package com.payneteasy.superfly.security;

import com.payneteasy.superfly.api.AuthenticationRequestInfo;
import com.payneteasy.superfly.api.SSORole;
import com.payneteasy.superfly.api.SSOUser;
import com.payneteasy.superfly.security.authentication.SSOUserAndSelectedRoleAuthenticationToken;
import com.payneteasy.superfly.security.authentication.SSOUserTransportAuthenticationToken;
import com.payneteasy.superfly.security.authentication.UsernamePasswordAuthRequestInfoAuthenticationToken;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* loaded from: input_file:com/payneteasy/superfly/security/TwoStepAuthenticationProcessingFilter.class */
public class TwoStepAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
    public static final String SPRING_SECURITY_FORM_ROLE_KEY = "j_role";
    private String roleParameter = SPRING_SECURITY_FORM_ROLE_KEY;
    private String subsystemIdentifier = null;

    public TwoStepAuthenticationProcessingFilter() {
        setFilterProcessesUrl("/j_superfly_security_check");
    }

    public void setRoleParameter(String str) {
        this.roleParameter = str;
    }

    public void setSubsystemIdentifier(String str) {
        this.subsystemIdentifier = str;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Authentication doStepTwo;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (isStepOne(httpServletRequest, authentication)) {
            doStepTwo = doStepOne(httpServletRequest, authentication);
        } else {
            if (!isStepTwo(httpServletRequest, authentication)) {
                throw new IllegalStateException("Must execute either step 1 or step 2, but they both didn't match");
            }
            doStepTwo = doStepTwo(httpServletRequest, authentication);
        }
        return getAuthenticationManager().authenticate(doStepTwo);
    }

    protected String obtainRoleKey(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.roleParameter);
    }

    protected boolean isStepOne(HttpServletRequest httpServletRequest, Authentication authentication) {
        return obtainUsername(httpServletRequest) != null;
    }

    protected boolean isStepTwo(HttpServletRequest httpServletRequest, Authentication authentication) {
        return obtainRoleKey(httpServletRequest) != null;
    }

    protected Authentication doStepOne(HttpServletRequest httpServletRequest, Authentication authentication) {
        return createUsernamePasswordAuthRequest(httpServletRequest, obtainUsername(httpServletRequest), obtainPassword(httpServletRequest));
    }

    protected Authentication createUsernamePasswordAuthRequest(HttpServletRequest httpServletRequest, String str, String str2) {
        return new UsernamePasswordAuthRequestInfoAuthenticationToken(str, str2, createAuthRequestInfo(httpServletRequest));
    }

    protected Authentication doStepTwo(HttpServletRequest httpServletRequest, Authentication authentication) {
        String obtainRoleKey = obtainRoleKey(httpServletRequest);
        SSOUser sSOUser = (SSOUser) httpServletRequest.getSession().getAttribute(SSOUserTransportAuthenticationToken.SESSION_KEY);
        httpServletRequest.getSession().removeAttribute(SSOUserTransportAuthenticationToken.SESSION_KEY);
        if (sSOUser == null) {
            throw new BadCredentialsException("Session expired");
        }
        SSORole sSORole = null;
        Iterator it = sSOUser.getActionsMap().keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SSORole sSORole2 = (SSORole) it.next();
            if (sSORole2.getName().equals(obtainRoleKey)) {
                sSORole = sSORole2;
                break;
            }
        }
        if (sSORole == null) {
            throw new BadCredentialsException("Unknown role: " + obtainRoleKey);
        }
        return createUserRoleAuthRequest(sSOUser, sSORole);
    }

    protected Authentication createUserRoleAuthRequest(SSOUser sSOUser, SSORole sSORole) {
        return new SSOUserAndSelectedRoleAuthenticationToken(sSOUser, sSORole);
    }

    protected AuthenticationRequestInfo createAuthRequestInfo(HttpServletRequest httpServletRequest) {
        AuthenticationRequestInfo authenticationRequestInfo = new AuthenticationRequestInfo();
        authenticationRequestInfo.setIpAddress(httpServletRequest.getRemoteAddr());
        authenticationRequestInfo.setSubsystemIdentifier(this.subsystemIdentifier);
        return authenticationRequestInfo;
    }
}
