package de.acosix.alfresco.keycloak.share.web;

import java.io.IOException;
import java.util.Date;
import java.util.Iterator;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.PropertyCheck;
import org.alfresco.web.site.servlet.SlingshotLoginController;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.extensions.config.ConfigElement;
import org.springframework.extensions.config.ConfigService;
import org.springframework.extensions.surf.RequestContextUtil;
import org.springframework.extensions.surf.exception.ConnectorServiceException;
import org.springframework.extensions.surf.exception.RequestContextException;
import org.springframework.extensions.surf.site.AuthenticationUtil;
import org.springframework.extensions.surf.support.ThreadLocalRequestContext;
import org.springframework.extensions.surf.util.URLEncoder;
import org.springframework.extensions.webscripts.connector.Connector;
import org.springframework.extensions.webscripts.connector.ConnectorContext;
import org.springframework.extensions.webscripts.connector.ConnectorService;
import org.springframework.extensions.webscripts.connector.HttpMethod;
import org.springframework.extensions.webscripts.connector.Response;
import org.springframework.extensions.webscripts.servlet.DependencyInjectedFilter;

/* loaded from: input_file:de/acosix/alfresco/keycloak/share/web/UserGroupsLoadFilter.class */
public class UserGroupsLoadFilter implements DependencyInjectedFilter, InitializingBean, ApplicationContextAware {
    public static final String SESSION_ATTRIBUTE_KEY_USER_GROUPS_LAST_LOADED = SlingshotLoginController.SESSION_ATTRIBUTE_KEY_USER_GROUPS + "_lastLoaded";
    private static final Logger LOGGER = LoggerFactory.getLogger(UserGroupsLoadFilter.class);
    private static final long DEFAULT_CACHED_USER_GROUPS_TIMEOUT = 60000;
    protected ApplicationContext applicationContext;
    protected ConfigService configService;
    protected ConnectorService connectorService;

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    public void afterPropertiesSet() {
        PropertyCheck.mandatory(this, "applicationContext", this.applicationContext);
        PropertyCheck.mandatory(this, "configService", this.configService);
        PropertyCheck.mandatory(this, "connectorService", this.connectorService);
    }

    public void setConfigService(ConfigService configService) {
        this.configService = configService;
    }

    public void setConnectorService(ConnectorService connectorService) {
        this.connectorService = connectorService;
    }

    public void doFilter(ServletContext servletContext, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session;
        String childValue;
        if ((servletRequest instanceof HttpServletRequest) && (session = ((HttpServletRequest) servletRequest).getSession(false)) != null) {
            String userId = AuthenticationUtil.getUserId((HttpServletRequest) servletRequest);
            String str = (String) session.getAttribute(SlingshotLoginController.SESSION_ATTRIBUTE_KEY_USER_GROUPS);
            Date date = (Date) session.getAttribute(SESSION_ATTRIBUTE_KEY_USER_GROUPS_LAST_LOADED);
            long j = 60000;
            ConfigElement configElement = this.configService.getGlobalConfig().getConfigElement("user");
            if (configElement != null && (childValue = configElement.getChildValue("cached-user-groups-timeout")) != null) {
                j = Long.parseLong(childValue, 10);
            }
            if (userId != null) {
                if (str == null || (date != null && date.getTime() + j < System.currentTimeMillis())) {
                    session.setAttribute(SlingshotLoginController.SESSION_ATTRIBUTE_KEY_USER_GROUPS, loadUserGroupsCSVList((HttpServletRequest) servletRequest, session, userId));
                    session.setAttribute(SESSION_ATTRIBUTE_KEY_USER_GROUPS_LAST_LOADED, new Date());
                } else if (date == null) {
                    session.setAttribute(SESSION_ATTRIBUTE_KEY_USER_GROUPS_LAST_LOADED, new Date());
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected String loadUserGroupsCSVList(HttpServletRequest httpServletRequest, HttpSession httpSession, String str) {
        String str2;
        Object obj;
        try {
            Connector connector = this.connectorService.getConnector("alfresco", str, httpSession);
            if (ThreadLocalRequestContext.getRequestContext() == null) {
                try {
                    RequestContextUtil.initRequestContext(this.applicationContext, httpServletRequest, true);
                } catch (RequestContextException e) {
                    LOGGER.error("Failed to initialise request context", e);
                    throw new AlfrescoRuntimeException("Failed to initialise request context", e);
                }
            }
            ConnectorContext connectorContext = new ConnectorContext(HttpMethod.GET);
            connectorContext.setContentType("application/json");
            Response call = connector.call("/api/people/" + URLEncoder.encode(str) + "?groups=true", connectorContext);
            if (call.getStatus().getCode() == 200) {
                Object parse = new JSONParser().parse(call.getResponse().toString());
                StringBuilder sb = new StringBuilder(512);
                if (parse instanceof JSONObject) {
                    Object obj2 = ((JSONObject) parse).get("groups");
                    if (obj2 instanceof JSONArray) {
                        Iterator it = ((JSONArray) obj2).iterator();
                        while (it.hasNext()) {
                            Object next = it.next();
                            if ((next instanceof JSONObject) && (obj = ((JSONObject) next).get("itemName")) != null) {
                                if (sb.length() > 0) {
                                    sb.append(',');
                                }
                                sb.append(obj.toString());
                            }
                        }
                    }
                }
                str2 = sb.toString();
                LOGGER.debug("Retrieved group memberships for user {}: {}", str, str2);
            } else {
                LOGGER.warn("Failed to load user groups for {} with backend call resulting in HTTP {} response and message {}", new Object[]{str, Integer.valueOf(call.getStatus().getCode()), call.getStatus().getMessage()});
                str2 = "";
            }
        } catch (ConnectorServiceException | ParseException e2) {
            LOGGER.error("Failed to load user groups for {}", str, e2);
            str2 = "";
        }
        return str2;
    }
}
