package org.craftercms.studio.impl.v1.web.security.access;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.RandomStringUtils;
import org.craftercms.commons.entitlements.exception.EntitlementException;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException;
import org.craftercms.studio.api.v1.exception.security.BadCredentialsException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.security.SecurityProvider;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v1.service.security.UserDetailsManager;
import org.craftercms.studio.api.v1.util.StudioConfiguration;
import org.craftercms.studio.impl.v1.util.SessionTokenUtils;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/craftercms/studio/impl/v1/web/security/access/StudioAuthenticationTokenProcessingFilter.class */
public class StudioAuthenticationTokenProcessingFilter extends GenericFilterBean {
    private static final Logger crafterLogger = LoggerFactory.getLogger(StudioAuthenticationTokenProcessingFilter.class);
    private static ReentrantLock semaphore = new ReentrantLock();
    private UserDetailsManager userDetailsManager;
    private SecurityService securityService;
    private StudioConfiguration studioConfiguration;
    private SecurityProvider securityProvider;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest asHttpRequest = getAsHttpRequest(servletRequest);
        HttpSession session = asHttpRequest.getSession();
        semaphore.lock();
        try {
            String currentUser = this.securityService.getCurrentUser();
            String currentToken = this.securityService.getCurrentToken();
            if (currentUser != null) {
                UserDetails loadUserByUsername = this.userDetailsManager.loadUserByUsername(currentUser);
                if (SessionTokenUtils.validateToken(currentToken, loadUserByUsername.getUsername())) {
                    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities()));
                    if (asHttpRequest.getRequestURI().startsWith(asHttpRequest.getContextPath() + "/api/1") && !getIgnoreRenewTokenUrls().contains(HttpUtils.getRequestUriWithoutContextPath(asHttpRequest))) {
                        session.setAttribute(SecurityService.STUDIO_SESSION_TOKEN_ATRIBUTE, SessionTokenUtils.createToken(loadUserByUsername.getUsername(), Integer.parseInt(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_SESSION_TIMEOUT))));
                    }
                } else {
                    crafterLogger.debug("Session is not valid. Clearing HttpSession", new Object[0]);
                    session.removeAttribute(SecurityService.STUDIO_SESSION_TOKEN_ATRIBUTE);
                    session.invalidate();
                }
            } else if (isAuthenticationHeadersEnabled()) {
                String header = asHttpRequest.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_USERNAME));
                try {
                    this.securityService.authenticate(header, RandomStringUtils.randomAlphanumeric(16));
                    UserDetails loadUserByUsername2 = this.userDetailsManager.loadUserByUsername(header);
                    SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername2, (Object) null, loadUserByUsername2.getAuthorities()));
                } catch (AuthenticationSystemException | BadCredentialsException | EntitlementException e) {
                    crafterLogger.error("Unable to authenticate user using authentication headers.", new Object[0]);
                }
            }
            semaphore.unlock();
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Throwable th) {
            semaphore.unlock();
            throw th;
        }
    }

    private HttpServletRequest getAsHttpRequest(ServletRequest servletRequest) {
        if (servletRequest instanceof HttpServletRequest) {
            return (HttpServletRequest) servletRequest;
        }
        throw new RuntimeException("Expecting an HTTP request");
    }

    public List<String> getIgnoreRenewTokenUrls() {
        return Arrays.asList(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_IGNORE_RENEW_TOKEN_URLS).split(","));
    }

    public boolean isAuthenticationHeadersEnabled() {
        return Boolean.parseBoolean(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_ENABLED));
    }

    public UserDetailsManager getUserDetailsManager() {
        return this.userDetailsManager;
    }

    public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
        this.userDetailsManager = userDetailsManager;
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public StudioConfiguration getStudioConfiguration() {
        return this.studioConfiguration;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }

    public SecurityProvider getSecurityProvider() {
        return this.securityProvider;
    }

    public void setSecurityProvider(SecurityProvider securityProvider) {
        this.securityProvider = securityProvider;
    }
}
