package org.camunda.bpm.webapp.impl.security.filter;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.camunda.bpm.engine.impl.util.IoUtil;
import org.camunda.bpm.webapp.impl.security.auth.Authentications;
import org.camunda.bpm.webapp.impl.security.filter.util.FilterRules;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/camunda-webapp-2.9.6-SP.11-classes.jar:org/camunda/bpm/webapp/impl/security/filter/SecurityFilter.class
 */
/* loaded from: input_file:BOOT-INF/lib/camunda-webapp-7.10.0-classes.jar:org/camunda/bpm/webapp/impl/security/filter/SecurityFilter.class */
public class SecurityFilter implements Filter {
    public List<SecurityFilterRule> filterRules = new ArrayList();

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilterSecure((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    public void doFilterSecure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authorization authorize = authorize(httpServletRequest.getMethod(), getRequestUri(httpServletRequest), this.filterRules);
        authorize.attachHeaders(httpServletResponse);
        if (authorize.isGranted()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!authorize.isAuthenticated()) {
            sendUnauthorized(httpServletRequest, httpServletResponse);
            return;
        }
        String application = authorize.getApplication();
        if (application != null) {
            sendForbiddenApplicationAccess(application, httpServletRequest, httpServletResponse);
        } else {
            sendForbidden(httpServletRequest, httpServletResponse);
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        loadFilterRules(filterConfig);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    public static Authorization authorize(String str, String str2, List<SecurityFilterRule> list) {
        return FilterRules.authorize(str, str2, list);
    }

    protected void loadFilterRules(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("configFile");
        InputStream resourceAsStream = filterConfig.getServletContext().getResourceAsStream(initParameter);
        if (resourceAsStream == null) {
            throw new ServletException("Could not read security filter config file '" + initParameter + "': no such resource in servlet context.");
        }
        try {
            try {
                this.filterRules = FilterRules.load(resourceAsStream);
                IoUtil.closeSilently(resourceAsStream);
            } catch (Exception e) {
                throw new RuntimeException("Exception while parsing '" + initParameter + "'", e);
            }
        } catch (Throwable th) {
            IoUtil.closeSilently(resourceAsStream);
            throw th;
        }
    }

    protected void sendForbidden(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(403);
    }

    protected void sendUnauthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(401);
    }

    protected void sendForbiddenApplicationAccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(403, "No access rights for " + str);
    }

    protected boolean isAuthenticated(HttpServletRequest httpServletRequest) {
        return Authentications.getCurrent() != null;
    }

    protected String getRequestUri(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }
}
