package org.nuxeo.ecm.webengine.jaxrs.login;

import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.nuxeo.common.utils.Base64;
import org.nuxeo.common.utils.StringUtils;
import org.nuxeo.ecm.core.api.local.ClientLoginModule;
import org.nuxeo.ecm.webengine.jaxrs.HttpFilter;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/webengine/jaxrs/login/AuthenticationFilter.class */
public class AuthenticationFilter extends HttpFilter {
    public static final String DEFAULT_SECURITY_DOMAIN = "nuxeo-client-login";
    protected String domain = DEFAULT_SECURITY_DOMAIN;
    protected boolean autoPrompt = true;
    protected String realmName = "Nuxeo";

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("securityDomain");
        if (initParameter != null) {
            this.domain = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter("realmName");
        if (initParameter2 != null) {
            this.realmName = initParameter2;
        }
    }

    @Override // org.nuxeo.ecm.webengine.jaxrs.HttpFilter
    public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        LoginContext loginContext = null;
        if (httpServletRequest.getUserPrincipal() == null) {
            try {
                loginContext = doLogin(httpServletRequest, httpServletResponse);
                httpServletRequest = wrapRequest(httpServletRequest, loginContext);
            } catch (LoginException e) {
                handleLoginFailure(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            ClientLoginModule.getThreadLocalLogin().clear();
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (Exception e2) {
                }
            }
        } catch (Throwable th) {
            ClientLoginModule.getThreadLocalLogin().clear();
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    public void destroy() {
    }

    protected String[] retrieveBasicLogin(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("authorization");
        if (header == null || !header.toLowerCase().startsWith("basic")) {
            return null;
        }
        String[] split = StringUtils.split(new String(Base64.decode(header.substring(header.indexOf(32) + 1))), ':', false);
        if (split.length != 2) {
            return null;
        }
        return split;
    }

    protected LoginContext doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
        String[] retrieveBasicLogin = retrieveBasicLogin(httpServletRequest);
        if (retrieveBasicLogin != null) {
            return Framework.login(retrieveBasicLogin[0], retrieveBasicLogin[1]);
        }
        throw new LoginException("User must login");
    }

    protected void handleLoginFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginException loginException) {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realmName + "\"");
        httpServletResponse.setStatus(401);
    }

    protected HttpServletRequest wrapRequest(HttpServletRequest httpServletRequest, LoginContext loginContext) {
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        if (principals.isEmpty()) {
            return httpServletRequest;
        }
        final Principal next = principals.iterator().next();
        return new HttpServletRequestWrapper(httpServletRequest) { // from class: org.nuxeo.ecm.webengine.jaxrs.login.AuthenticationFilter.1
            public Principal getUserPrincipal() {
                return next;
            }
        };
    }
}
