package org.picketbox.http.filters;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketbox.core.UserContext;
import org.picketbox.core.authorization.AuthorizationManager;
import org.picketbox.core.authorization.ent.impl.SimpleEntitlement;
import org.picketbox.core.authorization.impl.SimpleAuthorizationManager;
import org.picketbox.core.ctx.PicketBoxSecurityContext;
import org.picketbox.core.ctx.SecurityContextPropagation;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.exceptions.ProcessingException;
import org.picketbox.http.HTTPUserContext;
import org.picketbox.http.PicketBoxConstants;
import org.picketbox.http.PicketBoxHTTPManager;
import org.picketbox.http.authentication.HTTPBasicCredential;
import org.picketbox.http.authentication.HTTPClientCertCredential;
import org.picketbox.http.authentication.HTTPDigestCredential;
import org.picketbox.http.authentication.HTTPFormCredential;
import org.picketbox.http.authentication.HttpServletCredential;
import org.picketbox.http.authorization.resource.WebResource;
import org.picketbox.http.config.ConfigurationBuilderProvider;
import org.picketbox.http.config.HTTPConfigurationBuilder;
import org.picketbox.http.config.PicketBoxHTTPConfiguration;
import org.picketbox.http.wrappers.RequestWrapper;
import org.picketbox.http.wrappers.ResponseWrapper;

/* loaded from: input_file:WEB-INF/lib/picketbox-http-5.0.0-2013Jan04.jar:org/picketbox/http/filters/DelegatingSecurityFilter.class */
public class DelegatingSecurityFilter implements Filter {
    private PicketBoxHTTPManager securityManager;
    private Class<? extends HttpServletCredential> credentialType;

    public void init(FilterConfig filterConfig) throws ServletException {
        if (this.securityManager != null) {
            return;
        }
        this.credentialType = getSupporttedCredential(filterConfig.getServletContext());
        this.securityManager = new PicketBoxHTTPManager((PicketBoxHTTPConfiguration) getConfigurationBuilder(filterConfig.getServletContext()).build());
        this.securityManager.start();
        filterConfig.getServletContext().setAttribute(PicketBoxConstants.PICKETBOX_MANAGER, this.securityManager);
    }

    private HTTPConfigurationBuilder getConfigurationBuilder(ServletContext servletContext) {
        String initParameter = servletContext.getInitParameter(PicketBoxConstants.AUTHZ_MGR);
        String initParameter2 = servletContext.getInitParameter(PicketBoxConstants.HTTP_CONFIGURATION_PROVIDER);
        String initParameter3 = servletContext.getInitParameter(PicketBoxConstants.USER_ATTRIBUTE_NAME);
        HTTPConfigurationBuilder builder = initParameter2 != null ? ((ConfigurationBuilderProvider) SecurityActions.instance(getClass(), initParameter2)).getBuilder(servletContext) : new HTTPConfigurationBuilder();
        builder.authorization().manager(getAuthorizationManager(initParameter));
        builder.sessionManager().userAttributeName(initParameter3);
        return builder;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        RequestWrapper requestWrapper = new RequestWrapper((HttpServletRequest) servletRequest, this.securityManager);
        ResponseWrapper responseWrapper = new ResponseWrapper((HttpServletResponse) servletResponse);
        try {
            propagateSecurityContext(requestWrapper);
            logout(requestWrapper, responseWrapper);
            authenticate(requestWrapper, responseWrapper);
            authorize(requestWrapper, responseWrapper);
            if (!servletResponse.isCommitted()) {
                filterChain.doFilter(requestWrapper, responseWrapper);
            }
        } finally {
            clearPropagatedSecurityContext();
        }
    }

    private void clearPropagatedSecurityContext() throws ServletException {
        try {
            SecurityContextPropagation.clear();
        } catch (ProcessingException e) {
            throw new ServletException(e);
        }
    }

    private void propagateSecurityContext(HttpServletRequest httpServletRequest) throws ServletException {
        UserContext userContext = this.securityManager.getUserContext(httpServletRequest);
        if (userContext != null) {
            try {
                SecurityContextPropagation.setContext(new PicketBoxSecurityContext(userContext));
            } catch (ProcessingException e) {
                throw new ServletException(e);
            }
        }
    }

    private void authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletResponse.isCommitted() || this.securityManager.authorize(getAuthenticatedUser(httpServletRequest), createWebResource(httpServletRequest, httpServletResponse)) || httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendError(403);
    }

    private WebResource createWebResource(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WebResource webResource = new WebResource();
        webResource.setContext(httpServletRequest.getServletContext());
        webResource.setRequest(httpServletRequest);
        webResource.setResponse(httpServletResponse);
        return webResource;
    }

    public UserContext getAuthenticatedUser(HttpServletRequest httpServletRequest) {
        return this.securityManager.getUserContext(httpServletRequest);
    }

    private void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        if (this.securityManager.getUserContext(httpServletRequest) == null || !this.securityManager.getUserContext(httpServletRequest).isAuthenticated()) {
            try {
                this.securityManager.authenticate(new HTTPUserContext(httpServletRequest, httpServletResponse, this.credentialType.getConstructor(HttpServletRequest.class, HttpServletResponse.class).newInstance(httpServletRequest, httpServletResponse)));
            } catch (IllegalAccessException e) {
                e.printStackTrace();
            } catch (IllegalArgumentException e2) {
                e2.printStackTrace();
            } catch (InstantiationException e3) {
                e3.printStackTrace();
            } catch (NoSuchMethodException e4) {
                e4.printStackTrace();
            } catch (SecurityException e5) {
                e5.printStackTrace();
            } catch (InvocationTargetException e6) {
                e6.printStackTrace();
            } catch (AuthenticationException e7) {
                throw new ServletException(e7);
            }
        }
    }

    private void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (isLogoutRequest(httpServletRequest)) {
            this.securityManager.logout(getAuthenticatedUser(httpServletRequest));
            try {
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().contains(PicketBoxConstants.LOGOUT_URI);
    }

    public void destroy() {
        if (this.securityManager != null) {
            this.securityManager.stop();
        }
    }

    private Class<? extends HttpServletCredential> getSupporttedCredential(ServletContext servletContext) throws ServletException {
        String initParameter = servletContext.getInitParameter(PicketBoxConstants.AUTHENTICATION_KEY);
        if (initParameter != null) {
            if (initParameter.equalsIgnoreCase(PicketBoxConstants.BASIC)) {
                this.credentialType = HTTPBasicCredential.class;
            } else if (initParameter.equalsIgnoreCase(PicketBoxConstants.DIGEST)) {
                this.credentialType = HTTPDigestCredential.class;
            } else if (initParameter.equalsIgnoreCase(PicketBoxConstants.CLIENT_CERT)) {
                this.credentialType = HTTPClientCertCredential.class;
            }
        }
        if (this.credentialType == null) {
            this.credentialType = HTTPFormCredential.class;
        }
        return this.credentialType;
    }

    private AuthorizationManager getAuthorizationManager(String str) {
        if (str == null) {
            return null;
        }
        if (str.equalsIgnoreCase("drools")) {
            return (AuthorizationManager) SecurityActions.instance(getClass(), "org.picketbox.drools.authorization.PicketBoxDroolsAuthorizationManager");
        }
        if (str.equalsIgnoreCase(SimpleEntitlement.SIMPLE)) {
            return new SimpleAuthorizationManager();
        }
        return null;
    }
}
