package org.alfresco.solr.security;

import java.io.IOException;
import java.util.Map;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.solr.security.AuthenticationPlugin;

/* loaded from: input_file:org/alfresco/solr/security/SecretSharedAuthPlugin.class */
public class SecretSharedAuthPlugin extends AuthenticationPlugin {
    private static final String SECURE_COMMS_NONE = "none";

    public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws Exception {
        if (SecretSharedPropertyCollector.isCommsSecretShared()) {
            if (Objects.equals(((HttpServletRequest) servletRequest).getHeader(SecretSharedPropertyCollector.getSecretHeader()), SecretSharedPropertyCollector.getSecret())) {
                filterChain.doFilter(servletRequest, servletResponse);
                return true;
            }
            setErrorResponse(servletResponse, "Authentication failure: \"secret\" method has been selected, use the right request header with the secret word");
            return false;
        }
        if (!SECURE_COMMS_NONE.equals(SecretSharedPropertyCollector.getCommsMethod()) || SecretSharedPropertyCollector.isAllowUnauthenticatedSolrEndpoint()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return true;
        }
        setErrorResponse(servletResponse, "Authentication failure: \"alfresco.secureComms=none\" is no longer supported. Please use \"https\" or \"secret\" instead.");
        return false;
    }

    private void setErrorResponse(ServletResponse servletResponse, String str) throws IOException {
        ((HttpServletResponse) servletResponse).sendError(403, str);
    }

    public void init(Map<String, Object> map) {
    }

    public void close() throws IOException {
    }
}
