package org.pageseeder.bridge.berlioz.oauth;

import java.io.IOException;
import java.util.Objects;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.pageseeder.berlioz.GlobalSettings;
import org.pageseeder.bridge.PSToken;
import org.pageseeder.bridge.berlioz.auth.AuthSessions;
import org.pageseeder.bridge.berlioz.auth.AuthorizationResult;
import org.pageseeder.bridge.berlioz.auth.LoggedInAuthorizer;
import org.pageseeder.bridge.berlioz.auth.ProtectedRequest;
import org.pageseeder.bridge.model.PSMember;
import org.pageseeder.bridge.net.UnsafeSSL;
import org.pageseeder.bridge.net.UsernamePassword;
import org.pageseeder.bridge.oauth.ClientCredentials;
import org.pageseeder.bridge.oauth.TokenRequest;
import org.pageseeder.bridge.oauth.TokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pageseeder/bridge/berlioz/oauth/PasswordFilter.class */
public final class PasswordFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordFilter.class);
    private static final String DEFAULT_LOGIN = "/login.html";
    private static final String DEFAULT_TARGET = "/home.html";
    private String loginForm = DEFAULT_LOGIN;
    private String loginAction = DEFAULT_LOGIN;
    private String defaultTarget = DEFAULT_TARGET;

    public void init(FilterConfig filterConfig) {
        String contextPath = filterConfig.getServletContext().getContextPath();
        this.loginForm = contextPath + Objects.toString(filterConfig.getInitParameter("login-form"), DEFAULT_LOGIN);
        this.loginAction = contextPath + Objects.toString(filterConfig.getInitParameter("login-action"), DEFAULT_LOGIN);
        this.defaultTarget = contextPath + Objects.toString(filterConfig.getInitParameter("default-target"), DEFAULT_TARGET);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (GlobalSettings.getNode("oauth.password-credentials").containsKey("client")) {
            doHttpFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        } else {
            LOGGER.error("This filter requires a valid `oauth.password-credentials.client`.");
            ((HttpServletResponse) servletResponse).sendError(503);
        }
    }

    public void destroy() {
        this.loginForm = DEFAULT_LOGIN;
        this.loginAction = DEFAULT_LOGIN;
        this.defaultTarget = DEFAULT_TARGET;
    }

    private void doHttpFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        OAuthUser oAuthUserInSession = OAuthUtils.getOAuthUserInSession(httpServletRequest.getSession());
        LOGGER.debug("{} {} {}", new Object[]{httpServletRequest.getMethod(), requestURI, oAuthUserInSession});
        if (oAuthUserInSession != null) {
            if (LoggedInAuthorizer.getInstance().isUserAuthorized(oAuthUserInSession, requestURI) == AuthorizationResult.AUTHORIZED) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendError(403);
                return;
            }
        }
        if (this.loginAction.equals(requestURI) && "POST".equals(httpServletRequest.getMethod())) {
            login(httpServletRequest, httpServletResponse);
        } else if (this.loginForm.equals(requestURI) && "GET".equals(httpServletRequest.getMethod())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            loginForm(httpServletRequest, httpServletResponse);
        }
    }

    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        ProtectedRequest protectedRequest;
        Properties node = GlobalSettings.getNode("oauth.password-credentials");
        TokenResponse post = TokenRequest.newPassword(new UsernamePassword(httpServletRequest.getParameter("username"), httpServletRequest.getParameter("password")), new ClientCredentials(node.getProperty("client"), node.getProperty("secret"))).post();
        if (!post.isSuccessful()) {
            LOGGER.error("OAuth failed '{}': {}", post.getError(), post.getErrorDescription());
            if (post.isAvailable()) {
                httpServletResponse.sendError(403);
                return;
            } else {
                httpServletResponse.sendError(502);
                return;
            }
        }
        PSToken accessToken = post.getAccessToken();
        PSMember member = post.getMember();
        if (member == null) {
            member = OAuthUtils.retrieve(accessToken);
        }
        if (member == null) {
            LOGGER.error("Unable to identify user!");
            httpServletResponse.sendError(403);
            return;
        }
        OAuthUser oAuthUser = new OAuthUser(member, accessToken);
        HttpSession session = httpServletRequest.getSession(false);
        String str = this.defaultTarget;
        if (session != null && (protectedRequest = (ProtectedRequest) session.getAttribute(AuthSessions.REQUEST_ATTRIBUTE)) != null) {
            str = protectedRequest.url();
            session.invalidate();
        }
        httpServletRequest.getSession(true).setAttribute(AuthSessions.USER_ATTRIBUTE, oAuthUser);
        httpServletResponse.sendRedirect(str);
    }

    private void loginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            requestURI = requestURI + '?' + queryString;
        }
        httpServletRequest.getSession(true).setAttribute(AuthSessions.REQUEST_ATTRIBUTE, new ProtectedRequest(requestURI));
        httpServletResponse.sendRedirect(this.loginForm);
    }

    static {
        UnsafeSSL.enableIfSystemProperty();
    }
}
