package org.fcrepo.server.security.servletfilters;

import java.util.Collection;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Set;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/server/security/servletfilters/BaseContributing.class */
public abstract class BaseContributing extends FilterSetup {
    public static final String SURROGATE_ROLE_KEY = "surrogate-role";
    public static final String SURROGATE_ATTRIBUTE_KEY = "surrogate-attribute";
    public static final String SKIP_FILTER = "skip-filter";
    public static final String UNAUTHENTICATE_USER_UNCONDITIONALLY = "unauthenticate-user-unconditionally";
    public static final String PW_NULL_KEY = "null-password";
    public static final String PW_0_KEY = "zerolength-password";
    public static final String EMPTY_RESULTS_KEY = "empty-results";
    public static final String LOG_STACK_TRACES_KEY = "log-stack-traces";
    private static final Logger logger = LoggerFactory.getLogger(BaseContributing.class);
    public static final Set<String> NULL_SET = Collections.emptySet();
    public static final Hashtable<?, ?> EMPTY_MAP = new Hashtable<>();
    public static final String[] EMPTY_ARRAY = new String[0];
    private static boolean AUTHENTICATE_DEFAULT = true;
    private static Collection<String> FILTERS_CONTRIBUTING_SPONSORED_ATTRIBUTES_DEFAULT = NULL_SET;
    private static String SURROGATE_ROLE_DEFAULT = null;
    private static String SURROGATE_ATTRIBUTE_DEFAULT = null;
    public static final String USE_FILTER = "use-filter";
    private static String PW_NULL_DEFAULT = USE_FILTER;
    private static String PW_0_DEFAULT = USE_FILTER;
    public static final String UNAUTHENTICATE_USER_CONDITIONALLY = "unauthenticate-user-conditionally";
    private static String EMPTY_RESULTS_DEFAULT = UNAUTHENTICATE_USER_CONDITIONALLY;
    private static boolean LOG_STACK_TRACES_DEFAULT = false;
    protected boolean AUTHENTICATE = AUTHENTICATE_DEFAULT;
    protected Collection<String> FILTERS_CONTRIBUTING_AUTHENTICATED_ATTRIBUTES = NULL_SET;
    protected Collection<String> FILTERS_CONTRIBUTING_SPONSORED_ATTRIBUTES = FILTERS_CONTRIBUTING_SPONSORED_ATTRIBUTES_DEFAULT;
    protected String SURROGATE_ROLE = SURROGATE_ROLE_DEFAULT;
    protected String SURROGATE_ATTRIBUTE = SURROGATE_ATTRIBUTE_DEFAULT;
    public String PW_NULL = PW_NULL_DEFAULT;
    public String PW_0 = PW_0_DEFAULT;
    public String EMPTY_RESULTS = EMPTY_RESULTS_DEFAULT;
    protected boolean LOG_STACK_TRACES = LOG_STACK_TRACES_DEFAULT;

    @Override // org.fcrepo.server.security.servletfilters.FilterSetup
    public void init(FilterConfig filterConfig) {
        if (logger.isDebugEnabled()) {
            logger.debug(enter("init() "));
        }
        super.init(filterConfig);
        this.inited = false;
        if (!this.initErrors && this.FILTERS_CONTRIBUTING_AUTHENTICATED_ATTRIBUTES.isEmpty()) {
            if (this.FILTER_NAME == null || this.FILTER_NAME.isEmpty()) {
                this.initErrors = true;
                if (logger.isErrorEnabled()) {
                    logger.error(format("init() ", "FILTER_NAME not set"));
                }
            } else {
                this.FILTERS_CONTRIBUTING_AUTHENTICATED_ATTRIBUTES = Collections.singletonList(this.FILTER_NAME);
            }
        }
        if (this.initErrors && logger.isErrorEnabled()) {
            logger.error(format("init() ", "FILTERS_CONTRIBUTING_AUTHENTICATED_ATTRIBUTES not set; see previous error"));
        }
        this.inited = true;
        if (logger.isDebugEnabled()) {
            logger.debug(exit("init() "));
        }
    }

    @Override // org.fcrepo.server.security.servletfilters.FilterSetup
    public void destroy() {
        if (logger.isDebugEnabled()) {
            logger.debug(enter("destroy()"));
        }
        super.destroy();
        if (logger.isDebugEnabled()) {
            logger.debug(exit("destroy()"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.fcrepo.server.security.servletfilters.FilterSetup, org.fcrepo.server.security.servletfilters.Base
    public void initThisSubclass(String str, String str2) {
        logger.debug("{}>", "initThisSubclass() ");
        if (SURROGATE_ROLE_KEY.equals(str)) {
            this.SURROGATE_ROLE = str2;
            logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, this.SURROGATE_ROLE});
        } else if (SURROGATE_ATTRIBUTE_KEY.equals(str)) {
            this.SURROGATE_ATTRIBUTE = str2;
            logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, this.SURROGATE_ATTRIBUTE});
        } else if (LOG_STACK_TRACES_KEY.equals(str)) {
            try {
                this.LOG_STACK_TRACES = Base.booleanValue(str2);
                logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, Boolean.valueOf(this.LOG_STACK_TRACES)});
            } catch (Throwable th) {
                this.initErrors = true;
                logger.error("initThisSubclass() bad config " + str + "==" + str2);
            }
        } else if (PW_NULL_KEY.equals(str)) {
            if (SKIP_FILTER.equalsIgnoreCase(str2) || USE_FILTER.equalsIgnoreCase(str2) || UNAUTHENTICATE_USER_UNCONDITIONALLY.equalsIgnoreCase(str2)) {
                this.PW_NULL = str2;
                logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, this.PW_NULL});
            } else {
                this.initErrors = true;
                logger.error("initThisSubclass() bad config " + str + "==" + str2);
            }
        } else if (PW_0_KEY.equals(str)) {
            if (SKIP_FILTER.equalsIgnoreCase(str2) || USE_FILTER.equalsIgnoreCase(str2) || UNAUTHENTICATE_USER_UNCONDITIONALLY.equalsIgnoreCase(str2)) {
                this.PW_0 = str2;
                logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, this.PW_0});
            } else {
                this.initErrors = true;
                logger.error("initThisSubclass() bad config " + str + "==" + str2);
            }
        } else if (!EMPTY_RESULTS_KEY.equals(str)) {
            logger.debug("{}deferring {} to super", "initThisSubclass() ", str);
            super.initThisSubclass(str, str2);
        } else if (SKIP_FILTER.equalsIgnoreCase(str2) || USE_FILTER.equalsIgnoreCase(str2) || UNAUTHENTICATE_USER_UNCONDITIONALLY.equalsIgnoreCase(str2) || UNAUTHENTICATE_USER_CONDITIONALLY.equalsIgnoreCase(str2)) {
            this.EMPTY_RESULTS = str2;
            logger.info("{}{}=={}", new Object[]{"initThisSubclass() ", str, this.EMPTY_RESULTS});
        } else {
            this.initErrors = true;
            logger.error("initThisSubclass() bad config " + str + "==" + str2);
        }
        logger.debug("{}<", "initThisSubclass() ");
    }

    @Override // org.fcrepo.server.security.servletfilters.FilterSetup
    public boolean doThisSubclass(ExtendedHttpServletRequest extendedHttpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        boolean isDebugEnabled = logger.isDebugEnabled();
        if (isDebugEnabled) {
            logger.debug(enter("doThisSubclass() "));
        }
        super.doThisSubclass(extendedHttpServletRequest, httpServletResponse);
        boolean z = extendedHttpServletRequest.getUserPrincipal() != null;
        if (isDebugEnabled) {
            logger.debug(format("doThisSubclass() ", null, "alreadyAuthenticated") + z);
            logger.debug(format("doThisSubclass() ", null, "AUTHENTICATE") + this.AUTHENTICATE);
        }
        if (authenticate(z)) {
            if (logger.isDebugEnabled()) {
                logger.debug(format("doThisSubclass() ", "calling authenticate() . . ."));
            }
            authenticate(extendedHttpServletRequest);
        } else if (isDebugEnabled) {
            logger.debug(format("doThisSubclass() ", "not calling authenticate()"));
        }
        String authority = extendedHttpServletRequest.getAuthority();
        if (isDebugEnabled) {
            logger.debug(format("doThisSubclass() ", null, "authority", authority));
        }
        if (authority == null || authority.isEmpty()) {
            return false;
        }
        if (!extendedHttpServletRequest.isUserSponsored()) {
            if (isDebugEnabled) {
                logger.debug(format("doThisSubclass() ", "user not already sponsored"));
            }
            if (this.FILTERS_CONTRIBUTING_AUTHENTICATED_ATTRIBUTES.contains(authority)) {
                if (isDebugEnabled) {
                    logger.debug(format("doThisSubclass() ", "calling gatherAuthenticatedAttributes() . . ."));
                }
                contributeAuthenticatedAttributes(extendedHttpServletRequest);
                boolean z2 = false;
                if (this.SURROGATE_ROLE != null && !this.SURROGATE_ROLE.isEmpty()) {
                    if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "surrogate role configured", SURROGATE_ROLE_KEY, this.SURROGATE_ROLE));
                    }
                    if (extendedHttpServletRequest.isUserInRole(this.SURROGATE_ROLE)) {
                        if (isDebugEnabled) {
                            logger.debug(format("doThisSubclass() ", "authenticated user has surrogate role"));
                        }
                        z2 = true;
                    } else if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "authenticated user doesn't have surrogate role"));
                    }
                } else if (isDebugEnabled) {
                    logger.debug(format("doThisSubclass() ", "no surrogate role configured"));
                }
                if (this.SURROGATE_ATTRIBUTE != null && !this.SURROGATE_ATTRIBUTE.isEmpty()) {
                    if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "surrogate attribute configured", SURROGATE_ATTRIBUTE_KEY, this.SURROGATE_ATTRIBUTE));
                    }
                    if (extendedHttpServletRequest.isAttributeDefined(this.SURROGATE_ATTRIBUTE)) {
                        if (logger.isDebugEnabled()) {
                            logger.debug(format("doThisSubclass() ", "authenticated user has surrogate attribute"));
                        }
                        z2 = true;
                    } else if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "authenticated user doesn't have surrogate attribute"));
                    }
                } else if (isDebugEnabled) {
                    logger.debug(format("doThisSubclass() ", "no surrogate attribute configured"));
                }
                if (z2) {
                    if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "setting user to sponsored"));
                    }
                    extendedHttpServletRequest.setSponsoredUser();
                    if (!extendedHttpServletRequest.isUserSponsored()) {
                        logger.error(format("doThisSubclass() ", "user is not correctly sponsored"));
                    } else if (isDebugEnabled) {
                        logger.debug(format("doThisSubclass() ", "verified that user is sponsored"));
                    }
                }
            } else if (isDebugEnabled) {
                logger.debug(format("doThisSubclass() ", "not calling gatherAuthenticatedAttributes()"));
            }
        } else if (isDebugEnabled) {
            logger.debug(format("doThisSubclass() ", "user already sponsored"));
        }
        if (!extendedHttpServletRequest.isUserSponsored()) {
            return false;
        }
        if (this.FILTERS_CONTRIBUTING_SPONSORED_ATTRIBUTES.contains(authority)) {
            if (isDebugEnabled) {
                logger.debug(format("doThisSubclass() ", "calling gatherSponsoredAttributes() . . ."));
            }
            contributeSponsoredAttributes(extendedHttpServletRequest);
            return false;
        }
        if (!isDebugEnabled) {
            return false;
        }
        logger.debug(format("doThisSubclass() ", "not calling gatherSponsoredAttributes()"));
        return false;
    }

    protected abstract void authenticate(ExtendedHttpServletRequest extendedHttpServletRequest) throws Exception;

    protected abstract void contributeAuthenticatedAttributes(ExtendedHttpServletRequest extendedHttpServletRequest) throws Exception;

    protected abstract void contributeSponsoredAttributes(ExtendedHttpServletRequest extendedHttpServletRequest) throws Exception;

    protected abstract boolean authenticate(boolean z);
}
