package ee.bitweb.springframework.security.estonianid.filter;

import ee.bitweb.springframework.security.estonianid.authentication.IdCardAuthenticationHandler;
import ee.bitweb.springframework.security.estonianid.authentication.IdCardAuthenticationToken;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:ee/bitweb/springframework/security/estonianid/filter/IdCardAuthenticationFilter.class */
public class IdCardAuthenticationFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
    private AuthenticationManager authenticationManager;
    private ApplicationEventPublisher applicationEventPublisher;
    private String filterProcessesUrl = "/j_spring_eid_security_check";
    private AuthenticationSuccessHandler authenticationSuccessHandler = new IdCardAuthenticationHandler();
    private AuthenticationFailureHandler authenticationFailureHandler = new IdCardAuthenticationHandler();
    private boolean getClientCertFromHeader = true;
    private String clientCertHeaderName = "X-Client-Certificate";

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.authenticationManager, "authenticationManager must be specified");
        Assert.notNull(this.applicationEventPublisher, "applicationEventPublisher must be specified");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!httpServletRequest.getRequestURI().contains(this.filterProcessesUrl)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        this.logger.debug("Request requires IdCard authentication");
        try {
            Authentication attemptAuthentication = attemptAuthentication(httpServletRequest);
            if (ObjectUtils.isEmpty(attemptAuthentication)) {
                return;
            }
            successfulAuthentication(httpServletRequest, httpServletResponse, attemptAuthentication);
        } catch (AuthenticationException e) {
            unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
        }
    }

    Authentication attemptAuthentication(HttpServletRequest httpServletRequest) throws AuthenticationException {
        this.logger.debug("Attempting IdCard authentication");
        return this.authenticationManager.authenticate(new IdCardAuthenticationToken(obtainCert(httpServletRequest)));
    }

    private void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        this.logger.debug("Successfully authenticated with IdCard authentication: " + authentication);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        this.applicationEventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authentication, getClass()));
        this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
    }

    private void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.clearContext();
        this.logger.debug("IdCard authentication failed: {}", authenticationException);
        this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    private X509Certificate obtainCert(HttpServletRequest httpServletRequest) {
        if (!this.getClientCertFromHeader) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
            if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                return x509CertificateArr[0];
            }
            this.logger.debug("No client certificate");
            return null;
        }
        X509Certificate x509Certificate = null;
        String header = httpServletRequest.getHeader(this.clientCertHeaderName);
        if (ObjectUtils.isEmpty(header)) {
            this.logger.debug("No client certificate");
        } else {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(header.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""))));
            } catch (CertificateException e) {
                this.logger.error(e);
                return null;
            }
        }
        return x509Certificate;
    }

    public String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }

    public void setFilterProcessesUrl(String str) {
        this.filterProcessesUrl = str;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public ApplicationEventPublisher getApplicationEventPublisher() {
        return this.applicationEventPublisher;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
        return this.authenticationSuccessHandler;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public AuthenticationFailureHandler getAuthenticationFailureHandler() {
        return this.authenticationFailureHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    public boolean isGetClientCertFromHeader() {
        return this.getClientCertFromHeader;
    }

    public void setGetClientCertFromHeader(boolean z) {
        this.getClientCertFromHeader = z;
    }

    public String getClientCertHeaderName() {
        return this.clientCertHeaderName;
    }

    public void setClientCertHeaderName(String str) {
        this.clientCertHeaderName = str;
    }
}
