package fish.focus.uvms.rest.security;

import fish.focus.uvms.constants.AuthConstants;
import fish.focus.uvms.usm.jwt.JwtTokenHandler;
import java.io.IOException;
import javax.ejb.EJB;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/usm4uvms-4.1.12.jar:fish/focus/uvms/rest/security/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationFilter.class);
    private static final String CHALLENGEAUTH = "/challengeauth";
    private static final String AUTHENTICATE = "/authenticate";
    private static final String PING = "/ping";

    @EJB
    private JwtTokenHandler tokenHandler;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        LOGGER.debug("doFilter(" + httpServletRequest.getMethod() + ", " + httpServletRequest.getPathInfo() + ") - (ENTER)");
        Boolean bool = false;
        String remoteUser = httpServletRequest.getRemoteUser();
        String header = httpServletRequest.getHeader(AuthConstants.HTTP_HEADER_AUTHORIZATION);
        LOGGER.debug("httpRequest.getRemoteUser(): " + remoteUser);
        if (remoteUser == null) {
            bool = true;
            remoteUser = this.tokenHandler.parseToken(header);
        }
        LOGGER.debug("remoteUser: " + remoteUser);
        if (remoteUser == null) {
            String pathInfo = httpServletRequest.getPathInfo();
            if (AUTHENTICATE.equals(pathInfo) || CHALLENGEAUTH.equals(pathInfo)) {
                filterChain.doFilter(httpServletRequest, servletResponse);
                return;
            } else {
                httpServletResponse.sendError(403);
                return;
            }
        }
        UserRoleRequestWrapper userRoleRequestWrapper = new UserRoleRequestWrapper(httpServletRequest, remoteUser);
        String extendToken = bool.booleanValue() ? this.tokenHandler.extendToken(header) : this.tokenHandler.createToken(remoteUser);
        httpServletResponse.addHeader(AuthConstants.HTTP_HEADER_AUTHORIZATION, extendToken);
        httpServletResponse.addHeader(AuthConstants.HTTP_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, AuthConstants.HTTP_HEADER_AUTHORIZATION);
        if (PING.equals(httpServletRequest.getPathInfo()) && httpServletRequest.getUserPrincipal() != null && httpServletRequest.getUserPrincipal().getClass().toString().contains("cas")) {
            LOGGER.debug("ECAS Authenticated");
            String parameter = httpServletRequest.getParameter(AuthConstants.JWTCALLBACK);
            if (parameter != null) {
                LOGGER.debug("Redirecting to add jwt");
                httpServletResponse.sendRedirect(parameter + "?jwt=" + extendToken);
            }
        }
        filterChain.doFilter(userRoleRequestWrapper, httpServletResponse);
    }

    public void destroy() {
    }
}
