package org.craftercms.studio.impl.v1.web.security.access;

import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.tree.ImmutableNode;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.engine.controller.rest.MonitoringController;
import org.craftercms.studio.api.v1.constant.StudioConstants;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v1.service.security.UserDetailsManager;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.craftercms.studio.controller.rest.v2.RequestMappingConstants;
import org.craftercms.studio.impl.v1.util.SessionTokenUtils;
import org.craftercms.studio.impl.v2.service.security.Authentication;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/crafter-studio-3.1.11E-classes.jar:org/craftercms/studio/impl/v1/web/security/access/StudioAuthenticationTokenProcessingFilter.class */
public class StudioAuthenticationTokenProcessingFilter extends GenericFilterBean {
    private static final Logger crafterLogger = LoggerFactory.getLogger(StudioAuthenticationTokenProcessingFilter.class);
    private static ReentrantLock semaphore = new ReentrantLock();
    private UserDetailsManager userDetailsManager;
    private SecurityService securityService;
    private StudioConfiguration studioConfiguration;
    private boolean authenticationHeadersEnabled = false;
    private List<String> usernameHeaders = null;

    public void init() {
        List<HierarchicalConfiguration<ImmutableNode>> subConfigs = this.studioConfiguration.getSubConfigs(StudioConfiguration.CONFIGURATION_AUTHENTICATION_CHAIN_CONFIG);
        if (subConfigs != null) {
            this.authenticationHeadersEnabled = subConfigs.stream().anyMatch(hierarchicalConfiguration -> {
                return hierarchicalConfiguration.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE).toUpperCase().equals(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE_HEADERS) && hierarchicalConfiguration.getBoolean("enabled");
            });
            this.usernameHeaders = (List) subConfigs.stream().filter(hierarchicalConfiguration2 -> {
                return hierarchicalConfiguration2.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE).toUpperCase().equals(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_TYPE_HEADERS) && hierarchicalConfiguration2.getBoolean("enabled");
            }).map(hierarchicalConfiguration3 -> {
                return hierarchicalConfiguration3.getString(StudioConfiguration.AUTHENTICATION_CHAIN_PROVIDER_USERNAME_HEADER);
            }).collect(Collectors.toList());
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest asHttpRequest = getAsHttpRequest(servletRequest);
        HttpSession session = asHttpRequest.getSession();
        semaphore.lock();
        try {
            try {
                String currentUser = this.securityService.getCurrentUser();
                String currentToken = this.securityService.getCurrentToken();
                if (currentUser != null) {
                    UserDetails loadUserByUsername = this.userDetailsManager.loadUserByUsername(currentUser);
                    if (SessionTokenUtils.validateToken(currentToken, loadUserByUsername.getUsername())) {
                        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername.getUsername(), (Object) null, loadUserByUsername.getAuthorities()));
                        if ((asHttpRequest.getRequestURI().startsWith(asHttpRequest.getContextPath() + MonitoringController.URL_ROOT) || asHttpRequest.getRequestURI().startsWith(asHttpRequest.getContextPath() + RequestMappingConstants.API_2)) && !getIgnoreRenewTokenUrls().contains(HttpUtils.getRequestUriWithoutContextPath(asHttpRequest))) {
                            storeToken(SessionTokenUtils.createToken(loadUserByUsername.getUsername(), Integer.parseInt(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_SESSION_TIMEOUT))));
                        }
                    } else {
                        crafterLogger.debug("Session is not valid. Clearing HttpSession", new Object[0]);
                        session.removeAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
                        session.invalidate();
                    }
                } else if (isAuthenticationHeadersEnabled()) {
                    Iterator<String> it = this.usernameHeaders.iterator();
                    while (it.hasNext()) {
                        String header = asHttpRequest.getHeader(it.next());
                        if (StringUtils.isNotEmpty(header)) {
                            try {
                                this.securityService.authenticate(header, RandomStringUtils.randomAlphanumeric(16));
                                UserDetails loadUserByUsername2 = this.userDetailsManager.loadUserByUsername(header);
                                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername2.getUsername(), (Object) null, loadUserByUsername2.getAuthorities()));
                                break;
                            } catch (Exception e) {
                                crafterLogger.error("Unable to authenticate user using authentication headers.", e, new Object[0]);
                            }
                        }
                    }
                }
                semaphore.unlock();
            } catch (ServiceLayerException e2) {
                this.logger.error("Unknown service error trying to authenticate user", e2);
                semaphore.unlock();
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Throwable th) {
            semaphore.unlock();
            throw th;
        }
    }

    private void storeToken(String str) {
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            HttpSession session = current.getRequest().getSession();
            Authentication authentication = (Authentication) session.getAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION);
            session.setAttribute(StudioConstants.HTTP_SESSION_ATTRIBUTE_AUTHENTICATION, new Authentication(authentication.getUsername(), str, authentication.getAuthenticationType(), authentication.getSsoLogoutUrl()));
        }
    }

    private HttpServletRequest getAsHttpRequest(ServletRequest servletRequest) {
        if (servletRequest instanceof HttpServletRequest) {
            return (HttpServletRequest) servletRequest;
        }
        throw new RuntimeException("Expecting an HTTP request");
    }

    public List<String> getIgnoreRenewTokenUrls() {
        return Arrays.asList(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_IGNORE_RENEW_TOKEN_URLS).split(","));
    }

    public boolean isAuthenticationHeadersEnabled() {
        return this.authenticationHeadersEnabled;
    }

    public UserDetailsManager getUserDetailsManager() {
        return this.userDetailsManager;
    }

    public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
        this.userDetailsManager = userDetailsManager;
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public StudioConfiguration getStudioConfiguration() {
        return this.studioConfiguration;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }
}
