package org.acegisecurity.ui.switchuser;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.AcegiMessageSource;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationCredentialsNotFoundException;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.CredentialsExpiredException;
import org.acegisecurity.DisabledException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.LockedException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.AuthenticationSwitchUserEvent;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert;

/* loaded from: input_file:org/acegisecurity/ui/switchuser/SwitchUserProcessingFilter.class */
public class SwitchUserProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
    private static final Log logger;
    public static final String ACEGI_SECURITY_SWITCH_USERNAME_KEY = "j_username";
    public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
    private ApplicationEventPublisher eventPublisher;
    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
    protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor();
    private String exitUserUrl = "/j_acegi_exit_user";
    private String switchUserUrl = "/j_acegi_switch_user";
    private String targetUrl;
    private SwitchUserAuthorityChanger switchUserAuthorityChanger;
    private UserDetailsService userDetailsService;
    static Class class$org$acegisecurity$ui$switchuser$SwitchUserProcessingFilter;
    static Class class$javax$servlet$http$HttpServletRequest;
    static Class class$javax$servlet$http$HttpServletResponse;

    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.switchUserUrl, "switchUserUrl must be specified");
        Assert.hasLength(this.exitUserUrl, "exitUserUrl must be specified");
        Assert.hasLength(this.targetUrl, "targetUrl must be specified");
        Assert.notNull(this.userDetailsService, "authenticationDao must be specified");
        Assert.notNull(this.messages, "A message source must be set");
    }

    protected Authentication attemptExitUser(HttpServletRequest httpServletRequest) throws AuthenticationCredentialsNotFoundException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (null == authentication) {
            throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserProcessingFilter.noCurrentUser", "No current user associated with this request"));
        }
        Authentication sourceAuthentication = getSourceAuthentication(authentication);
        if (sourceAuthentication == null) {
            logger.error("Could not find original user Authentication object!");
            throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserProcessingFilter.noOriginalAuthentication", "Could not find original Authentication object"));
        }
        UserDetails userDetails = null;
        Object principal = sourceAuthentication.getPrincipal();
        if (principal != null && (principal instanceof UserDetails)) {
            userDetails = (UserDetails) principal;
        }
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(authentication, userDetails));
        }
        return sourceAuthentication;
    }

    protected Authentication attemptSwitchUser(HttpServletRequest httpServletRequest) throws AuthenticationException {
        String parameter = httpServletRequest.getParameter("j_username");
        if (parameter == null) {
            parameter = "";
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Attempt to switch to user [").append(parameter).append("]").toString());
        }
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(parameter);
        if (loadUserByUsername == null) {
            throw new UsernameNotFoundException(this.messages.getMessage("SwitchUserProcessingFilter.usernameNotFound", new Object[]{parameter}, "Username {0} not found"));
        }
        if (!loadUserByUsername.isAccountNonLocked()) {
            throw new LockedException(this.messages.getMessage("SwitchUserProcessingFilter.locked", "User account is locked"));
        }
        if (!loadUserByUsername.isEnabled()) {
            throw new DisabledException(this.messages.getMessage("SwitchUserProcessingFilter.disabled", "User is disabled"));
        }
        if (!loadUserByUsername.isAccountNonExpired()) {
            throw new AccountExpiredException(this.messages.getMessage("SwitchUserProcessingFilter.expired", "User account has expired"));
        }
        if (!loadUserByUsername.isCredentialsNonExpired()) {
            throw new CredentialsExpiredException(this.messages.getMessage("SwitchUserProcessingFilter.credentialsExpired", "User credentials have expired"));
        }
        UsernamePasswordAuthenticationToken createSwitchUserToken = createSwitchUserToken(httpServletRequest, parameter, loadUserByUsername);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Switch User Token [").append(createSwitchUserToken).append("]").toString());
        }
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(SecurityContextHolder.getContext().getAuthentication(), loadUserByUsername));
        }
        return createSwitchUserToken;
    }

    private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest httpServletRequest, String str, UserDetails userDetails) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SwitchUserGrantedAuthority switchUserGrantedAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, authentication);
        List asList = Arrays.asList(userDetails.getAuthorities());
        if (this.switchUserAuthorityChanger != null) {
            this.switchUserAuthorityChanger.modifyGrantedAuthorities(userDetails, authentication, asList);
        }
        ArrayList arrayList = new ArrayList(asList);
        arrayList.add(switchUserGrantedAuthority);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[0]));
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return usernamePasswordAuthenticationToken;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Class cls;
        Class cls2;
        if (class$javax$servlet$http$HttpServletRequest == null) {
            cls = class$("javax.servlet.http.HttpServletRequest");
            class$javax$servlet$http$HttpServletRequest = cls;
        } else {
            cls = class$javax$servlet$http$HttpServletRequest;
        }
        Assert.isInstanceOf(cls, servletRequest);
        if (class$javax$servlet$http$HttpServletResponse == null) {
            cls2 = class$("javax.servlet.http.HttpServletResponse");
            class$javax$servlet$http$HttpServletResponse = cls2;
        } else {
            cls2 = class$javax$servlet$http$HttpServletResponse;
        }
        Assert.isInstanceOf(cls2, servletResponse);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (requiresSwitchUser(httpServletRequest)) {
            SecurityContextHolder.getContext().setAuthentication(attemptSwitchUser(httpServletRequest));
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.targetUrl).toString()));
        } else {
            if (!requiresExitUser(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            SecurityContextHolder.getContext().setAuthentication(attemptExitUser(httpServletRequest));
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.targetUrl).toString()));
        }
    }

    private Authentication getSourceAuthentication(Authentication authentication) {
        Authentication authentication2 = null;
        GrantedAuthority[] authorities = authentication.getAuthorities();
        for (int i = 0; i < authorities.length; i++) {
            if (authorities[i] instanceof SwitchUserGrantedAuthority) {
                authentication2 = ((SwitchUserGrantedAuthority) authorities[i]).getSource();
                logger.debug(new StringBuffer().append("Found original switch user granted authority [").append(authentication2).append("]").toString());
            }
        }
        return authentication2;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    protected boolean requiresExitUser(HttpServletRequest httpServletRequest) {
        return stripUri(httpServletRequest).endsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.exitUserUrl).toString());
    }

    protected boolean requiresSwitchUser(HttpServletRequest httpServletRequest) {
        return stripUri(httpServletRequest).endsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.switchUserUrl).toString());
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) throws BeansException {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setExitUserUrl(String str) {
        this.exitUserUrl = str;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setSwitchUserUrl(String str) {
        this.switchUserUrl = str;
    }

    public void setTargetUrl(String str) {
        this.targetUrl = str;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    private static String stripUri(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        return requestURI;
    }

    public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) {
        this.switchUserAuthorityChanger = switchUserAuthorityChanger;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$ui$switchuser$SwitchUserProcessingFilter == null) {
            cls = class$("org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter");
            class$org$acegisecurity$ui$switchuser$SwitchUserProcessingFilter = cls;
        } else {
            cls = class$org$acegisecurity$ui$switchuser$SwitchUserProcessingFilter;
        }
        logger = LogFactory.getLog(cls);
    }
}
