package ca.carleton.gcrc.auth;

import ca.carleton.gcrc.auth.common.AuthHttpServletRequest;
import ca.carleton.gcrc.auth.common.AuthenticationUtils;
import ca.carleton.gcrc.auth.common.User;
import ca.carleton.gcrc.auth.common.UserRepository;
import ca.carleton.gcrc.auth.common.UserRepositoryDb;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/carleton/gcrc/auth/AuthFilter.class */
public class AuthFilter implements Filter {
    private static final String defaultRealm = "olkit";
    private UserRepository userRepository;
    protected final Logger logger = Logger.getLogger(getClass());
    private String realm = defaultRealm;
    private boolean allowAnonymous = false;
    private boolean allowUser = false;
    private boolean allowAdmin = true;

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            this.userRepository = new UserRepositoryDb(filterConfig.getServletContext());
            String initParameter = filterConfig.getInitParameter("anonymous");
            if (null != initParameter) {
                this.allowAnonymous = 0 != Integer.parseInt(initParameter);
            }
            String initParameter2 = filterConfig.getInitParameter("user");
            if (null != initParameter2) {
                this.allowUser = 0 != Integer.parseInt(initParameter2);
            }
            String initParameter3 = filterConfig.getInitParameter("admin");
            if (null != initParameter3) {
                this.allowAdmin = 0 != Integer.parseInt(initParameter3);
            }
            String initParameter4 = filterConfig.getInitParameter("realm");
            if (null != initParameter4) {
                this.realm = initParameter4;
            }
        } catch (Exception e) {
            this.logger.error("Error while connecting to database", e);
            throw new ServletException("Error while connecting to database", e);
        }
    }

    public void destroy() {
        if (null != this.userRepository) {
            this.userRepository.destroy();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z = false;
        HttpServletResponse httpServletResponse = null;
        if (servletResponse instanceof HttpServletResponse) {
            z = true;
            httpServletResponse = (HttpServletResponse) servletResponse;
        }
        if ((servletRequest instanceof AuthHttpServletRequest) && z) {
            try {
                checkAuthentication((AuthHttpServletRequest) servletRequest, httpServletResponse, filterChain);
            } catch (Exception e) {
                throw new ServletException("Error while filtering AuthHttpServletRequest", e);
            }
        } else if (!(servletRequest instanceof HttpServletRequest) || !z) {
            this.logger.info("Skip filtering request because it is not HTTP");
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            try {
                checkAuthentication((HttpServletRequest) servletRequest, httpServletResponse, filterChain);
            } catch (Exception e2) {
                throw new ServletException("Error while filtering HttpServletRequest", e2);
            }
        }
    }

    private void checkAndDispatch(User user, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        boolean z = false;
        if (this.allowAnonymous && user.isAnonymous()) {
            z = true;
        } else if (this.allowAdmin && user.isAdmin()) {
            z = true;
        } else if (this.allowUser && !user.isAdmin() && !user.isAnonymous()) {
            z = true;
        }
        if (z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            this.logger.info("User denied access (" + user + ")");
            AuthenticationUtils.sendAuthRequiredError(httpServletResponse, this.realm);
        }
    }

    private void checkAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        User user = null;
        if (httpServletRequest instanceof AuthHttpServletRequest) {
            checkAndDispatch(AuthenticationUtils.getUserFromRequest(httpServletRequest), httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        this.logger.info("Authorization: " + header);
        if (null == header) {
            AuthenticationUtils.sendAuthRequiredError(httpServletResponse, this.realm);
            return;
        }
        try {
            String[] userNameAndPassword = AuthenticationUtils.getUserNameAndPassword(header);
            try {
                user = this.userRepository.authenticate(userNameAndPassword[0], userNameAndPassword[1]);
            } catch (Exception e) {
                this.logger.info("Failed to authenticate user", e);
                AuthenticationUtils.sendAuthRequiredError(httpServletResponse, this.realm);
            }
            this.logger.info("user: " + user);
            Cookie cookie = new Cookie("nunaliit-auth", AuthenticationUtils.userToCookieString(true, user));
            cookie.setPath("/");
            httpServletResponse.addCookie(cookie);
            checkAndDispatch(user, new AuthHttpServletRequest(httpServletRequest, user), httpServletResponse, filterChain);
        } catch (Exception e2) {
            throw new ServletException("Unable to acquire user", e2);
        }
    }
}
