package org.alfresco.web.app.servlet;

import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Properties;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.httpclient.HttpClientFactory;
import org.alfresco.rest.api.Queries;
import org.alfresco.web.scripts.servlet.X509ServletFilterBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/alfresco/web/app/servlet/AlfrescoX509ServletFilter.class */
public class AlfrescoX509ServletFilter extends X509ServletFilterBase {
    private String sharedSecret;
    private static final String BEAN_GLOBAL_PROPERTIES = "global-properties";
    private static final String PROP_SECURE_COMMS = "solr.secureComms";
    private static final String PROP_SHARED_SECRET = "solr.sharedSecret";
    private static final String PROP_SHARED_SECRET_HEADER = "solr.sharedSecret.header";
    private static Log logger = LogFactory.getLog(AlfrescoX509ServletFilter.class);
    private HttpClientFactory.SecureCommsType secureComms = HttpClientFactory.SecureCommsType.HTTPS;
    private String sharedSecretHeader = "X-Alfresco-Search-Secret";

    /* renamed from: org.alfresco.web.app.servlet.AlfrescoX509ServletFilter$1, reason: invalid class name */
    /* loaded from: input_file:org/alfresco/web/app/servlet/AlfrescoX509ServletFilter$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$alfresco$httpclient$HttpClientFactory$SecureCommsType = new int[HttpClientFactory.SecureCommsType.values().length];

        static {
            try {
                $SwitchMap$org$alfresco$httpclient$HttpClientFactory$SecureCommsType[HttpClientFactory.SecureCommsType.HTTPS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$alfresco$httpclient$HttpClientFactory$SecureCommsType[HttpClientFactory.SecureCommsType.SECRET.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$alfresco$httpclient$HttpClientFactory$SecureCommsType[HttpClientFactory.SecureCommsType.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        Properties properties = (Properties) WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig.getServletContext()).getBean(BEAN_GLOBAL_PROPERTIES);
        String property = properties.getProperty(PROP_SECURE_COMMS);
        if (property != null && !property.isEmpty()) {
            this.secureComms = HttpClientFactory.SecureCommsType.getType(property);
        }
        this.sharedSecret = properties.getProperty(PROP_SHARED_SECRET);
        this.sharedSecretHeader = properties.getProperty(PROP_SHARED_SECRET_HEADER);
        if (this.secureComms == HttpClientFactory.SecureCommsType.SECRET) {
            if (this.sharedSecret == null || this.sharedSecret.length() == 0) {
                logger.fatal("Missing value for solr.sharedSecret configuration property. If solr.secureComms is set to \"secret\", a value for solr.sharedSecret is required. See https://docs.alfresco.com/search-services/latest/install/options/");
                throw new AlfrescoRuntimeException("Missing value for solr.sharedSecret configuration property");
            }
            if (this.sharedSecretHeader == null || this.sharedSecretHeader.length() == 0) {
                throw new AlfrescoRuntimeException("Missing value for sharedSecretHeader");
            }
        }
        if (this.secureComms == HttpClientFactory.SecureCommsType.NONE && !"true".equalsIgnoreCase(filterConfig.getInitParameter("allow-unauthenticated-solr-endpoint"))) {
            throw new AlfrescoRuntimeException("solr.secureComms=none is no longer supported. Please use https or secret");
        }
        super.init(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        switch (AnonymousClass1.$SwitchMap$org$alfresco$httpclient$HttpClientFactory$SecureCommsType[this.secureComms.ordinal()]) {
            case 1:
                super.doFilter(servletRequest, servletResponse, filterChain);
                return;
            case 2:
                if (this.sharedSecret.equals(httpServletRequest.getHeader(this.sharedSecretHeader))) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                } else {
                    httpServletResponse.sendError(403, "Authentication failure");
                    return;
                }
            case Queries.MIN_TERM_LENGTH_NODES /* 3 */:
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            default:
                httpServletResponse.sendError(403, "Authentication failure");
                return;
        }
    }

    protected boolean checkEnforce(ServletContext servletContext) throws IOException {
        return this.secureComms == HttpClientFactory.SecureCommsType.HTTPS;
    }
}
