package org.codelibs.spnego;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/codelibs/spnego/SpnegoHttpFilter.class */
public class SpnegoHttpFilter implements Filter {
    private static final Logger LOGGER = Logger.getLogger(Constants.LOGGER_NAME);
    protected SpnegoAuthenticator authenticator;
    protected UserAccessControl accessControl;
    protected String sitewide;
    protected String page403;
    protected final List<String> excludeDirs = new ArrayList();

    /* loaded from: input_file:org/codelibs/spnego/SpnegoHttpFilter$Constants.class */
    public static final class Constants {
        public static final String ALLOW_BASIC = "spnego.allow.basic";
        public static final String ALLOW_DELEGATION = "spnego.allow.delegation";
        public static final String ALLOW_LOCALHOST = "spnego.allow.localhost";
        public static final String ALLOW_UNSEC_BASIC = "spnego.allow.unsecure.basic";
        public static final String AUTHN_HEADER = "WWW-Authenticate";
        public static final String AUTHZ_HEADER = "Authorization";
        public static final String BASIC_HEADER = "Basic";
        public static final String CLIENT_MODULE = "spnego.login.client.module";
        public static final String CONTENT_TYPE = "Content-Type";
        public static final String EXCLUDE_DIRS = "spnego.exclude.dirs";
        public static final String KRB5_CONF = "spnego.krb5.conf";
        public static final String LOGGER_LEVEL = "spnego.logger.level";
        public static final String LOGGER_NAME = "Spnego";
        public static final String LOGIN_CONF = "spnego.login.conf";
        public static final String NEGOTIATE_HEADER = "Negotiate";
        public static final String NTLM_PROLOG = "TlRMTVNT";
        public static final String PREAUTH_PASSWORD = "spnego.preauth.password";
        public static final String PREAUTH_USERNAME = "spnego.preauth.username";
        public static final String PROMPT_NTLM = "spnego.prompt.ntlm";
        public static final String SERVER_MODULE = "spnego.login.server.module";
        public static final String SOAP_ACTION = "SOAPAction";

        private Constants() {
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            SpnegoFilterConfig spnegoFilterConfig = SpnegoFilterConfig.getInstance(filterConfig);
            this.excludeDirs.addAll(spnegoFilterConfig.getExcludeDirs());
            LOGGER.fine(() -> {
                return "excludeDirs=" + this.excludeDirs;
            });
            this.authenticator = new SpnegoAuthenticator(spnegoFilterConfig);
            Properties properties = toProperties(filterConfig);
            if (!properties.getProperty("spnego.authz.class", "").isEmpty()) {
                properties.put("spnego.server.realm", this.authenticator.getServerRealm());
                this.page403 = properties.getProperty("spnego.authz.403", "").trim();
                this.sitewide = properties.getProperty("spnego.authz.sitewide", "").trim();
                this.sitewide = this.sitewide.isEmpty() ? null : this.sitewide;
                this.accessControl = (UserAccessControl) Class.forName(properties.getProperty("spnego.authz.class")).newInstance();
                this.accessControl.init(properties);
                LOGGER.fine(() -> {
                    return "page403=" + this.page403;
                });
                LOGGER.fine(() -> {
                    return "sitewide=" + this.sitewide;
                });
                LOGGER.fine(() -> {
                    return "accessControl=" + this.accessControl;
                });
            }
        } catch (LoginException | GSSException | FileNotFoundException | ClassNotFoundException | IllegalAccessException | InstantiationException | URISyntaxException | PrivilegedActionException e) {
            throw new ServletException(e);
        }
    }

    public void destroy() {
        this.page403 = null;
        this.sitewide = null;
        this.excludeDirs.clear();
        if (null != this.accessControl) {
            this.accessControl.destroy();
            this.accessControl = null;
        }
        if (null != this.authenticator) {
            this.authenticator.dispose();
            this.authenticator = null;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        SpnegoHttpServletResponse spnegoHttpServletResponse = new SpnegoHttpServletResponse((HttpServletResponse) servletResponse);
        if (exclude(httpServletRequest.getContextPath(), httpServletRequest.getServletPath())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            SpnegoPrincipal authenticate = this.authenticator.authenticate(httpServletRequest, spnegoHttpServletResponse);
            if (spnegoHttpServletResponse.isStatusSet()) {
                LOGGER.fine(() -> {
                    return "Sending response in authentication.";
                });
                return;
            }
            if (null == authenticate) {
                LOGGER.severe(() -> {
                    return "Principal was null.";
                });
                spnegoHttpServletResponse.setStatus(500, true);
                return;
            }
            LOGGER.fine(() -> {
                return "principal=" + authenticate;
            });
            SpnegoHttpServletRequest spnegoHttpServletRequest = new SpnegoHttpServletRequest(httpServletRequest, authenticate, this.accessControl);
            if (isAuthorized(spnegoHttpServletRequest)) {
                processRequest(spnegoHttpServletRequest, servletResponse, filterChain);
                return;
            }
            LOGGER.info(() -> {
                return "Principal Not AuthoriZed: " + authenticate;
            });
            if (this.page403.isEmpty()) {
                spnegoHttpServletResponse.setStatus(403, true);
            } else {
                servletRequest.getRequestDispatcher(this.page403).forward(spnegoHttpServletRequest, servletResponse);
            }
        } catch (GSSException e) {
            LOGGER.severe(() -> {
                return "HTTP Authorization Header=" + httpServletRequest.getHeader(Constants.AUTHZ_HEADER);
            });
            throw new ServletException(e);
        }
    }

    protected void processRequest(SpnegoHttpServletRequest spnegoHttpServletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(spnegoHttpServletRequest, servletResponse);
    }

    private boolean isAuthorized(HttpServletRequest httpServletRequest) {
        return null == this.sitewide || null == this.accessControl || this.accessControl.hasAccess(httpServletRequest.getRemoteUser(), this.sitewide);
    }

    private boolean exclude(String str, String str2) {
        String str3 = str + str2 + (str2.endsWith("/") ? "" : "/");
        Iterator<String> it = this.excludeDirs.iterator();
        while (it.hasNext()) {
            if (str3.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    private static Properties toProperties(FilterConfig filterConfig) {
        Properties properties = new Properties();
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            properties.put(str, filterConfig.getInitParameter(str));
        }
        return properties;
    }
}
