package org.alfresco.web.app.servlet;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.repository.User;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/alfresco/web/app/servlet/HTTPRequestAuthenticationFilter.class */
public class HTTPRequestAuthenticationFilter implements Filter {
    private static Log logger = LogFactory.getLog(HTTPRequestAuthenticationFilter.class);
    private ServletContext context;
    private String loginPage;
    private AuthenticationComponent authComponent;
    private AuthenticationService authenticationService;
    private String httpServletRequestAuthHeaderName;
    private String authPatternString = null;
    private Pattern authPattern = null;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader(this.httpServletRequestAuthHeaderName);
        if (logger.isDebugEnabled()) {
            if (header == null) {
                logger.debug("Header not found: " + this.httpServletRequestAuthHeaderName);
            } else {
                logger.debug("Header is <" + header + ">");
            }
        }
        if (header == null || header.length() < 1) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/jsp/noaccess.jsp");
            return;
        }
        if (this.authPattern != null) {
            Matcher matcher = this.authPattern.matcher(header);
            if (!matcher.matches()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("no pattern match for " + this.authPatternString + " against " + header);
                }
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/jsp/noaccess.jsp");
                return;
            } else {
                str = matcher.group();
                if (str == null || str.length() < 1) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Extracted null or empty user name from pattern " + this.authPatternString + " against " + header);
                    }
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/jsp/noaccess.jsp");
                    return;
                }
            }
        } else {
            str = header;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("User = " + str);
        }
        User user = AuthenticationHelper.getUser(this.context, httpServletRequest, httpServletResponse);
        if (user != null) {
            try {
                if (logger.isDebugEnabled()) {
                    logger.debug("User " + user.getUserName() + " validate ticket");
                }
                if (user.getUserName().equals(str)) {
                    this.authComponent.clearCurrentSecurityContext();
                    this.authComponent.setCurrentUser(user.getUserName());
                    AuthenticationHelper.setupThread(this.context, httpServletRequest, httpServletResponse);
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
                setAuthenticatedUser(httpServletRequest, httpServletResponse, str);
            } catch (AuthenticationException e) {
                if (logger.isErrorEnabled()) {
                    logger.error("Failed to validate user " + user.getUserName(), e);
                }
            }
        }
        setAuthenticatedUser(httpServletRequest, httpServletResponse, str);
        if (!httpServletRequest.getRequestURI().endsWith(getLoginPage())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Login page requested, chaining ...");
        }
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + BaseServlet.FACES_SERVLET + "/jsp/browse/browse.jsp");
    }

    private void setAuthenticatedUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        this.authComponent.clearCurrentSecurityContext();
        this.authComponent.setCurrentUser(str);
        AuthenticationHelper.setUser(this.context, httpServletRequest, str, this.authenticationService.getCurrentTicket(), true);
        AuthenticationHelper.setupThread(this.context, httpServletRequest, httpServletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.context = filterConfig.getServletContext();
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(this.context);
        this.authComponent = (AuthenticationComponent) requiredWebApplicationContext.getBean("authenticationComponent");
        this.authenticationService = (AuthenticationService) requiredWebApplicationContext.getBean("AuthenticationService");
        this.httpServletRequestAuthHeaderName = filterConfig.getInitParameter("httpServletRequestAuthHeaderName");
        if (this.httpServletRequestAuthHeaderName == null) {
            this.httpServletRequestAuthHeaderName = "x-user";
        }
        this.authPatternString = filterConfig.getInitParameter("authPatternString");
        if (this.authPatternString != null) {
            try {
                this.authPattern = Pattern.compile(this.authPatternString);
            } catch (PatternSyntaxException e) {
                logger.warn("Invalid pattern: " + this.authPatternString, e);
                this.authPattern = null;
            }
        }
    }

    private String getLoginPage() {
        if (this.loginPage == null) {
            this.loginPage = Application.getLoginPage(this.context);
        }
        return this.loginPage;
    }
}
