package org.eclipse.scout.rt.server.commons.servletfilter.security;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.scout.commons.StringUtility;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.commons.security.SimplePrincipal;
import org.eclipse.scout.rt.server.commons.cache.IHttpSessionCacheService;
import org.eclipse.scout.rt.server.commons.servletfilter.FilterConfigInjection;
import org.eclipse.scout.service.SERVICES;

/* loaded from: input_file:org/eclipse/scout/rt/server/commons/servletfilter/security/AbstractChainableSecurityFilter.class */
public abstract class AbstractChainableSecurityFilter implements Filter {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(AbstractChainableSecurityFilter.class);
    public static final String PROP_SUBJECT = Subject.class.getName();
    public static final int STATUS_CONTINUE_CHAIN = 1;
    public static final int STATUS_BREAK_CHAIN = 2;
    public static final int STATUS_CONTINUE_WITH_PRINCIPAL = 3;
    private boolean m_failover;
    private String m_realm;
    private FilterConfigInjection m_injection;

    protected String getFilterId() {
        return getClass().getSimpleName();
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.m_injection = new FilterConfigInjection(filterConfig, getClass());
        FilterConfigInjection.FilterConfig anyConfig = this.m_injection.getAnyConfig();
        this.m_failover = Boolean.parseBoolean(anyConfig.getInitParameter("failover"));
        String initParameter = anyConfig.getInitParameter("realm");
        if (initParameter == null) {
            initParameter = "Default";
        }
        this.m_realm = initParameter;
    }

    public void destroy() {
        this.m_injection = null;
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        if (!this.m_injection.getConfig(servletRequest).isActive()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletRequest.getSession();
        Subject findSubject = findSubject(httpServletRequest, httpServletResponse);
        if (findSubject == null || findSubject.getPrincipals().size() == 0) {
            PrincipalHolder principalHolder = new PrincipalHolder();
            switch (negotiate(httpServletRequest, httpServletResponse, principalHolder)) {
                case STATUS_CONTINUE_CHAIN /* 1 */:
                    if (this.m_failover) {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        return;
                    } else {
                        httpServletResponse.sendError(401);
                        return;
                    }
                case STATUS_BREAK_CHAIN /* 2 */:
                    return;
                case STATUS_CONTINUE_WITH_PRINCIPAL /* 3 */:
                    if (findSubject == null || findSubject.isReadOnly()) {
                        findSubject = new Subject();
                    }
                    findSubject.getPrincipals().add(principalHolder.getPrincipal());
                    findSubject.setReadOnly();
                    cacheSubject(httpServletRequest, httpServletResponse, findSubject);
                    break;
            }
        }
        if (Subject.getSubject(AccessController.getContext()) != null) {
            doFilterInternal(httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        try {
            Subject.doAs(findSubject, new PrivilegedExceptionAction<Object>() { // from class: org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    SecureHttpServletRequestWrapper secureHttpServletRequestWrapper = httpServletRequest;
                    if (!(secureHttpServletRequestWrapper instanceof SecureHttpServletRequestWrapper)) {
                        secureHttpServletRequestWrapper = new SecureHttpServletRequestWrapper(httpServletRequest, Subject.getSubject(AccessController.getContext()).getPrincipals().iterator().next());
                    }
                    AbstractChainableSecurityFilter.this.doFilterInternal(secureHttpServletRequestWrapper, httpServletResponse, filterChain);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            ServletException cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            if (!(cause instanceof ServletException)) {
                throw new ServletException(cause);
            }
            throw cause;
        }
    }

    protected Subject findSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        synchronized (session) {
            HttpSession cachedSubject = getCachedSubject(httpServletRequest, httpServletResponse);
            if (cachedSubject == null) {
                cachedSubject = Subject.getSubject(AccessController.getContext());
            }
            if (cachedSubject == null) {
                Principal userPrincipal = httpServletRequest.getUserPrincipal();
                if (userPrincipal == null || !StringUtility.hasText(userPrincipal.getName())) {
                    userPrincipal = null;
                    String remoteUser = httpServletRequest.getRemoteUser();
                    if (StringUtility.hasText(remoteUser)) {
                        userPrincipal = new SimplePrincipal(remoteUser);
                    }
                }
                if (userPrincipal != null) {
                    cachedSubject = createSubject(userPrincipal);
                    cacheSubject(httpServletRequest, httpServletResponse, cachedSubject);
                }
            }
            session = cachedSubject;
        }
        return session;
    }

    protected void cacheSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Subject subject) {
        Throwable session = httpServletRequest.getSession();
        synchronized (session) {
            ((IHttpSessionCacheService) SERVICES.getService(IHttpSessionCacheService.class)).put(PROP_SUBJECT, subject, httpServletRequest, httpServletResponse);
            session = session;
        }
    }

    protected Subject getCachedSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        synchronized (httpServletRequest.getSession()) {
            Object andTouch = ((IHttpSessionCacheService) SERVICES.getService(IHttpSessionCacheService.class)).getAndTouch(PROP_SUBJECT, httpServletRequest, httpServletResponse);
            if (!(andTouch instanceof Subject)) {
                return null;
            }
            return (Subject) andTouch;
        }
    }

    protected Subject createSubject(Principal principal) {
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        subject.setReadOnly();
        return subject;
    }

    protected abstract int negotiate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrincipalHolder principalHolder) throws IOException, ServletException;

    /* JADX INFO: Access modifiers changed from: private */
    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public String getRealm() {
        return this.m_realm;
    }

    public boolean isFailover() {
        return this.m_failover;
    }
}
