package de.itsvs.cwtrpc.security;

import de.itsvs.cwtrpc.core.CwtRpcException;
import de.itsvs.cwtrpc.core.CwtRpcUtils;
import de.itsvs.cwtrpc.core.RpcSessionInvalidationPolicy;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;

/* loaded from: input_file:de/itsvs/cwtrpc/security/RpcLogoutFilter.class */
public class RpcLogoutFilter extends AbstractRpcProcessingFilter {
    private List<LogoutHandler> logoutHandlers;
    private LogoutSuccessHandler logoutSuccessHandler;
    private LogoutFailureHandler logoutFailureHandler;
    private final Log log = LogFactory.getLog(RpcLogoutFilter.class);
    private boolean invalidateSession = true;
    private boolean invalidateSessionOnExpectedException = true;
    private boolean invalidateSessionOnUnexpectedException = true;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:de/itsvs/cwtrpc/security/RpcLogoutFilter$RpcSessionInvalidationPolicyImpl.class */
    public static class RpcSessionInvalidationPolicyImpl implements RpcSessionInvalidationPolicy {
        private static final long serialVersionUID = 8325887953635922832L;
        private boolean invalidateAfterInvocation;
        private boolean invalidateOnUnexpectedException;
        private boolean invalidateOnExpectedException;

        protected RpcSessionInvalidationPolicyImpl() {
        }

        public boolean isInvalidateAfterInvocation() {
            return this.invalidateAfterInvocation;
        }

        public void setInvalidateAfterInvocation(boolean z) {
            this.invalidateAfterInvocation = z;
        }

        public boolean isInvalidateOnUnexpectedException() {
            return this.invalidateOnUnexpectedException;
        }

        public void setInvalidateOnUnexpectedException(boolean z) {
            this.invalidateOnUnexpectedException = z;
        }

        public boolean isInvalidateOnExpectedException() {
            return this.invalidateOnExpectedException;
        }

        public void setInvalidateOnExpectedException(boolean z) {
            this.invalidateOnExpectedException = z;
        }
    }

    public List<LogoutHandler> getLogoutHandlers() {
        return this.logoutHandlers;
    }

    public void setLogoutHandlers(List<LogoutHandler> list) {
        this.logoutHandlers = list;
    }

    public LogoutSuccessHandler getLogoutSuccessHandler() {
        return this.logoutSuccessHandler;
    }

    public void setLogoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler) {
        Assert.notNull(logoutSuccessHandler, "'logoutSuccessHandler' must not be null");
        this.logoutSuccessHandler = logoutSuccessHandler;
    }

    public LogoutFailureHandler getLogoutFailureHandler() {
        return this.logoutFailureHandler;
    }

    public void setLogoutFailureHandler(LogoutFailureHandler logoutFailureHandler) {
        Assert.notNull(logoutFailureHandler, "'logoutFailureHandler' must not be null");
        this.logoutFailureHandler = logoutFailureHandler;
    }

    public boolean isInvalidateSession() {
        return this.invalidateSession;
    }

    public void setInvalidateSession(boolean z) {
        this.invalidateSession = z;
    }

    public boolean isInvalidateSessionOnExpectedException() {
        return this.invalidateSessionOnExpectedException;
    }

    public void setInvalidateSessionOnExpectedException(boolean z) {
        this.invalidateSessionOnExpectedException = z;
    }

    public boolean isInvalidateSessionOnUnexpectedException() {
        return this.invalidateSessionOnUnexpectedException;
    }

    public void setInvalidateSessionOnUnexpectedException(boolean z) {
        this.invalidateSessionOnUnexpectedException = z;
    }

    @Override // de.itsvs.cwtrpc.security.AbstractRpcProcessingFilter
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        if (getLogoutSuccessHandler() == null) {
            LogoutSuccessHandler defaultRpcLogoutSuccessHandler = new DefaultRpcLogoutSuccessHandler();
            defaultRpcLogoutSuccessHandler.setServletContext(getServletContext());
            defaultRpcLogoutSuccessHandler.afterPropertiesSet();
            setLogoutSuccessHandler(defaultRpcLogoutSuccessHandler);
        }
        if (getLogoutFailureHandler() == null) {
            DefaultRpcLogoutFailureHandler defaultRpcLogoutFailureHandler = new DefaultRpcLogoutFailureHandler();
            defaultRpcLogoutFailureHandler.setServletContext(getServletContext());
            defaultRpcLogoutFailureHandler.afterPropertiesSet();
            setLogoutFailureHandler(defaultRpcLogoutFailureHandler);
        }
    }

    @Override // de.itsvs.cwtrpc.security.AbstractRpcProcessingFilter
    protected void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (CwtRpcUtils.isRpcSessionInvalidationPolicySet(httpServletRequest)) {
            this.log.debug("RPC session invalidation policy has already been applied.");
        } else {
            CwtRpcUtils.saveRpcSessionInvalidationPolicy(httpServletRequest, createRpcSessionInvalidationPolicy(httpServletRequest, httpServletResponse, authentication));
        }
        try {
            if (authentication != null) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Logging out user '" + authentication.getName() + "'");
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                if (getLogoutHandlers() != null) {
                    Iterator<LogoutHandler> it = getLogoutHandlers().iterator();
                    while (it.hasNext()) {
                        it.next().logout(httpServletRequest, httpServletResponse, authentication);
                    }
                }
            } else {
                if (httpServletRequest.getRequestedSessionId() == null || httpServletRequest.isRequestedSessionIdValid()) {
                    this.log.debug("Request does not belong to an authenticated session");
                    getLogoutFailureHandler().onLogoutFailure(httpServletRequest, httpServletResponse, new CwtRpcException("Request does not belong to an authenticated session."));
                    if (0 == 0 && isInvalidateSession()) {
                        invalidateSession(httpServletRequest);
                        return;
                    }
                    return;
                }
                this.log.debug("Request does not include a valid authentication. It seems to be a result of a session timeout. Sending success response.");
            }
            if (isInvalidateSession()) {
                invalidateSession(httpServletRequest);
            }
            getLogoutSuccessHandler().onLogoutSuccess(httpServletRequest, httpServletResponse, authentication);
            if (1 == 0 && isInvalidateSession()) {
                invalidateSession(httpServletRequest);
            }
        } catch (Throwable th) {
            if (0 == 0 && isInvalidateSession()) {
                invalidateSession(httpServletRequest);
            }
            throw th;
        }
    }

    protected RpcSessionInvalidationPolicy createRpcSessionInvalidationPolicy(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        boolean isInvalidateSession = isInvalidateSession();
        RpcSessionInvalidationPolicyImpl rpcSessionInvalidationPolicyImpl = new RpcSessionInvalidationPolicyImpl();
        rpcSessionInvalidationPolicyImpl.setInvalidateAfterInvocation(isInvalidateSession);
        rpcSessionInvalidationPolicyImpl.setInvalidateOnExpectedException(isInvalidateSession && isInvalidateSessionOnExpectedException());
        rpcSessionInvalidationPolicyImpl.setInvalidateOnUnexpectedException(isInvalidateSession && isInvalidateSessionOnUnexpectedException());
        return rpcSessionInvalidationPolicyImpl;
    }
}
