package pl.edu.icm.synat.container.security.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import pl.edu.icm.synat.api.services.security.ServiceSecurityContextManager;
import pl.edu.icm.synat.api.services.security.exception.ServiceSecurityException;

/* loaded from: input_file:WEB-INF/lib/synat-platform-container-1.23.21.jar:pl/edu/icm/synat/container/security/web/TicketAuthenticationFilter.class */
public class TicketAuthenticationFilter extends CasAuthenticationFilter implements InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(TicketAuthenticationFilter.class);
    private ServiceSecurityContextManager serviceSecurityContextManager;
    private ThrowableAnalyzer throwableAnalyzer = new ThrowableAnalyzer();

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!this.serviceSecurityContextManager.isSecurityEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            try {
                checkIfTicketExists(httpServletRequest);
                super.doFilter(servletRequest, servletResponse, filterChain);
                logger.debug("Clearing client authentication token.");
                this.serviceSecurityContextManager.clearClientToken();
            } catch (Throwable th) {
                ServiceSecurityException serviceSecurityException = (ServiceSecurityException) this.throwableAnalyzer.getFirstThrowableOfType(ServiceSecurityException.class, this.throwableAnalyzer.determineCauseChain(th));
                if (serviceSecurityException != null) {
                    logger.error(th.getMessage() + " Request came from remote address '{}'", httpServletRequest.getRemoteAddr());
                    httpServletResponse.sendError(HttpStatus.SC_FORBIDDEN, serviceSecurityException.getMessage());
                }
                logger.debug("Clearing client authentication token.");
                this.serviceSecurityContextManager.clearClientToken();
            }
        } catch (Throwable th2) {
            logger.debug("Clearing client authentication token.");
            this.serviceSecurityContextManager.clearClientToken();
            throw th2;
        }
    }

    protected void checkIfTicketExists(HttpServletRequest httpServletRequest) throws ServiceSecurityException {
        if (obtainArtifact(httpServletRequest) == null) {
            throw new ServiceSecurityException("Service ticket not found in request.", new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.cas.web.CasAuthenticationFilter
    public String obtainArtifact(HttpServletRequest httpServletRequest) {
        String obtainArtifact = super.obtainArtifact(httpServletRequest);
        if (StringUtils.isEmpty(obtainArtifact)) {
            obtainArtifact = httpServletRequest.getHeader("ticket");
        }
        return obtainArtifact;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.cas.web.CasAuthenticationFilter, org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return isSecurityEnabled() && super.requiresAuthentication(httpServletRequest, httpServletResponse);
    }

    public void setServiceSecurityContextManager(ServiceSecurityContextManager serviceSecurityContextManager) {
        this.serviceSecurityContextManager = serviceSecurityContextManager;
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter, org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        Assert.notNull(this.serviceSecurityContextManager, "serviceSecurityContextManager required");
    }

    protected boolean isSecurityEnabled() {
        boolean isSecurityEnabled = this.serviceSecurityContextManager.isSecurityEnabled();
        if (logger.isDebugEnabled()) {
            logger.debug("isSecurityEnabled = " + isSecurityEnabled);
        }
        return isSecurityEnabled;
    }
}
