package org.craftercms.engine.util.spring.security.headers;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.engine.util.ConfigUtils;
import org.craftercms.engine.util.spring.security.ConfigAwarePreAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/craftercms/engine/util/spring/security/headers/AbstractHeadersAuthenticationFilter.class */
public abstract class AbstractHeadersAuthenticationFilter extends ConfigAwarePreAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(AbstractHeadersAuthenticationFilter.class);
    public static final String DEFAULT_HEADER_PREFIX = "MELLON_";
    public static final String DEFAULT_USERNAME_HEADER_NAME = "MELLON_username";
    public static final String DEFAULT_EMAIL_HEADER_NAME = "MELLON_email";
    public static final String DEFAULT_GROUPS_HEADER_NAME = "MELLON_groups";
    public static final String DEFAULT_TOKEN_HEADER_NAME = "MELLON_secure_key";
    public static final String HEADERS_CONFIG_KEY = "security.headers";
    public static final String HEADERS_TOKEN_CONFIG_KEY = "security.headers.token";
    public static final String HEADERS_ATTRS_CONFIG_KEY = "security.headers.attributes";
    public static final String HEADERS_GROUPS_CONFIG_KEY = "security.headers.groups";
    public static final String NAME_CONFIG_KEY = "name";
    public static final String FIELD_CONFIG_KEY = "field";
    public static final String ROLE_CONFIG_KEY = "role";
    protected String headerPrefix;
    protected String usernameHeaderName;
    protected String emailHeaderName;
    protected String groupsHeaderName;
    protected String tokenHeaderName;
    protected String defaultTokenValue;

    public AbstractHeadersAuthenticationFilter(String str) {
        super(str);
        this.headerPrefix = DEFAULT_HEADER_PREFIX;
        this.usernameHeaderName = DEFAULT_USERNAME_HEADER_NAME;
        this.emailHeaderName = DEFAULT_EMAIL_HEADER_NAME;
        this.groupsHeaderName = DEFAULT_GROUPS_HEADER_NAME;
        this.tokenHeaderName = DEFAULT_TOKEN_HEADER_NAME;
        setCheckForPrincipalChanges(true);
    }

    public void setHeaderPrefix(String str) {
        this.headerPrefix = str;
    }

    public void setUsernameHeaderName(String str) {
        this.usernameHeaderName = str;
    }

    public void setEmailHeaderName(String str) {
        this.emailHeaderName = str;
    }

    public void setGroupsHeaderName(String str) {
        this.groupsHeaderName = str;
    }

    public void setTokenHeaderName(String str) {
        this.tokenHeaderName = str;
    }

    public void setDefaultTokenValue(String str) {
        this.defaultTokenValue = str;
    }

    protected abstract Object doGetPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.craftercms.engine.util.spring.security.ConfigAwarePreAuthenticationFilter
    public boolean principalChanged(HttpServletRequest httpServletRequest, Authentication authentication) {
        if (hasValidToken(httpServletRequest)) {
            return super.principalChanged(httpServletRequest, authentication);
        }
        return false;
    }

    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        if (hasValidToken(httpServletRequest)) {
            return doGetPreAuthenticatedPrincipal(httpServletRequest);
        }
        return null;
    }

    protected String getTokenExpectedValue() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        return (currentConfig == null || !currentConfig.containsKey(HEADERS_TOKEN_CONFIG_KEY)) ? this.defaultTokenValue : currentConfig.getString(HEADERS_TOKEN_CONFIG_KEY);
    }

    protected boolean hasValidToken(HttpServletRequest httpServletRequest) {
        logger.debug("Checking security token from request headers");
        String header = httpServletRequest.getHeader(this.tokenHeaderName);
        if (StringUtils.isEmpty(header)) {
            logger.debug("No security token found for request from '{}'", httpServletRequest.getRemoteAddr());
            return false;
        }
        if (StringUtils.equals(header, getTokenExpectedValue())) {
            return true;
        }
        logger.warn("Security token mismatch during authentication from '{}'", httpServletRequest.getRemoteAddr());
        return false;
    }
}
