package net.sf.jguard.core.filters;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import net.sf.jguard.core.CoreConstants;
import net.sf.jguard.core.Filter;
import net.sf.jguard.core.FilterChain;
import net.sf.jguard.core.authentication.AccessContext;
import net.sf.jguard.core.authentication.AuthenticationBindings;
import net.sf.jguard.core.authentication.AuthenticationServicePoint;
import net.sf.jguard.core.authentication.AuthenticationUtils;
import net.sf.jguard.core.authentication.Stateful;
import net.sf.jguard.core.authorization.AuthorizationBindings;
import net.sf.jguard.core.authorization.PolicyDecisionPoint;
import net.sf.jguard.core.provisioning.ProvisioningServicePoint;

/* loaded from: input_file:net/sf/jguard/core/filters/PolicyEnforcementPointFilter.class */
public class PolicyEnforcementPointFilter implements Filter {
    private AuthenticationBindings authenticationBindings;
    private PolicyDecisionPoint policyDecisionPoint;
    private ProvisioningServicePoint provisioningServicePoint;
    private static final Logger logger;
    private Permission logonProcessPermission;
    private Permission logoffPermission;
    private String authenticationScope;
    private String applicationName;
    public static final String REDIRECT = "redirect";
    static Class class$net$sf$jguard$core$filters$PolicyEnforcementPointFilter;
    static Class class$net$sf$jguard$core$authorization$AuthorizationBindings;

    public PolicyEnforcementPointFilter(Map map) {
        this.authenticationBindings = null;
        this.policyDecisionPoint = null;
        this.provisioningServicePoint = null;
        this.logonProcessPermission = null;
        this.logoffPermission = null;
        String str = (String) map.get(CoreConstants.AUTHENTICATION_BINDINGS);
        String str2 = (String) map.get(CoreConstants.CONFIGURATION_LOCATION);
        this.authenticationScope = (String) map.get(CoreConstants.AUTHENTICATION_SCOPE);
        this.applicationName = (String) map.get(CoreConstants.APPLICATION_NAME);
        this.policyDecisionPoint = initPolicyDecisionPoint((String) map.get(CoreConstants.AUTHORIZATION_BINDINGS));
        this.authenticationBindings = initAuthenticationBindings(this.policyDecisionPoint.getAuthorizationBindings(), str, str2, this.authenticationScope);
        this.logonProcessPermission = this.authenticationBindings.getLogonProcessPermission();
        this.logoffPermission = this.authenticationBindings.getLogoffPermission();
        String str3 = (String) map.get(CoreConstants.PROVISIONING_SERVICE_POINT);
        if (str3 == null || "".equals(str3)) {
            logger.info("provisioningServicePoint is not set ");
        } else {
            this.provisioningServicePoint = initProvisioningServicePoint(str3, str2);
            this.policyDecisionPoint.addAlwaysGrantedPermissionsToPolicy(this.provisioningServicePoint.getGrantedPermissions());
        }
        this.policyDecisionPoint.addAlwaysGrantedPermissionsToPolicy(this.authenticationBindings.getGrantedPermissions());
    }

    public PolicyDecisionPoint getPolicyDecisionPoint() {
        return this.policyDecisionPoint;
    }

    public ProvisioningServicePoint getProvisioningServicePoint() {
        return this.provisioningServicePoint;
    }

    private PolicyDecisionPoint initPolicyDecisionPoint(String str) {
        logger.finest("initializing PolicyDecisionPoint");
        logger.finest(new StringBuffer().append("authorizationBindingsImpl=").append(str).toString());
        try {
            return new PolicyDecisionPoint((AuthorizationBindings) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance());
        } catch (ClassNotFoundException e) {
            logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new IllegalArgumentException(e.getMessage());
        } catch (IllegalAccessException e2) {
            logger.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
            throw new IllegalArgumentException(e2.getMessage());
        } catch (InstantiationException e3) {
            logger.log(Level.SEVERE, e3.getMessage(), (Throwable) e3);
            throw new IllegalArgumentException(e3.getMessage());
        }
    }

    private ProvisioningServicePoint initProvisioningServicePoint(String str, String str2) {
        logger.finest("initializing ProvisioningServicePoint");
        logger.finest(new StringBuffer().append("provisioningServicePointImpl=").append(str).toString());
        try {
            ProvisioningServicePoint provisioningServicePoint = (ProvisioningServicePoint) Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
            provisioningServicePoint.init(str2);
            return provisioningServicePoint;
        } catch (ClassNotFoundException e) {
            logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new IllegalArgumentException(e.getMessage());
        } catch (IllegalAccessException e2) {
            logger.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
            throw new IllegalArgumentException(e2.getMessage());
        } catch (InstantiationException e3) {
            logger.log(Level.SEVERE, e3.getMessage(), (Throwable) e3);
            throw new IllegalArgumentException(e3.getMessage());
        }
    }

    public static AuthenticationBindings initAuthenticationBindings(AuthorizationBindings authorizationBindings, String str, String str2, String str3) {
        Class<?> cls;
        if (str == null || "".equals(str)) {
            throw new IllegalArgumentException("authenticationBindingsImpl is null or empty");
        }
        if (str2 == null || "".equals(str2)) {
            throw new IllegalArgumentException("filterConfigurationLocation is null or empty");
        }
        if (str3 == null || "".equals(str3)) {
            throw new IllegalArgumentException("authenticationScope is null or empty");
        }
        logger.finest("initializing authenticationBindings");
        logger.finest(new StringBuffer().append("authenticationBindingsImpl=").append(str).toString());
        logger.finest(new StringBuffer().append("filterConfigurationLocation=").append(str2).toString());
        logger.finest(new StringBuffer().append("authenticationScope=").append(str3).toString());
        try {
            Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(str);
            Class<?>[] clsArr = new Class[1];
            if (class$net$sf$jguard$core$authorization$AuthorizationBindings == null) {
                cls = class$("net.sf.jguard.core.authorization.AuthorizationBindings");
                class$net$sf$jguard$core$authorization$AuthorizationBindings = cls;
            } else {
                cls = class$net$sf$jguard$core$authorization$AuthorizationBindings;
            }
            clsArr[0] = cls;
            AuthenticationBindings authenticationBindings = (AuthenticationBindings) loadClass.getConstructor(clsArr).newInstance(authorizationBindings);
            authenticationBindings.init(str2, str3);
            return authenticationBindings;
        } catch (ClassNotFoundException e) {
            logger.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new IllegalArgumentException(e.getMessage());
        } catch (IllegalAccessException e2) {
            logger.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
            throw new IllegalArgumentException(e2.getMessage());
        } catch (IllegalArgumentException e3) {
            logger.log(Level.SEVERE, e3.getMessage(), (Throwable) e3);
            throw new IllegalArgumentException(e3.getMessage());
        } catch (InstantiationException e4) {
            logger.log(Level.SEVERE, e4.getMessage(), (Throwable) e4);
            throw new IllegalArgumentException(e4.getMessage());
        } catch (NoSuchMethodException e5) {
            logger.log(Level.SEVERE, e5.getMessage(), (Throwable) e5);
            throw new IllegalArgumentException(e5.getMessage());
        } catch (SecurityException e6) {
            logger.log(Level.SEVERE, e6.getMessage(), (Throwable) e6);
            throw new IllegalArgumentException(e6.getMessage());
        } catch (InvocationTargetException e7) {
            logger.log(Level.SEVERE, e7.getMessage(), (Throwable) e7);
            throw new IllegalArgumentException(e7.getMessage());
        }
    }

    private boolean authenticateAfterRegistration(AccessContext accessContext) {
        this.authenticationBindings.setRequestAttribute(accessContext, CoreConstants.REGISTRATION_DONE, true);
        return AuthenticationServicePoint.authenticate(accessContext, this.applicationName, this.authenticationBindings);
    }

    private void logoff(AccessContext accessContext) {
        logger.finest(" logoff phase ");
        Stateful stateful = (Stateful) this.authenticationBindings;
        AuthenticationUtils authenticationUtils = (AuthenticationUtils) stateful.getSessionAttribute(accessContext, CoreConstants.AUTHN_UTILS);
        if (authenticationUtils != null) {
            authenticationUtils.logout();
            logger.finest(" user logoff ");
        }
        stateful.removeSessionAttribute(accessContext, CoreConstants.AUTHN_UTILS);
        logger.finest("doFilter() -  user logoff ");
        try {
            stateful.invalidateSession(accessContext);
        } catch (IllegalStateException e) {
            logger.log(Level.SEVERE, " session is already invalidated ", (Throwable) e);
        }
    }

    private void propagateWithSecurity(AccessContext accessContext, Subject subject) {
        try {
            Subject.doAsPrivileged(subject, new PrivilegedExceptionAction(this, accessContext) { // from class: net.sf.jguard.core.filters.PolicyEnforcementPointFilter.1
                private final AccessContext val$context;
                private final PolicyEnforcementPointFilter this$0;

                {
                    this.this$0 = this;
                    this.val$context = accessContext;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    try {
                        this.this$0.policyDecisionPoint.process(this.val$context);
                        return null;
                    } catch (Throwable th) {
                        PolicyEnforcementPointFilter.logger.log(Level.SEVERE, th.getMessage(), th);
                        throw new RuntimeException(th.getMessage(), th);
                    }
                }
            }, (AccessControlContext) null);
        } catch (Throwable th) {
            logger.log(Level.SEVERE, th.getMessage(), th);
        }
    }

    @Override // net.sf.jguard.core.Filter
    public void doFilter(AccessContext accessContext, FilterChain filterChain) {
        Permission permissionRequested = this.policyDecisionPoint.getAuthorizationBindings().getPermissionRequested(accessContext);
        Subject subject = this.authenticationBindings.getAuthenticationUtils(accessContext).getSubject();
        if (this.logonProcessPermission.implies(permissionRequested)) {
            logger.finest(" authentication phase ");
            logger.finest(new StringBuffer().append(" authentication result =").append(AuthenticationServicePoint.authenticate(accessContext, this.applicationName, this.authenticationBindings)).toString());
        } else if (this.authenticationBindings.isStateful() && this.logoffPermission.implies(permissionRequested)) {
            logoff(accessContext);
        } else if (this.provisioningServicePoint.getRegisterProcessPermission() != null && this.provisioningServicePoint.getRegisterProcessPermission().implies(permissionRequested)) {
            logger.finest(" registerProcess phase ");
            if (!AuthenticationServicePoint.authenticate(this.provisioningServicePoint.anonymize(accessContext), this.applicationName, this.authenticationBindings)) {
                return;
            }
            if (this.provisioningServicePoint.registerProcess(accessContext)) {
                authenticateAfterRegistration(accessContext);
            }
            subject = this.authenticationBindings.getAuthenticationUtils(accessContext).getSubject();
        } else if (subject == null) {
            logger.finest(" subject is null  authentication phase ");
            logger.finest(new StringBuffer().append("LAST_ACCESS_DENIED_PERMISSION=").append(permissionRequested).toString());
            if (this.authenticationBindings.isStateful()) {
                ((Stateful) this.authenticationBindings).setSessionAttribute(accessContext, CoreConstants.LAST_ACCESS_DENIED_PERMISSION, permissionRequested);
            }
            AuthenticationServicePoint.authenticateAsGuest(accessContext, this.applicationName, this.authenticationBindings);
        }
        this.authenticationBindings.process(accessContext);
        if (Boolean.valueOf((String) accessContext.getAttribute(REDIRECT)).booleanValue()) {
            return;
        }
        propagateWithSecurity(accessContext, subject);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$core$filters$PolicyEnforcementPointFilter == null) {
            cls = class$("net.sf.jguard.core.filters.PolicyEnforcementPointFilter");
            class$net$sf$jguard$core$filters$PolicyEnforcementPointFilter = cls;
        } else {
            cls = class$net$sf$jguard$core$filters$PolicyEnforcementPointFilter;
        }
        logger = Logger.getLogger(cls.getName());
    }
}
