package eu.freme.common.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import com.google.common.base.Strings;
import eu.freme.common.conversion.SerializationFormatMapper;
import eu.freme.common.persistence.model.Token;
import eu.freme.common.rest.BaseRestController;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:eu/freme/common/security/AuthenticationFilter.class */
public class AuthenticationFilter extends GenericFilterBean {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationFilter.class);
    public static final String TOKEN_SESSION_KEY = "token";
    public static final String USER_SESSION_KEY = "user";
    private AuthenticationManager authenticationManager;

    public AuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest asHttp = asHttp(servletRequest);
        HttpServletResponse asHttp2 = asHttp(servletResponse);
        Optional.fromNullable(asHttp.getHeader("X-Auth-Username"));
        Optional.fromNullable(asHttp.getHeader("X-Auth-Password"));
        Optional<String> fromNullable = Optional.fromNullable(asHttp.getHeader("X-Auth-Token"));
        if (asHttp.getParameter(TOKEN_SESSION_KEY) != null) {
            fromNullable = Optional.fromNullable(asHttp.getParameter(TOKEN_SESSION_KEY));
        }
        new UrlPathHelper().getPathWithinApplication(asHttp);
        try {
            try {
                if (fromNullable.isPresent()) {
                    logger.debug("Trying to authenticate user by X-Auth-Token method. Token: {}", fromNullable);
                    processTokenAuthentication(fromNullable);
                }
                logger.debug("AuthenticationFilter is passing request down the filter chain");
                addSessionContextToLogging();
                filterChain.doFilter(servletRequest, servletResponse);
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(USER_SESSION_KEY);
            } catch (InternalAuthenticationServiceException e) {
                SecurityContextHolder.clearContext();
                logger.error("Internal authentication service exception", e);
                asHttp2.sendError(500);
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(USER_SESSION_KEY);
            } catch (AuthenticationException e2) {
                SecurityContextHolder.clearContext();
                asHttp2.sendError(401, e2.getMessage());
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(USER_SESSION_KEY);
            }
        } catch (Throwable th) {
            MDC.remove(TOKEN_SESSION_KEY);
            MDC.remove(USER_SESSION_KEY);
            throw th;
        }
    }

    private void addSessionContextToLogging() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = "EMPTY";
        if (authentication != null && !Strings.isNullOrEmpty(authentication.getDetails().toString())) {
            str = new MessageDigestPasswordEncoder("SHA-1").encodePassword(authentication.getDetails().toString(), "not_so_random_salt");
        }
        MDC.put(TOKEN_SESSION_KEY, str);
        String str2 = "EMPTY";
        if (authentication != null && !Strings.isNullOrEmpty(authentication.getPrincipal().toString())) {
            str2 = authentication.getPrincipal().toString();
        }
        MDC.put(USER_SESSION_KEY, str2);
    }

    private HttpServletRequest asHttp(ServletRequest servletRequest) {
        return (HttpServletRequest) servletRequest;
    }

    private HttpServletResponse asHttp(ServletResponse servletResponse) {
        return (HttpServletResponse) servletResponse;
    }

    private boolean postToAuthenticate(HttpServletRequest httpServletRequest, String str) {
        return BaseRestController.authenticationEndpoint.equalsIgnoreCase(str) && httpServletRequest.getMethod().equals("POST");
    }

    private void processUsernamePasswordAuthentication(HttpServletResponse httpServletResponse, Optional<String> optional, Optional<String> optional2) throws IOException {
        Authentication tryToAuthenticateWithUsernameAndPassword = tryToAuthenticateWithUsernameAndPassword(optional, optional2);
        SecurityContextHolder.getContext().setAuthentication(tryToAuthenticateWithUsernameAndPassword);
        httpServletResponse.setStatus(200);
        String writeValueAsString = new ObjectMapper().writeValueAsString(new TokenResponse(((Token) tryToAuthenticateWithUsernameAndPassword.getDetails()).getToken()));
        httpServletResponse.addHeader("Content-Type", SerializationFormatMapper.JSON);
        httpServletResponse.getWriter().print(writeValueAsString);
    }

    private Authentication tryToAuthenticateWithUsernameAndPassword(Optional<String> optional, Optional<String> optional2) {
        return tryToAuthenticate(new UsernamePasswordAuthenticationToken(optional.get(), optional2.get()));
    }

    private void processTokenAuthentication(Optional<String> optional) {
        SecurityContextHolder.getContext().setAuthentication(tryToAuthenticateWithToken(optional));
    }

    private Authentication tryToAuthenticateWithToken(Optional<String> optional) {
        return tryToAuthenticate(new PreAuthenticatedAuthenticationToken(optional, (Object) null));
    }

    private Authentication tryToAuthenticate(Authentication authentication) {
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        if (authenticate == null || !authenticate.isAuthenticated()) {
            throw new InternalAuthenticationServiceException("Unable to authenticate Domain User for provided credentials");
        }
        logger.debug("User successfully authenticated");
        return authenticate;
    }
}
