package org.xdi.oxauth.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.web.Filter;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.NotLoggedInException;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
import org.jboss.seam.util.Base64;
import org.jboss.seam.web.AbstractFilter;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.token.ClientAssertion;
import org.xdi.oxauth.model.token.ClientAssertionType;
import org.xdi.oxauth.model.token.TokenErrorResponseType;
import org.xdi.oxauth.service.ClientService;
import org.xdi.oxauth.service.SessionIdService;
import org.xdi.util.StringHelper;

@Name("org.jboss.seam.web.authenticationFilter")
@Scope(ScopeType.APPLICATION)
@Filter(within = {"org.jboss.seam.web.exceptionFilter"})
@Install(value = false, precedence = 0)
@BypassInterceptors
/* loaded from: input_file:org/xdi/oxauth/auth/AuthenticationFilter.class */
public class AuthenticationFilter extends AbstractFilter {

    @Logger
    private Log log;
    private String realm;
    public static final String REALM = "oxAuth";

    /* JADX WARN: Type inference failed for: r0v4, types: [org.xdi.oxauth.auth.AuthenticationFilter$1] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        new ContextualHttpServletRequest(httpServletRequest) { // from class: org.xdi.oxauth.auth.AuthenticationFilter.1
            public void process() {
                try {
                    if (httpServletRequest.getParameter("client_assertion") != null && httpServletRequest.getParameter("client_assertion_type") != null) {
                        AuthenticationFilter.this.processJwtAuth(httpServletRequest, httpServletResponse, filterChain);
                    } else if (httpServletRequest.getParameter("client_id") != null && httpServletRequest.getParameter("client_secret") != null) {
                        AuthenticationFilter.this.processPostAuth(httpServletRequest, httpServletResponse, filterChain);
                    } else if (httpServletRequest.getHeader("Authorization") != null) {
                        String header = httpServletRequest.getHeader("Authorization");
                        if (header.startsWith("Bearer ")) {
                            AuthenticationFilter.this.processBearerAuth(httpServletRequest, httpServletResponse, filterChain);
                        } else if (header.startsWith("Basic ")) {
                            AuthenticationFilter.this.processBasicAuth(httpServletRequest, httpServletResponse, filterChain);
                        } else {
                            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + AuthenticationFilter.this.getRealm() + "\"");
                            httpServletResponse.sendError(401, "Not authorized");
                        }
                    } else {
                        String parameter = httpServletRequest.getParameter("session_id");
                        if (StringUtils.isBlank(parameter)) {
                            parameter = SessionIdService.instance().getSessionIdFromCookie(httpServletRequest);
                        }
                        if (StringUtils.isNotBlank(parameter)) {
                            AuthenticationFilter.this.processSessionAuth(parameter, httpServletRequest, httpServletResponse, filterChain);
                        } else {
                            filterChain.doFilter(httpServletRequest, httpServletResponse);
                        }
                    }
                } catch (ServletException e) {
                    AuthenticationFilter.this.log.error(e.getMessage(), e, new Object[0]);
                } catch (IOException e2) {
                    AuthenticationFilter.this.log.error(e2.getMessage(), e2, new Object[0]);
                }
            }
        }.run();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processSessionAuth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z = !getAuthenticator().authenticateBySessionId(str);
        this.log.trace("processSessionAuth, sessionId = {0}, requireAuth = {1}", new Object[]{str, Boolean.valueOf(z)});
        if (!z) {
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                z = true;
            }
        }
        if (z) {
            sendError(httpServletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processBasicAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        Client client;
        Identity instance = Identity.instance();
        boolean z = true;
        try {
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null && header.startsWith("Basic ")) {
                String str = new String(Base64.decode(header.substring(6)), "UTF-8");
                String str2 = "";
                String str3 = "";
                int indexOf = str.indexOf(":");
                if (indexOf != -1) {
                    str2 = str.substring(0, indexOf);
                    str3 = str.substring(indexOf + 1);
                }
                z = (StringHelper.equals(str2, instance.getCredentials().getUsername()) && instance.isLoggedIn()) ? false : true;
                if (z && (!str2.equals(instance.getCredentials().getUsername()) || !instance.isLoggedIn())) {
                    if (httpServletRequest.getRequestURI().endsWith("/token") && ((client = getClientService().getClient(str2)) == null || AuthenticationMethod.CLIENT_SECRET_BASIC != client.getAuthenticationMethod())) {
                        throw new Exception("The Token Authentication Method is not valid.");
                    }
                    instance.getCredentials().setUsername(str2);
                    instance.getCredentials().setPassword(str3);
                    z = !getAuthenticator().authenticateWebService();
                }
            }
            if (!z) {
                try {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                } catch (NotLoggedInException e) {
                    z = true;
                }
            }
        } catch (UnsupportedEncodingException e2) {
            this.log.info("Basic authentication failed", e2, new Object[0]);
        } catch (ServletException e3) {
            this.log.info("Basic authentication failed", e3, new Object[0]);
        } catch (IOException e4) {
            this.log.info("Basic authentication failed", e4, new Object[0]);
        } catch (Exception e5) {
            this.log.info("Basic authentication failed", e5, new Object[0]);
        }
        if (z) {
            try {
                if (!instance.isLoggedIn()) {
                    sendError(httpServletResponse);
                }
            } catch (IOException e6) {
                this.log.error(e6.getMessage(), e6, new Object[0]);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processBearerAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        try {
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null && header.startsWith("Bearer ")) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (ServletException e) {
            this.log.info("Bearer authorization failed: {0}", e, new Object[]{e.getMessage()});
        } catch (IOException e2) {
            this.log.info("Bearer authorization failed: {0}", e2, new Object[]{e2.getMessage()});
        } catch (Exception e3) {
            this.log.info("Bearer authorization failed: {0}", e3, new Object[]{e3.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processPostAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        Client client;
        try {
            Identity instance = Identity.instance();
            String str = "";
            String str2 = "";
            boolean z = false;
            if (StringHelper.isNotEmpty(httpServletRequest.getParameter("client_id")) && StringHelper.isNotEmpty(httpServletRequest.getParameter("client_secret"))) {
                str = httpServletRequest.getParameter("client_id");
                str2 = httpServletRequest.getParameter("client_secret");
                z = true;
            }
            boolean z2 = (StringHelper.equals(str, instance.getCredentials().getUsername()) && instance.isLoggedIn()) ? false : true;
            if (z2 && z && (client = getClientService().getClient(str)) != null && AuthenticationMethod.CLIENT_SECRET_POST == client.getAuthenticationMethod() && (!str.equals(instance.getCredentials().getUsername()) || !instance.isLoggedIn())) {
                instance.logout();
                instance.getCredentials().setUsername(str);
                instance.getCredentials().setPassword(str2);
                z2 = !getAuthenticator().authenticateWebService();
            }
            if (!z2) {
                try {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                } catch (NotLoggedInException e) {
                    z2 = true;
                }
            }
            if (z2 && !instance.isLoggedIn()) {
                sendError(httpServletResponse);
            }
        } catch (ServletException e2) {
            this.log.error("Post authentication failed: {0}", e2, new Object[]{e2.getMessage()});
        } catch (IOException e3) {
            this.log.error("Post authentication failed: {0}", e3, new Object[]{e3.getMessage()});
        } catch (Exception e4) {
            this.log.error("Post authentication failed: {0}", e4, new Object[]{e4.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processJwtAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        boolean z = false;
        try {
            Identity instance = Identity.instance();
            if (httpServletRequest.getParameter("client_assertion") != null && httpServletRequest.getParameter("client_assertion_type") != null) {
                String parameter = httpServletRequest.getParameter("client_id");
                ClientAssertionType fromString = ClientAssertionType.fromString(httpServletRequest.getParameter("client_assertion_type"));
                String parameter2 = httpServletRequest.getParameter("client_assertion");
                if (fromString == ClientAssertionType.JWT_BEARER) {
                    ClientAssertion clientAssertion = new ClientAssertion(parameter, fromString, parameter2);
                    String subjectIdentifier = clientAssertion.getSubjectIdentifier();
                    String clientSecret = clientAssertion.getClientSecret();
                    if (!subjectIdentifier.equals(instance.getCredentials().getUsername()) || !instance.isLoggedIn()) {
                        instance.getCredentials().setUsername(subjectIdentifier);
                        instance.getCredentials().setPassword(clientSecret);
                        getAuthenticator().authenticateWebService();
                        z = true;
                    }
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (InvalidJwtException e) {
            this.log.info("JWT authentication failed: {0}", e, new Object[]{e.getMessage()});
        } catch (NotLoggedInException e2) {
            this.log.info("JWT authentication failed: {0}", e2, new Object[]{e2.getMessage()});
        } catch (IOException e3) {
            this.log.info("JWT authentication failed: {0}", e3, new Object[]{e3.getMessage()});
        } catch (ServletException e4) {
            this.log.info("JWT authentication failed: {0}", e4, new Object[]{e4.getMessage()});
        }
        if (!z) {
            try {
                sendError(httpServletResponse);
            } catch (IOException e5) {
            }
        }
    }

    private void sendError(HttpServletResponse httpServletResponse) throws IOException {
        PrintWriter printWriter = null;
        try {
            try {
                printWriter = httpServletResponse.getWriter();
                ErrorResponseFactory errorResponseFactory = getErrorResponseFactory();
                httpServletResponse.setStatus(401);
                httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealm() + "\"");
                httpServletResponse.setContentType("application/json;charset=UTF-8");
                printWriter.write(errorResponseFactory.getErrorAsJson(TokenErrorResponseType.INVALID_CLIENT));
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                this.log.error(e.getMessage(), e, new Object[0]);
                if (printWriter != null) {
                    printWriter.close();
                }
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }

    public String getRealm() {
        return this.realm != null ? this.realm : REALM;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    private Authenticator getAuthenticator() {
        return (Authenticator) Component.getInstance(Authenticator.class, true);
    }

    private ClientService getClientService() {
        return (ClientService) Component.getInstance(ClientService.class, true);
    }

    private ErrorResponseFactory getErrorResponseFactory() {
        return (ErrorResponseFactory) Component.getInstance(ErrorResponseFactory.class, true);
    }
}
