package com.atlassian.seraph.filter;

import com.atlassian.seraph.SecurityService;
import com.atlassian.seraph.auth.AuthenticationContext;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.seraph.util.RedirectUtils;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Category;

/* loaded from: input_file:com/atlassian/seraph/filter/SecurityFilter.class */
public class SecurityFilter implements Filter {
    private FilterConfig config = null;
    private SecurityConfig securityConfig = null;
    private static final Category log;
    private static final String ALREADY_FILTERED = "os_securityfilter_already_filtered";
    public static final String ORIGINAL_URL = "atlassian.core.seraph.original.url";
    static Class class$com$atlassian$seraph$filter$SecurityFilter;

    public void init(FilterConfig filterConfig) {
        this.config = filterConfig;
        String str = null;
        if (filterConfig.getInitParameter("config.file") != null) {
            str = filterConfig.getInitParameter("config.file");
            log.debug(new StringBuffer().append("Security config file location: ").append(str).toString());
        }
        this.securityConfig = SecurityConfigFactory.getInstance(str);
        filterConfig.getServletContext().setAttribute(SecurityConfig.STORAGE_KEY, this.securityConfig);
    }

    public void destroy() {
        this.securityConfig.destroy();
        this.securityConfig = null;
        this.config = null;
    }

    public FilterConfig getFilterConfig() {
        return this.config;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        if (filterConfig != null) {
            init(filterConfig);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest.getAttribute(ALREADY_FILTERED) != null || !getSecurityConfig().getController().isSecurityEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        servletRequest.setAttribute(ALREADY_FILTERED, Boolean.TRUE);
        if (servletRequest.getAttribute(LoginFilter.ALREADY_FILTERED) == null) {
            log.warn("LoginFilter not yet applied to this request - terminating filter chain");
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String stringBuffer = new StringBuffer().append(httpServletRequest.getServletPath()).append(httpServletRequest.getPathInfo() == null ? "" : httpServletRequest.getPathInfo()).append(httpServletRequest.getQueryString() == null ? "" : new StringBuffer().append("?").append(httpServletRequest.getQueryString()).toString()).toString();
        httpServletRequest.setAttribute(ORIGINAL_URL, stringBuffer);
        HashSet<String> hashSet = new HashSet();
        Iterator it = getSecurityConfig().getServices().iterator();
        while (it.hasNext()) {
            hashSet.addAll(((SecurityService) it.next()).getRequiredRoles(httpServletRequest));
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("requiredRoles = ").append(hashSet).toString());
        }
        boolean z = false;
        Principal user = getSecurityConfig().getAuthenticator().getUser(httpServletRequest, httpServletResponse);
        if (RedirectUtils.isBasicAuthentication(httpServletRequest, getSecurityConfig().getAuthType()) && user == null) {
            return;
        }
        getAuthenticationContext().setUser(user);
        for (String str : hashSet) {
            if (!getSecurityConfig().getRoleMapper().hasRole(user, httpServletRequest, str)) {
                log.info(new StringBuffer().append("User '").append(user).append("' needs (and lacks) role '").append(str).append("' to access ").append(stringBuffer).toString());
                z = true;
            }
        }
        if (httpServletRequest.getServletPath() != null && httpServletRequest.getServletPath().equals(getSecurityConfig().getLoginURL())) {
            z = false;
        }
        if (!z) {
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                getAuthenticationContext().clearUser();
                return;
            } catch (Throwable th) {
                getAuthenticationContext().clearUser();
                throw th;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Need Authentication: Redirecting to: ").append(getSecurityConfig().getLoginURL()).append(" from: ").append(stringBuffer).toString());
        }
        httpServletRequest.getSession().setAttribute(getSecurityConfig().getOriginalURLKey(), stringBuffer);
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendRedirect(RedirectUtils.getLoginUrl(httpServletRequest));
    }

    protected SecurityConfig getSecurityConfig() {
        if (this.securityConfig == null) {
            this.securityConfig = (SecurityConfig) this.config.getServletContext().getAttribute(SecurityConfig.STORAGE_KEY);
        }
        return this.securityConfig;
    }

    protected AuthenticationContext getAuthenticationContext() {
        return getSecurityConfig().getAuthenticationContext();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$atlassian$seraph$filter$SecurityFilter == null) {
            cls = class$("com.atlassian.seraph.filter.SecurityFilter");
            class$com$atlassian$seraph$filter$SecurityFilter = cls;
        } else {
            cls = class$com$atlassian$seraph$filter$SecurityFilter;
        }
        log = Category.getInstance(cls);
    }
}
