package org.camunda.bpm.webapp.impl.security.auth;

import java.io.IOException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider;
import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult;
import org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter;
import org.camunda.bpm.webapp.impl.util.ProcessEngineUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/camunda-webapp-2.9.3-SP.5-classes.jar:org/camunda/bpm/webapp/impl/security/auth/ContainerBasedAuthenticationFilter.class
 */
/* loaded from: input_file:BOOT-INF/lib/camunda-webapp-7.10.0-classes.jar:org/camunda/bpm/webapp/impl/security/auth/ContainerBasedAuthenticationFilter.class */
public class ContainerBasedAuthenticationFilter implements Filter {
    public static Pattern APP_PATTERN = Pattern.compile("/app/(cockpit|admin|tasklist|welcome)/([^/]+)/");
    public static Pattern API_ENGINE_PATTERN = Pattern.compile("/api/engine/engine/([^/]+)/.*");
    public static Pattern API_STATIC_PLUGIN_PATTERN = Pattern.compile("/api/(cockpit|admin|tasklist|welcome)/plugin/[^/]+/static/.*");
    public static Pattern API_PLUGIN_PATTERN = Pattern.compile("/api/(cockpit|admin|tasklist|welcome)/plugin/[^/]+/([^/]+)/.*");
    protected AuthenticationProvider authenticationProvider;
    protected AuthenticationService userAuthentications;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.userAuthentications = new AuthenticationService();
        String initParameter = filterConfig.getInitParameter(ProcessEngineAuthenticationFilter.AUTHENTICATION_PROVIDER_PARAM);
        if (initParameter == null) {
            throw new ServletException("Cannot instantiate authentication filter: no authentication provider set. init-param authentication-provider missing");
        }
        try {
            this.authenticationProvider = (AuthenticationProvider) Class.forName(initParameter).newInstance();
        } catch (ClassCastException e) {
            throw new ServletException("Cannot instantiate authentication filter: authentication provider does not implement interface " + AuthenticationProvider.class.getName(), e);
        } catch (ClassNotFoundException e2) {
            throw new ServletException("Cannot instantiate authentication filter: authentication provider not found", e2);
        } catch (IllegalAccessException e3) {
            throw new ServletException("Cannot instantiate authentication filter: constructor not accessible", e3);
        } catch (InstantiationException e4) {
            throw new ServletException("Cannot instantiate authentication filter: cannot instantiate authentication provider", e4);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String extractEngineName = extractEngineName(httpServletRequest);
        if (extractEngineName == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        ProcessEngine addressedEngine = getAddressedEngine(extractEngineName);
        if (addressedEngine == null) {
            httpServletResponse.sendError(404, "Process engine " + extractEngineName + " not available");
            return;
        }
        AuthenticationResult extractAuthenticatedUser = this.authenticationProvider.extractAuthenticatedUser(httpServletRequest, addressedEngine);
        if (!extractAuthenticatedUser.isAuthenticated()) {
            httpServletResponse.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
            this.authenticationProvider.augmentResponseByAuthenticationChallenge(httpServletResponse, addressedEngine);
            return;
        }
        Authentications fromSession = Authentications.getFromSession(httpServletRequest.getSession());
        String authenticatedUser = extractAuthenticatedUser.getAuthenticatedUser();
        if (!existisAuthentication(fromSession, extractEngineName, authenticatedUser)) {
            fromSession.addAuthentication(createAuthentication(addressedEngine, authenticatedUser, extractAuthenticatedUser.getGroups(), extractAuthenticatedUser.getTenants()));
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected String getRequestUri(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    protected String extractEngineName(HttpServletRequest httpServletRequest) {
        String requestUri = getRequestUri(httpServletRequest);
        String method = httpServletRequest.getMethod();
        Matcher matcher = APP_PATTERN.matcher(requestUri);
        if (matcher.matches()) {
            return matcher.group(2);
        }
        Matcher matcher2 = API_ENGINE_PATTERN.matcher(requestUri);
        if (matcher2.matches()) {
            return matcher2.group(1);
        }
        Matcher matcher3 = API_STATIC_PLUGIN_PATTERN.matcher(requestUri);
        if (method.equals("GET") && matcher3.matches()) {
            return null;
        }
        Matcher matcher4 = API_PLUGIN_PATTERN.matcher(requestUri);
        if (matcher4.matches()) {
            return matcher4.group(2);
        }
        return null;
    }

    protected ProcessEngine getAddressedEngine(String str) {
        return ProcessEngineUtil.lookupProcessEngine(str);
    }

    protected boolean existisAuthentication(Authentications authentications, String str, String str2) {
        Authentication authenticationForProcessEngine = authentications.getAuthenticationForProcessEngine(str);
        return authenticationForProcessEngine != null && isAuthenticated(authenticationForProcessEngine, str, str2);
    }

    protected boolean isAuthenticated(Authentication authentication, String str, String str2) {
        return authentication.getProcessEngineName().equals(str) && authentication.getIdentityId().equals(str2);
    }

    protected Authentication createAuthentication(ProcessEngine processEngine, String str, List<String> list, List<String> list2) {
        return this.userAuthentications.createAuthenticate(processEngine, str, list, list2);
    }
}
