package com.atlassian.crowd.integration.http.filter;

import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
import com.atlassian.crowd.service.client.ClientProperties;
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crowd-integration-client-common-3.3.3-platform5-jdk11-m02.jar:com/atlassian/crowd/integration/http/filter/CrowdSecurityFilter.class */
public class CrowdSecurityFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CrowdSecurityFilter.class);
    private static final String BASE_NAME = "com.atlassian.crowd.security";
    private static final String FILTER_RUN = "com.atlassian.crowd.security.FILTER_RUN";
    public static final String ORIGINAL_URL = "com.atlassian.crowd.security.ORIGINAL_URL";
    private final CrowdHttpAuthenticator httpAuthenticator;
    private final AuthenticationUrlProvider authenticationUrlProvider;

    public CrowdSecurityFilter(CrowdHttpAuthenticator crowdHttpAuthenticator, ClientProperties clientProperties) {
        this(crowdHttpAuthenticator, fixedAuthenticationUrlProvider(clientProperties.getApplicationAuthenticationURL()));
    }

    public CrowdSecurityFilter(CrowdHttpAuthenticator crowdHttpAuthenticator, AuthenticationUrlProvider authenticationUrlProvider) {
        this.httpAuthenticator = crowdHttpAuthenticator;
        this.authenticationUrlProvider = authenticationUrlProvider;
    }

    private static AuthenticationUrlProvider fixedAuthenticationUrlProvider(final String str) {
        return new AuthenticationUrlProvider() { // from class: com.atlassian.crowd.integration.http.filter.CrowdSecurityFilter.1
            @Override // com.atlassian.crowd.integration.http.filter.AuthenticationUrlProvider
            public String authenticationUrl(HttpServletRequest httpServletRequest) {
                return str;
            }
        };
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Date date = new Date();
        try {
            try {
                Boolean bool = (Boolean) servletRequest.getAttribute(FILTER_RUN);
                if (bool == null || !bool.booleanValue()) {
                    servletRequest.setAttribute(FILTER_RUN, Boolean.TRUE);
                    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                    boolean isAuthenticated = this.httpAuthenticator.isAuthenticated(httpServletRequest, httpServletResponse);
                    StringBuffer requestURL = httpServletRequest.getRequestURL();
                    boolean z = false;
                    if (httpServletRequest.getParameterMap().size() > 0) {
                        requestURL.append("?");
                        Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
                        while (parameterNames.hasMoreElements()) {
                            if (z) {
                                requestURL.append("&");
                            } else {
                                z = true;
                            }
                            String nextElement = parameterNames.nextElement();
                            for (String str : httpServletRequest.getParameterValues(nextElement)) {
                                requestURL.append(nextElement).append("=").append(str);
                            }
                        }
                    }
                    if (isAuthenticated) {
                        httpServletRequest.removeAttribute(ORIGINAL_URL);
                        filterChain.doFilter(servletRequest, servletResponse);
                        if (servletRequest.getAttribute(FILTER_RUN) != null) {
                            servletRequest.removeAttribute(FILTER_RUN);
                        }
                    } else {
                        logger.info("Requesting URL is: " + ((Object) requestURL));
                        httpServletRequest.getSession().setAttribute(ORIGINAL_URL, requestURL.toString());
                        String authenticationUrl = authenticationUrl(httpServletRequest);
                        logger.info("Authentication is not valid, redirecting to: {}", authenticationUrl);
                        httpServletResponse.sendRedirect(authenticationUrl);
                    }
                } else {
                    filterChain.doFilter(servletRequest, servletResponse);
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Filter time to run: " + (new Date().getTime() - date.getTime()) + " ms");
                }
            } catch (Exception e) {
                logger.error(e.getMessage(), (Throwable) e);
                throw new ServletException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            if (logger.isDebugEnabled()) {
                logger.debug("Filter time to run: " + (new Date().getTime() - date.getTime()) + " ms");
            }
            throw th;
        }
    }

    protected String authenticationUrl(HttpServletRequest httpServletRequest) {
        return this.authenticationUrlProvider.authenticationUrl(httpServletRequest);
    }
}
