package pl.edu.icm.yadda.ui.security.impl.aas;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.client.ISecuritySession;
import pl.edu.icm.yadda.aas.client.LoginResult;
import pl.edu.icm.yadda.aas.client.SecuritySessionImpl;
import pl.edu.icm.yadda.aas.client.authn.IAuthenticationManager;
import pl.edu.icm.yadda.aas.client.session.LogonType;
import pl.edu.icm.yadda.service2.user.token.AnonymousToken;
import pl.edu.icm.yadda.ui.BeanNameConstants;
import pl.edu.icm.yadda.ui.ServletContextParameterConstants;

/* loaded from: input_file:WEB-INF/lib/yaddaweb-lite-core-1.7.3.jar:pl/edu/icm/yadda/ui/security/impl/aas/AnonymousLogonFilter.class */
public class AnonymousLogonFilter extends AbstractSessionServiceAwareFilter implements Filter {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected boolean aasEnabled;
    protected Pattern anonymousAuthnExclusionPattern;
    protected IAuthenticationManager authnManager;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.aasEnabled) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpSession session = httpServletRequest.getSession(true);
            String servletPath = httpServletRequest.getServletPath();
            if (this.anonymousAuthnExclusionPattern != null && this.anonymousAuthnExclusionPattern.matcher(servletPath).matches()) {
                this.log.debug("omitting anonymous session handling for path: " + servletPath);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            ISecuritySession iSecuritySession = (ISecuritySession) this.sessionService.get(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
            if (iSecuritySession == null) {
                recreateSession(httpServletRequest, session);
            } else if (!iSecuritySession.isInvalidated() && !iSecuritySession.invalidateOnTimeout()) {
                this.sessionService.bind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME, iSecuritySession);
                iSecuritySession.touch();
            } else if (isAnonymousSession(iSecuritySession)) {
                this.log.info("Anonymous session expired={}", iSecuritySession.getSecuritySessionId());
                recreateSession(httpServletRequest, session);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected ISecuritySession recreateSession(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        SecuritySessionImpl securitySessionImpl = new SecuritySessionImpl(httpSession.getId(), httpServletRequest.getRemoteAddr());
        this.sessionService.bind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME, securitySessionImpl);
        LoginResult login = this.authnManager.login(new AnonymousToken(httpServletRequest.getRemoteAddr()));
        this.log.info("Anonymous LoginResult: decision={}, ip={}, sessionId={}, errors.size()={}", new Object[]{login.getDecition(), httpServletRequest.getRemoteAddr(), securitySessionImpl.getSecuritySessionId(), Integer.valueOf(login.getErrors().size())});
        return securitySessionImpl;
    }

    protected boolean isAnonymousSession(ISecuritySession iSecuritySession) {
        LogonType logonType = (LogonType) iSecuritySession.getAuthorities(LogonType.NAME);
        return logonType != null && LogonType.Type.ANONYMOUS.equals(logonType.getType());
    }

    @Override // pl.edu.icm.yadda.ui.security.impl.aas.AbstractSessionServiceAwareFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.aasEnabled = ServletContextParameterConstants.SECURITY_PROVIDER_VALUE_AAS.equals(getProperty(ServletContextParameterConstants.SECURITY_PROVIDER, filterConfig.getServletContext()));
        String initParameter = filterConfig.getServletContext().getInitParameter(ServletContextParameterConstants.ANONYMOUS_AUTHN_EXCLUSION_PATTERN);
        if (initParameter != null) {
            this.anonymousAuthnExclusionPattern = Pattern.compile(initParameter);
        }
        String initParameter2 = filterConfig.getServletContext().getInitParameter(ServletContextParameterConstants.AUTHN_MANAGER_BEAN_NAME_PARAM);
        if (initParameter2 == null) {
            initParameter2 = BeanNameConstants.AUTHN_MANAGER;
        }
        this.authnManager = (IAuthenticationManager) getBean(initParameter2, IAuthenticationManager.class, filterConfig.getServletContext());
    }

    public void setAasEnabled(boolean z) {
        this.aasEnabled = z;
    }

    public void setAnonymousAuthnExclusionPattern(Pattern pattern) {
        this.anonymousAuthnExclusionPattern = pattern;
    }

    public void setAuthnManager(IAuthenticationManager iAuthenticationManager) {
        this.authnManager = iAuthenticationManager;
    }
}
