package de.itsvs.cwtrpc.security;

import de.itsvs.cwtrpc.core.RpcSessionInvalidationPolicy;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:de/itsvs/cwtrpc/security/RpcSessionManagementFilter.class */
public class RpcSessionManagementFilter extends GenericFilterBean {
    protected static final String PROCESSED_ALREADY_ATTR_NAME = RpcSessionManagementFilter.class.getName().concat(".processedAlready");
    protected static final String APPLIED_SESSION_AUTHENTICATION_STRATEGIES_ATTR_NAME = RpcSessionManagementFilter.class.getName().concat(".appliedSessionAuthenticationStrategies");
    protected static final String INVALID_SESSION_TEXT = "INVALID_SESSION";
    private SecurityContextRepository securityContextRepository;
    private AuthenticationFailureHandler authenticationFailureHandler;
    private SessionAuthenticationStrategy sessionAuthenticationStrategy;
    private RedirectStrategy invalidSessionRedirectStrategy;
    private String invalidSessionUrl;
    private RpcHttpSessionStrategy rpcHttpSessionStrategy;
    private final Log log = LogFactory.getLog(RpcSessionManagementFilter.class);
    private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    public static void saveAppliedSessionAuthenticationStrategy(HttpServletRequest httpServletRequest, SessionAuthenticationStrategy sessionAuthenticationStrategy) {
        List list = (List) httpServletRequest.getAttribute(APPLIED_SESSION_AUTHENTICATION_STRATEGIES_ATTR_NAME);
        if (list == null) {
            list = new ArrayList();
        }
        list.add(sessionAuthenticationStrategy.getClass());
        httpServletRequest.setAttribute(APPLIED_SESSION_AUTHENTICATION_STRATEGIES_ATTR_NAME, list);
    }

    public static boolean appliedSessionAuthenticationStrategy(HttpServletRequest httpServletRequest, SessionAuthenticationStrategy sessionAuthenticationStrategy) {
        List list = (List) httpServletRequest.getAttribute(APPLIED_SESSION_AUTHENTICATION_STRATEGIES_ATTR_NAME);
        if (list == null) {
            return false;
        }
        return list.contains(sessionAuthenticationStrategy.getClass());
    }

    public SecurityContextRepository getSecurityContextRepository() {
        return this.securityContextRepository;
    }

    public void setSecurityContextRepository(SecurityContextRepository securityContextRepository) {
        Assert.notNull(securityContextRepository, "'securityContextRepository' must not be null");
        this.securityContextRepository = securityContextRepository;
    }

    public AuthenticationFailureHandler getAuthenticationFailureHandler() {
        return this.authenticationFailureHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(this.securityContextRepository, "'authenticationFailureHandler' must not be null");
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    public SessionAuthenticationStrategy getSessionAuthenticationStrategy() {
        return this.sessionAuthenticationStrategy;
    }

    public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) {
        Assert.notNull(this.securityContextRepository, "'sessionAuthenticationStrategy' must not be null");
        this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
    }

    public AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    public RedirectStrategy getInvalidSessionRedirectStrategy() {
        return this.invalidSessionRedirectStrategy;
    }

    public void setInvalidSessionRedirectStrategy(RedirectStrategy redirectStrategy) {
        Assert.notNull(redirectStrategy, "'invalidSessionRedirectStrategy' must not be null");
        this.invalidSessionRedirectStrategy = redirectStrategy;
    }

    public String getInvalidSessionUrl() {
        return this.invalidSessionUrl;
    }

    public void setInvalidSessionUrl(String str) {
        this.invalidSessionUrl = str;
    }

    public RpcHttpSessionStrategy getRpcHttpSessionStrategy() {
        return this.rpcHttpSessionStrategy;
    }

    public void setRpcHttpSessionStrategy(RpcHttpSessionStrategy rpcHttpSessionStrategy) {
        Assert.notNull(rpcHttpSessionStrategy, "'rpcHttpSessionStrategy' must not be null");
        this.rpcHttpSessionStrategy = rpcHttpSessionStrategy;
    }

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(getSecurityContextRepository(), "'securityContextRepository' must be specified");
        if (getAuthenticationFailureHandler() == null) {
            AuthenticationFailureHandler simpleRpcAuthenticationFailureHandler = new SimpleRpcAuthenticationFailureHandler();
            simpleRpcAuthenticationFailureHandler.setServletContext(getServletContext());
            simpleRpcAuthenticationFailureHandler.afterPropertiesSet();
            setAuthenticationFailureHandler(simpleRpcAuthenticationFailureHandler);
        }
        if (getSessionAuthenticationStrategy() == null) {
            setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
        }
        if (getInvalidSessionRedirectStrategy() == null) {
            RpcRedirectStrategy rpcRedirectStrategy = new RpcRedirectStrategy();
            rpcRedirectStrategy.setText(INVALID_SESSION_TEXT);
            setInvalidSessionRedirectStrategy(rpcRedirectStrategy);
        }
        if (getRpcHttpSessionStrategy() == null) {
            setRpcHttpSessionStrategy(new DefaultRpcHttpSessionStrategy());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z;
        if (servletRequest.getAttribute(PROCESSED_ALREADY_ATTR_NAME) == null) {
            servletRequest.setAttribute(PROCESSED_ALREADY_ATTR_NAME, Boolean.TRUE);
            z = process((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        } else {
            z = true;
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (getSecurityContextRepository().containsContext(httpServletRequest)) {
            return true;
        }
        this.log.debug("Security context repository does not contain current context");
        return processNewContext(httpServletRequest, httpServletResponse);
    }

    protected boolean processNewContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        RpcSessionInvalidationPolicy prepareSession = getRpcHttpSessionStrategy().prepareSession(httpServletRequest, httpServletResponse);
        try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            boolean processUnauthenticatedRequest = (authentication == null || getAuthenticationTrustResolver().isAnonymous(authentication)) ? processUnauthenticatedRequest(httpServletRequest, httpServletResponse, authentication) : saveSecurityContext(httpServletRequest, httpServletResponse, authentication);
            if (!processUnauthenticatedRequest && prepareSession.isInvalidateOnUnexpectedException()) {
                invalidateSession(httpServletRequest);
            }
            return processUnauthenticatedRequest;
        } catch (Throwable th) {
            if (0 == 0 && prepareSession.isInvalidateOnUnexpectedException()) {
                invalidateSession(httpServletRequest);
            }
            throw th;
        }
    }

    protected boolean saveSecurityContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        this.log.debug("Saving security context");
        try {
            applySessionAuthenticationStrategy(authentication, httpServletRequest, httpServletResponse);
            getSecurityContextRepository().saveContext(SecurityContextHolder.getContext(), httpServletRequest, httpServletResponse);
            return true;
        } catch (SessionAuthenticationException e) {
            this.log.info("Session authentication strategy rejected authentication request", e);
            unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            return false;
        }
    }

    protected void applySessionAuthenticationStrategy(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        SessionAuthenticationStrategy sessionAuthenticationStrategy = getSessionAuthenticationStrategy();
        if (appliedSessionAuthenticationStrategy(httpServletRequest, sessionAuthenticationStrategy)) {
            this.log.debug("Session authentication strategy has been applied already");
        } else {
            sessionAuthenticationStrategy.onAuthentication(authentication, httpServletRequest, httpServletResponse);
            saveAppliedSessionAuthenticationStrategy(httpServletRequest, sessionAuthenticationStrategy);
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.springframework.security.core.AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.clearContext();
        getAuthenticationFailureHandler().onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    protected boolean processUnauthenticatedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (httpServletRequest.getRequestedSessionId() == null || httpServletRequest.isRequestedSessionIdValid()) {
            return true;
        }
        this.log.debug("Request does not contain a valid session ID");
        getInvalidSessionRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, getInvalidSessionUrl());
        return false;
    }

    protected void invalidateSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Invalidating session " + session.getId());
            }
            session.invalidate();
        }
    }
}
