package org.n52.security.service.authentication.servlet;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationContextUtil;
import org.n52.security.service.authentication.RequestContext;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.AbstractSecurityConfigServletFilter;

/* loaded from: input_file:WEB-INF/lib/52n-security-authn-web-2.2-M2.jar:org/n52/security/service/authentication/servlet/AuthenticationFilter.class */
public class AuthenticationFilter extends AbstractSecurityConfigServletFilter {
    private static final Log LOG = LogFactory.getLog(AuthenticationFilter.class);
    private List<AuthenticationProcessorFactory> m_authProcessorFactories = new ArrayList();
    private String m_authenticationContextSessionAttributeName = null;
    private String m_redirectPage = null;
    private String m_returnUrlParameterName = null;
    private boolean m_forbidAccessMode = false;
    private boolean m_continueAsNotAuthenticatedMode = false;
    private boolean m_redirectToLoginPageMode = true;
    private static final String PROPERTYNAME_PROCESSOR_FACTORIES = "authenticationProcessorFactories";
    private static final String INIT_PARAM_LOGINPAGE = "loginPage";
    private static final String INIT_PARAM_MODE = "mode";
    private static final String INIT_PARAM_RETURNURL_PARAM_NAME = "returnUrlParamterName";

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter
    protected void init(FilterConfig filterConfig, ServiceConfig serviceConfig, SecurityConfig securityConfig) {
        String initParameter = filterConfig.getInitParameter("mode");
        if (initParameter != null) {
            this.m_forbidAccessMode = initParameter.equalsIgnoreCase("forbidAccess");
            this.m_continueAsNotAuthenticatedMode = initParameter.equalsIgnoreCase("continueAsNotAuthenticated");
            this.m_redirectToLoginPageMode = initParameter.equalsIgnoreCase("redirectToLoginPage");
            if (!this.m_forbidAccessMode && !this.m_continueAsNotAuthenticatedMode && !this.m_redirectToLoginPageMode) {
                throw new IllegalStateException("please configure the InitParameter <mode> with a value of ('forbidAccess' | 'continueAsNotAuthenticated' | 'redirectToLoginPage')");
            }
        }
        if (this.m_redirectToLoginPageMode) {
            String str = (String) parameterLookup(filterConfig, serviceConfig, INIT_PARAM_LOGINPAGE);
            this.m_redirectPage = str != null ? str : "/login";
            String str2 = (String) parameterLookup(filterConfig, serviceConfig, INIT_PARAM_RETURNURL_PARAM_NAME);
            this.m_returnUrlParameterName = str2 != null ? str2 : "returnURL";
        }
        if (serviceConfig.getAuthenticationService() == null) {
            throw new IllegalStateException("no authenticationService(LoginModules) configured in security config at service <" + getServiceName() + ">");
        }
        this.m_authProcessorFactories = (List) serviceConfig.getProperties().get(PROPERTYNAME_PROCESSOR_FACTORIES);
        if (this.m_authProcessorFactories == null) {
            throw new IllegalStateException("property <authenticationProcessorFactories> with a list of <" + AuthenticationProcessorFactory.class + "> instances");
        }
        for (AuthenticationProcessorFactory authenticationProcessorFactory : this.m_authProcessorFactories) {
            if (authenticationProcessorFactory instanceof SessionAuthenticationProcessorFactory) {
                this.m_authenticationContextSessionAttributeName = ((SessionAuthenticationProcessorFactory) authenticationProcessorFactory).getAuthenticationContextAttributeName();
            }
        }
    }

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter
    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (AuthenticationContextUtil.getCurrentAuthenticationContext() != null && AuthenticationContextUtil.getCurrentAuthenticationContext().isAuthenticated()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        AuthenticationContext authenticationContext = null;
        RequestContext requestContext = (RequestContext) httpServletRequest.getAttribute(RequestContext.REQUEST_CTX_ATTRIBUTE);
        String str = "";
        try {
            Iterator<AuthenticationProcessorFactory> it2 = this.m_authProcessorFactories.iterator();
            while (it2.hasNext() && (authenticationContext == null || !authenticationContext.isAuthenticated())) {
                authenticationContext = it2.next().getProcessor().authenticate(requestContext, getServiceConfig().getAuthenticationService());
            }
        } catch (Exception e) {
            LOG.warn("authentication failed: " + e, e);
            str = e.getLocalizedMessage();
        }
        if (authenticationContext == null || !authenticationContext.isAuthenticated()) {
            LOG.info("no authentication processor performed a successfull logon");
            if (httpServletResponse.isCommitted()) {
                return;
            }
            storeInSession(httpServletRequest, authenticationContext);
            if (this.m_forbidAccessMode) {
                httpServletResponse.sendError(403, "authentication failed (" + str + ")");
                return;
            }
            if (this.m_continueAsNotAuthenticatedMode) {
                if (authenticationContext == null) {
                    authenticationContext = getServiceConfig().getAuthenticationService().createAuthenticationContext();
                }
            } else if (this.m_redirectToLoginPageMode) {
                try {
                    URL url = !this.m_redirectPage.startsWith("http") ? new URL(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), httpServletRequest.getContextPath() + this.m_redirectPage) : new URL(this.m_redirectPage);
                    String query = getQuery(httpServletRequest);
                    StringBuffer requestURL = httpServletRequest.getRequestURL();
                    if (query != null && query.length() > 0) {
                        requestURL.append("?").append(query);
                    }
                    StringBuffer stringBuffer = new StringBuffer(url.toExternalForm());
                    if (url.getQuery() != null) {
                        stringBuffer.append("&");
                    } else {
                        stringBuffer.append("?");
                    }
                    stringBuffer.append(this.m_returnUrlParameterName);
                    stringBuffer.append("=");
                    stringBuffer.append(URLEncoder.encode(requestURL.toString(), "UTF-8"));
                    httpServletResponse.sendRedirect(new URL(stringBuffer.toString()).toExternalForm());
                    return;
                } catch (MalformedURLException e2) {
                    throw new IllegalStateException("redirect url is wrong configured:" + e2, e2);
                }
            }
        }
        storeInSession(httpServletRequest, authenticationContext);
        try {
            AuthenticationContextUtil.setCurrentAuthenticationContext(authenticationContext);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (authenticationContext != AuthenticationContextUtil.getCurrentAuthenticationContext()) {
                storeInSession(httpServletRequest, AuthenticationContextUtil.getCurrentAuthenticationContext());
            }
        } finally {
            AuthenticationContextUtil.setCurrentAuthenticationContext(null);
        }
    }

    private String getQuery(HttpServletRequest httpServletRequest) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            String contentType = httpServletRequest.getContentType();
            if ("GET".equals(httpServletRequest.getMethod()) || contentType.contains("x-www-form")) {
                Enumeration parameterNames = httpServletRequest.getParameterNames();
                while (parameterNames.hasMoreElements()) {
                    String str = (String) parameterNames.nextElement();
                    String parameter = httpServletRequest.getParameter(str);
                    stringBuffer.append(URLEncoder.encode(str, "UTF-8")).append("=").append(URLEncoder.encode(parameter != null ? parameter : "", "UTF-8")).append("&");
                }
                if (stringBuffer.length() > 0) {
                    stringBuffer.deleteCharAt(stringBuffer.length() - 1);
                }
            }
            return stringBuffer.toString();
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("unkown encoding : " + e, e);
        }
    }

    private void storeInSession(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        if (this.m_authenticationContextSessionAttributeName == null || this.m_authenticationContextSessionAttributeName.length() <= 0) {
            return;
        }
        if (authenticationContext != null) {
            try {
                if (authenticationContext.isAuthenticated()) {
                    httpServletRequest.getSession(true).setAttribute(this.m_authenticationContextSessionAttributeName, authenticationContext);
                }
            } catch (Exception e) {
                LOG.warn("can't update session state: " + e, e);
                return;
            }
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.removeAttribute(this.m_authenticationContextSessionAttributeName);
        }
    }

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter
    public void destroy() {
        super.destroy();
        this.m_authProcessorFactories = null;
        this.m_authenticationContextSessionAttributeName = null;
    }
}
