package org.alfresco.repo.webdav.auth;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CodingErrorAction;
import java.util.HashSet;
import java.util.LinkedHashSet;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.Authorization;
import org.alfresco.repo.web.auth.BasicAuthCredentials;
import org.alfresco.repo.web.auth.TicketCredentials;
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
import org.alfresco.rest.framework.tools.ResponseWriter;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/webdav/auth/AuthenticationFilter.class */
public class AuthenticationFilter extends BaseAuthenticationFilter implements DependencyInjectedFilter {
    private static Log logger = LogFactory.getLog(AuthenticationFilter.class);
    private static final String PPT_EXTN = ".ppt";
    private static final String[] ENCODINGS;

    @Override // org.alfresco.repo.web.filter.beans.DependencyInjectedFilter
    public void doFilter(ServletContext servletContext, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            doFilterInternal(servletContext, servletRequest, servletResponse, filterChain);
            if (logger.isTraceEnabled()) {
                logger.debug("About to clear the security context");
            }
            AuthenticationUtil.clearCurrentSecurityContext();
        } catch (Throwable th) {
            if (logger.isTraceEnabled()) {
                logger.debug("About to clear the security context");
            }
            AuthenticationUtil.clearCurrentSecurityContext();
            throw th;
        }
    }

    protected void doFilterInternal(ServletContext servletContext, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String charBuffer;
        String str;
        String str2;
        if (logger.isTraceEnabled()) {
            logger.trace("Entering AuthenticationFilter.");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        SessionUser sessionUser = getSessionUser(servletContext, httpServletRequest, httpServletResponse, false);
        if (sessionUser == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("There is no user in the session.");
            }
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null && header.length() > 5 && header.substring(0, 5).equalsIgnoreCase("BASIC")) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Basic authentication details present in the header.");
                }
                byte[] decodeBase64 = Base64.decodeBase64(header.substring(5).getBytes());
                HashSet hashSet = new HashSet(ENCODINGS.length * 2);
                for (String str3 : ENCODINGS) {
                    CharsetDecoder onMalformedInput = Charset.forName(str3).newDecoder().onMalformedInput(CodingErrorAction.REPORT);
                    try {
                        charBuffer = onMalformedInput.decode(ByteBuffer.wrap(decodeBase64)).toString();
                    } catch (AuthenticationException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Authentication error ", e);
                        }
                    } catch (CharacterCodingException e2) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Didn't decode using " + onMalformedInput.getClass().getName(), e2);
                        }
                    } catch (NoSuchPersonException e3) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("There is no such person error ", e3);
                        }
                    }
                    if (hashSet.add(charBuffer)) {
                        int indexOf = charBuffer.indexOf(":");
                        if (indexOf != -1) {
                            str = charBuffer.substring(0, indexOf);
                            str2 = charBuffer.substring(indexOf + 1);
                        } else {
                            str = charBuffer;
                            str2 = "";
                        }
                        Authorization authorization = new Authorization(str, str2);
                        if (authorization.isTicket()) {
                            this.authenticationService.validate(authorization.getTicket());
                        } else {
                            this.authenticationService.authenticate(str, str2.toCharArray());
                            if (this.authenticationListener != null) {
                                this.authenticationListener.userAuthenticated(new BasicAuthCredentials(str, str2));
                            }
                        }
                        sessionUser = createUserEnvironment(httpServletRequest.getSession(), this.authenticationService.getCurrentUserName(), this.authenticationService.getCurrentTicket(), false);
                        if (logger.isTraceEnabled()) {
                            logger.trace("Successfully created user environment, login using basic auth or ROLE_TICKET for user: " + AuthenticationUtil.maskUsername(sessionUser.getUserName()));
                        }
                        break;
                    }
                }
            } else {
                String parameter = servletRequest.getParameter("ticket");
                if (parameter != null && parameter.length() > 0) {
                    if (parameter.endsWith(PPT_EXTN)) {
                        parameter = parameter.substring(0, parameter.length() - PPT_EXTN.length());
                    }
                    if (logger.isTraceEnabled()) {
                        logger.trace("Logon via ticket from " + servletRequest.getRemoteHost() + " (" + servletRequest.getRemoteAddr() + ":" + servletRequest.getRemotePort() + ") ticket=" + parameter);
                    }
                    this.authenticationService.validate(parameter);
                    if (this.authenticationListener != null) {
                        this.authenticationListener.userAuthenticated(new TicketCredentials(parameter));
                    }
                    sessionUser = createUserEnvironment(httpServletRequest.getSession(), this.authenticationService.getCurrentUserName(), parameter, false);
                    if (logger.isTraceEnabled()) {
                        logger.trace("Successfully created user environment, login using TICKET for user: " + AuthenticationUtil.maskUsername(sessionUser.getUserName()));
                    }
                }
            }
            if (sessionUser == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("No user/ticket, force the client to prompt for logon details.");
                }
                httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\"");
                httpServletResponse.setStatus(401);
                httpServletResponse.flushBuffer();
                return;
            }
        } else {
            if (this.authenticationListener != null) {
                this.authenticationListener.userAuthenticated(new TicketCredentials(sessionUser.getTicket()));
            }
            if (logger.isTraceEnabled()) {
                logger.trace("User already set to: " + AuthenticationUtil.maskUsername(sessionUser.getUserName()));
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
    public Log getLogger() {
        return logger;
    }

    static {
        String[] strArr = {ResponseWriter.UTF8, System.getProperty("file.encoding"), "ISO-8859-1"};
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (String str : strArr) {
            linkedHashSet.add(str);
        }
        ENCODINGS = new String[linkedHashSet.size()];
        linkedHashSet.toArray(ENCODINGS);
    }
}
