package ca.carleton.gcrc.auth.cookie;

import ca.carleton.gcrc.auth.common.AuthHttpServletRequest;
import ca.carleton.gcrc.auth.common.AuthenticationUtils;
import ca.carleton.gcrc.auth.common.User;
import ca.carleton.gcrc.auth.common.UserRepository;
import ca.carleton.gcrc.auth.common.UserRepositorySingleton;
import ca.carleton.gcrc.auth.cookie.impl.CookieAuthentication;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.URIUtil;
import org.postgresql.jdbc2.EscapedFunctions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nunaliit2-auth-cookie-2.2.jar:ca/carleton/gcrc/auth/cookie/AuthFilter.class */
public class AuthFilter implements Filter {
    private static final String defaultRealm = "olkit";
    private static final String defaultCookieName = "olkit-auth";
    private UserRepository userRepository;
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private String realm = defaultRealm;
    private String cookieName = defaultCookieName;
    private boolean allowAnonymous = false;
    private boolean allowUser = false;
    private boolean allowAdmin = true;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.logger.info("Start configuring filter");
        this.userRepository = UserRepositorySingleton.getSingleton();
        String initParameter = filterConfig.getInitParameter("anonymous");
        if (null != initParameter) {
            this.allowAnonymous = 0 != Integer.parseInt(initParameter);
        }
        String initParameter2 = filterConfig.getInitParameter(EscapedFunctions.USER);
        if (null != initParameter2) {
            this.allowUser = 0 != Integer.parseInt(initParameter2);
        }
        String initParameter3 = filterConfig.getInitParameter("admin");
        if (null != initParameter3) {
            this.allowAdmin = 0 != Integer.parseInt(initParameter3);
        }
        String initParameter4 = filterConfig.getInitParameter("realm");
        if (null != initParameter4) {
            this.realm = initParameter4;
        }
        String initParameter5 = filterConfig.getInitParameter("cookie");
        if (null != initParameter5) {
            this.cookieName = initParameter5;
        }
        this.logger.info("End configuring filter");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        if (null != this.userRepository) {
            this.userRepository.destroy();
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (false == (servletRequest instanceof HttpServletRequest) || false == (servletResponse instanceof HttpServletResponse)) {
            this.logger.info("Skip filtering request because it is not HTTP");
            filterChain.doFilter(servletRequest, servletResponse);
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest instanceof AuthHttpServletRequest) {
            try {
                checkAndDispatch(AuthenticationUtils.getUserFromRequest(httpServletRequest), httpServletRequest, httpServletResponse, filterChain);
                return;
            } catch (Exception e) {
                throw new ServletException("Error while filtering AuthHttpServletRequest", e);
            }
        }
        try {
            User user = null;
            Cookie cookieFromRequest = getCookieFromRequest(httpServletRequest);
            if (null != cookieFromRequest) {
                user = CookieAuthentication.verifyCookieString(this.userRepository, cookieFromRequest.getValue());
            }
            if (null == user) {
                AuthenticationUtils.sendAuthRequiredError(httpServletResponse, this.realm);
                return;
            }
            this.logger.info("user: " + user);
            Cookie cookie = new Cookie("nunaliit-auth", AuthenticationUtils.userToCookieString(true, user));
            cookie.setPath(URIUtil.SLASH);
            httpServletResponse.addCookie(cookie);
            checkAndDispatch(user, new AuthHttpServletRequest(httpServletRequest, user), httpServletResponse, filterChain);
        } catch (Exception e2) {
            throw new ServletException("Error while filtering HttpServletRequest", e2);
        }
    }

    private void checkAndDispatch(User user, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        boolean z = false;
        if (this.allowAnonymous && user.isAnonymous()) {
            z = true;
        } else if (this.allowAdmin && user.isAdmin()) {
            z = true;
        } else if (this.allowUser && !user.isAdmin() && !user.isAnonymous()) {
            z = true;
        }
        if (z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            this.logger.info("User denied access (" + user + ")");
            AuthenticationUtils.sendAuthRequiredError(httpServletResponse, this.realm);
        }
    }

    private Cookie getCookieFromRequest(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        Cookie cookie = null;
        int length = cookies.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Cookie cookie2 = cookies[i];
            if (this.cookieName.equals(cookie2.getName())) {
                cookie = cookie2;
                break;
            }
            i++;
        }
        return cookie;
    }
}
