package edu.internet2.middleware.grouper.ws.scim;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.authentication.GrouperPassword;
import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.j2ee.Authentication;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;

@WebFilter(filterName = "TierFilter", urlPatterns = {"/v2/*"})
/* loaded from: input_file:edu/internet2/middleware/grouper/ws/scim/TierFilter.class */
public class TierFilter implements Filter {
    private static ThreadLocal<Long> threadLocalRequestStartMillis = new ThreadLocal<>();
    private static ThreadLocal<HttpServletRequest> threadLocalRequest = new ThreadLocal<>();

    public static long retrieveRequestStartMillis() {
        return GrouperUtil.longValue(threadLocalRequestStartMillis.get(), 0L);
    }

    public static Subject retrieveSubjectFromRemoteUser() {
        String name;
        GrouperSession grouperSession = null;
        try {
            HttpServletRequest httpServletRequest = threadLocalRequest.get();
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            if (userPrincipal == null) {
                name = httpServletRequest.getRemoteUser();
                if (StringUtils.isBlank(name)) {
                    name = (String) httpServletRequest.getAttribute("REMOTE_USER");
                }
            } else {
                name = userPrincipal.getName();
            }
            if (name == null) {
                GrouperSession.stopQuietly((GrouperSession) null);
                return null;
            }
            final String str = name;
            grouperSession = GrouperSession.startRootSession();
            Subject subject = (Subject) GrouperSession.callbackGrouperSession(grouperSession, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ws.scim.TierFilter.1
                public Object callback(GrouperSession grouperSession2) throws GrouperSessionException {
                    return SubjectFinder.findByIdOrIdentifier(str, false);
                }
            });
            if (subject == null) {
                GrouperSession.stopQuietly(grouperSession);
                return null;
            }
            GrouperSession.stopQuietly(grouperSession);
            return subject;
        } catch (Throwable th) {
            GrouperSession.stopQuietly(grouperSession);
            throw th;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (GrouperHibernateConfig.retrieveConfig().propertyValueBoolean("grouper.is.scim", false)) {
            try {
                if (((HttpServletRequest) servletRequest).getMethod().equals("OPTIONS")) {
                    ((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
                    ((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Origin", "*");
                    ((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
                    ((HttpServletResponse) servletResponse).setStatus(200);
                    threadLocalRequestStartMillis.remove();
                    threadLocalRequest.remove();
                    return;
                }
                threadLocalRequestStartMillis.set(Long.valueOf(System.currentTimeMillis()));
                threadLocalRequest.set((HttpServletRequest) servletRequest);
                if (GrouperHibernateConfig.retrieveConfig().propertyValueBoolean("grouper.is.scim.basicAuthn", false)) {
                    String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
                    if (new Authentication().authenticate(header, GrouperPassword.Application.WS)) {
                        ((HttpServletRequest) servletRequest).setAttribute("REMOTE_USER", Authentication.retrieveUsername(header));
                    } else {
                        ((HttpServletResponse) servletResponse).setStatus(401);
                    }
                }
                if (retrieveSubjectFromRemoteUser() == null) {
                    ((HttpServletResponse) servletResponse).setStatus(401);
                    threadLocalRequestStartMillis.remove();
                    threadLocalRequest.remove();
                } else {
                    filterChain.doFilter(servletRequest, servletResponse);
                    threadLocalRequestStartMillis.remove();
                    threadLocalRequest.remove();
                }
            } catch (Throwable th) {
                threadLocalRequestStartMillis.remove();
                threadLocalRequest.remove();
                throw th;
            }
        }
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
