package com.adobe.idp.um.auth.filter;

import com.adobe.idp.Context;
import com.adobe.idp.dsc.i18n.DSCMessageConstants;
import com.adobe.idp.um.api.UMConstants;
import com.adobe.idp.um.api.UMException;
import com.adobe.idp.um.api.UMFactory;
import com.adobe.idp.um.api.infomodel.AuthResult;
import com.adobe.idp.um.api.infomodel.HttpRequestToken;
import com.adobe.logging.AdobeLogger;
import java.io.IOException;
import java.util.logging.Level;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/adobe/idp/um/auth/filter/RestSecurityFilter.class */
public class RestSecurityFilter extends AbstractSecurityFilter {
    private static AdobeLogger logger = AdobeLogger.getAdobeLogger(RestSecurityFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (authenticate(httpServletRequest, httpServletResponse)) {
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                checkAuthError(httpServletRequest, httpServletResponse);
            } catch (Throwable th) {
                checkAuthError(httpServletRequest, httpServletResponse);
                throw th;
            }
        }
    }

    protected void checkAuthError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Integer num = (Integer) httpServletRequest.getAttribute(UMConstants.SSOConstants.ATTR_REST_AUTH_ERROR);
        if (num == null) {
            return;
        }
        handleAuthenticationError(httpServletRequest, httpServletResponse, "Not authorized", num.intValue());
    }

    private boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            AuthResult authenticate = UMFactory.getInstance().getAuthenticationManager().authenticate(new HttpRequestToken(httpServletRequest));
            if (authenticate != null) {
                Context context = new Context();
                context.initPrincipal(authenticate);
                httpServletRequest.setAttribute(UMConstants.SESSION_PRINCIPAL_CONTEXT, context);
            }
            return true;
        } catch (UMException e) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Following exception was received while performing Authentication for REST Service invocation", (Throwable) e);
            }
            handleAuthenticationError(httpServletRequest, httpServletResponse, "Authentication failed", DSCMessageConstants.ARCHIVE_NOT_FOUND_ERR);
            return false;
        }
    }

    private void handleAuthenticationError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, int i) throws IOException {
        if (httpServletResponse.isCommitted()) {
            logger.warning("The service to be invoked requires authentication but the response is already commited");
            return;
        }
        if (401 == i) {
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"LiveCycle\"");
        }
        httpServletResponse.sendError(i, str);
    }
}
