTokenVariables((HttpServletRequest) servletRequest);
        if (createTenantSecurityTokenVariables == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        this.abstractControllerAuthenticationFilter = createControllerAuthenticationFilter();
        if (this.abstractControllerAuthenticationFilter.isEnable(createTenantSecurityTokenVariables) && SecurityContextHolder.getContext().getAuthentication() == null) {
            super.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected abstract PreAuthenticationFilter createControllerAuthenticationFilter();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    public void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(authentication.getAuthorities());
        arrayList.addAll(this.abstractControllerAuthenticationFilter.getSuccessfulAuthenticationAuthorities());
        PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), arrayList);
        preAuthenticatedAuthenticationToken.setDetails(authentication.getDetails());
        super.successfulAuthentication(httpServletRequest, httpServletResponse, preAuthenticatedAuthenticationToken);
    }

    protected DmfTenantSecurityToken createTenantSecurityTokenVariables(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (this.pathExtractor.match(httpServletRequest.getContextPath() + "/{tenant}/controller/v1/{controllerId}/**", requestURI)) {
            LOG.debug("retrieving principal from URI request {}", requestURI);
            Map<String, String> extractUriTemplateVariables = this.pathExtractor.extractUriTemplateVariables(httpServletRequest.getContextPath() + "/{tenant}/controller/v1/{controllerId}/**", requestURI);
            String decodeUriValue = UrlUtils.decodeUriValue(extractUriTemplateVariables.get("controllerId"));
            String decodeUriValue2 = UrlUtils.decodeUriValue(extractUriTemplateVariables.get("tenant"));
            if (LOG.isTraceEnabled()) {
                LOG.trace("Parsed tenant {} and controllerId {} from path request {}", decodeUriValue2, decodeUriValue, requestURI);
            }
            return createTenantSecurityTokenVariables(httpServletRequest, decodeUriValue2, decodeUriValue);
        }
        if (!this.pathExtractor.match(httpServletRequest.getContextPath() + "/{tenant}/controller/artifacts/v1/**", requestURI)) {
            if (!LOG.isTraceEnabled()) {
                return null;
            }
            LOG.trace("request {} does not match the path pattern {}, request gets ignored", requestURI, CONTROLLER_REQUEST_ANT_PATTERN);
            return null;
        }
        LOG.debug("retrieving path variables from URI request {}", requestURI);
        String decodeUriValue3 = UrlUtils.decodeUriValue(this.pathExtractor.extractUriTemplateVariables(httpServletRequest.getContextPath() + "/{tenant}/controller/artifacts/v1/**", requestURI).get("tenant"));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Parsed tenant {} from path request {}", decodeUriValue3, requestURI);
        }
        return createTenantSecurityTokenVariables(httpServletRequest, decodeUriValue3, Elements.ANONYMOUS);
    }

    private DmfTenantSecurityToken createTenantSecurityTokenVariables(HttpServletRequest httpServletRequest, String str, String str2) {
        DmfTenantSecurityToken dmfTenantSecurityToken = new DmfTenantSecurityToken(str, null, str2, null, DmfTenantSecurityToken.FileResource.createFileResourceBySha1(""));
        Collections.list(httpServletRequest.getHeaderNames()).forEach(str3 -> {
            dmfTenantSecurityToken.putHeader(str3, httpServletRequest.getHeader(str3));
        });
        return dmfTenantSecurityToken;
    }

    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        DmfTenantSecurityToken createTenantSecurityTokenVariables = createTenantSecurityTokenVariables(httpServletRequest);
        if (createTenantSecurityTokenVariables == null) {
            return null;
        }
        return this.abstractControllerAuthenticationFilter.getPreAuthenticatedPrincipal(createTenantSecurityTokenVariables);
    }

    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        DmfTenantSecurityToken createTenantSecurityTokenVariables = createTenantSecurityTokenVariables(httpServletRequest);
        if (createTenantSecurityTokenVariables == null) {
            return null;
        }
        return this.abstractControllerAuthenticationFilter.getPreAuthenticatedCredentials(createTenantSecurityTokenVariables);
    }
}
