package org.alfresco.repo.webdav.auth;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.security.PersonService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/alfresco/repo/webdav/auth/HTTPRequestAuthenticationFilter.class */
public class HTTPRequestAuthenticationFilter extends BaseAuthenticationFilter implements Filter {
    private static Log logger = LogFactory.getLog(HTTPRequestAuthenticationFilter.class);
    private ServletContext m_context;
    private String httpServletRequestAuthHeaderName;
    private AuthenticationComponent m_authComponent;
    private String m_authPatternString = null;
    private Pattern m_authPattern = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.m_context = filterConfig.getServletContext();
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(this.m_context);
        ServiceRegistry serviceRegistry = (ServiceRegistry) requiredWebApplicationContext.getBean("ServiceRegistry");
        setNodeService(serviceRegistry.getNodeService());
        setAuthenticationService(serviceRegistry.getAuthenticationService());
        setTransactionService(serviceRegistry.getTransactionService());
        setPersonService((PersonService) requiredWebApplicationContext.getBean("PersonService"));
        this.m_authComponent = (AuthenticationComponent) requiredWebApplicationContext.getBean("authenticationComponent");
        this.httpServletRequestAuthHeaderName = filterConfig.getInitParameter("httpServletRequestAuthHeaderName");
        if (this.httpServletRequestAuthHeaderName == null) {
            this.httpServletRequestAuthHeaderName = "x-user";
        }
        this.m_authPatternString = filterConfig.getInitParameter("authPatternString");
        if (this.m_authPatternString != null) {
            try {
                this.m_authPattern = Pattern.compile(this.m_authPatternString);
            } catch (PatternSyntaxException e) {
                logger.warn("Invalid pattern: " + this.m_authPatternString, e);
                this.m_authPattern = null;
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        SessionUser sessionUser = (SessionUser) httpServletRequest.getSession().getAttribute(BaseAuthenticationFilter.AUTHENTICATION_USER);
        if (sessionUser == null) {
            String header = httpServletRequest.getHeader(this.httpServletRequestAuthHeaderName);
            if (logger.isDebugEnabled()) {
                if (header == null) {
                    logger.debug("Header not found: " + this.httpServletRequestAuthHeaderName);
                } else {
                    logger.debug("Header is <" + header + ">");
                }
            }
            if (header == null || header.length() <= 0) {
                String parameter = servletRequest.getParameter("ticket");
                if (parameter != null && parameter.length() > 0) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Logon via ticket from " + servletRequest.getRemoteHost() + " (" + servletRequest.getRemoteAddr() + ":" + servletRequest.getRemotePort() + ") ticket=" + parameter);
                    }
                    try {
                        this.authenticationService.validate(parameter);
                        sessionUser = createUserEnvironment(httpServletRequest.getSession(), this.authenticationService.getCurrentUserName(), parameter, true);
                    } catch (AuthenticationException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Failed", e);
                        }
                        sessionUser = null;
                    }
                }
            } else {
                if (this.m_authPattern != null) {
                    Matcher matcher = this.m_authPattern.matcher(header);
                    if (!matcher.matches()) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("no pattern match for " + this.m_authPatternString + " against " + header);
                        }
                        reject(httpServletRequest, httpServletResponse);
                        return;
                    } else {
                        str = matcher.group();
                        if (str == null || str.length() < 1) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Extracted null or empty user name from pattern " + this.m_authPatternString + " against " + header);
                            }
                            reject(httpServletRequest, httpServletResponse);
                            return;
                        }
                    }
                } else {
                    str = header;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("User = " + str);
                }
                final String str2 = str;
                sessionUser = (SessionUser) this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() { // from class: org.alfresco.repo.webdav.auth.HTTPRequestAuthenticationFilter.1
                    /* renamed from: execute, reason: merged with bridge method [inline-methods] */
                    public SessionUser m236execute() throws Throwable {
                        try {
                            HTTPRequestAuthenticationFilter.this.m_authComponent.clearCurrentSecurityContext();
                            HTTPRequestAuthenticationFilter.this.m_authComponent.setCurrentUser(str2);
                            return HTTPRequestAuthenticationFilter.this.createUserEnvironment(httpServletRequest.getSession(), str2, HTTPRequestAuthenticationFilter.this.authenticationService.getCurrentTicket(), true);
                        } catch (AuthenticationException e2) {
                            if (!HTTPRequestAuthenticationFilter.logger.isDebugEnabled()) {
                                return null;
                            }
                            HTTPRequestAuthenticationFilter.logger.debug("Failed", e2);
                            return null;
                        }
                    }
                });
            }
            if (sessionUser == null) {
                reject(httpServletRequest, httpServletResponse);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void reject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Alfresco DAV Server\"");
        httpServletResponse.setStatus(401);
        httpServletResponse.flushBuffer();
    }

    public void destroy() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
    public Log getLogger() {
        return logger;
    }
}
