package org.openmdx.catalina.authenticator;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.CombinedRealm;
import org.apache.catalina.realm.RealmBase;
import org.apache.catalina.valves.ValveBase;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:org/openmdx/catalina/authenticator/RemoteUserAuthenticator.class */
public class RemoteUserAuthenticator extends ValveBase {
    private static Log LOG = LogFactory.getLog(RemoteUserAuthenticator.class);
    private final Method realmBaseGetPrincipalMethod;
    private final Field combinedRealmRealmsField;
    private String jwtSubjectField = null;

    public RemoteUserAuthenticator() {
        try {
            this.realmBaseGetPrincipalMethod = RealmBase.class.getDeclaredMethod("getPrincipal", String.class);
            this.realmBaseGetPrincipalMethod.setAccessible(true);
            try {
                this.combinedRealmRealmsField = CombinedRealm.class.getDeclaredField("realms");
                this.combinedRealmRealmsField.setAccessible(true);
            } catch (Exception e) {
                LOG.error("", e);
                throw new IllegalStateException("", e);
            }
        } catch (Exception e2) {
            LOG.error("Unable to get method RealmBase.getPrincipal!", e2);
            throw new IllegalStateException("Unable to get method RealmBase.getPrincipal!", e2);
        }
    }

    public String getJwtSubjectField() {
        return this.jwtSubjectField;
    }

    public void setJwtSubjectField(String str) {
        this.jwtSubjectField = str;
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        String str = null;
        String header = request.getHeader("Authorization");
        if (getJwtSubjectField() != null && header != null && header.startsWith("Bearer ")) {
            String[] strArr = null;
            try {
                strArr = header.substring(7).split("\\.");
                String str2 = new String(Base64.getDecoder().decode(strArr[1]), "UTF-8");
                int indexOf = str2.indexOf("\"" + getJwtSubjectField() + "\":");
                if (indexOf < 0) {
                    indexOf = str2.indexOf(getJwtSubjectField() + ":");
                }
                if (indexOf > 0) {
                    str = str2.substring(indexOf, str2.indexOf(",", indexOf)).split(":")[1];
                    if (str.startsWith("\"")) {
                        str = str.substring(1);
                    }
                    if (str.endsWith("\"")) {
                        str = str.substring(0, str.length() - 1);
                    }
                }
            } catch (Exception e) {
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authorization: " + header);
                if (strArr != null) {
                    LOG.debug("JWT token: " + Arrays.asList(strArr));
                }
                if (str != null) {
                    LOG.debug("Remote user: " + str + " [authType:" + request.getAuthType() + "]");
                }
            }
        }
        if (request.getUserPrincipal() != null) {
            str = request.getUserPrincipal().getName();
        }
        if (str != null) {
            if (str.contains("\\")) {
                str = str.substring(str.lastIndexOf("\\") + 1);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Remote user: " + str + " [authType:" + request.getAuthType() + "]");
            }
            Principal principal = null;
            Session sessionInternal = request.getSessionInternal(false);
            if (sessionInternal != null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Current user already has an session [" + sessionInternal.getId() + "].");
                }
                principal = sessionInternal.getPrincipal();
                if (principal != null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("User was already authenticated, reuse principal from session. " + principal);
                    }
                    request.setUserPrincipal(principal);
                    getNext().invoke(request, response);
                    return;
                }
            }
            if (principal == null) {
                principal = getPrincipal(request.getContext().getRealm(), str);
            }
            register(request, response, principal, request.getAuthType(), str);
        }
        getNext().invoke(request, response);
    }

    public void register(Request request, HttpServletResponse httpServletResponse, Principal principal, String str, String str2) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authenticated '" + (principal == null ? "none" : principal.getName()) + "' with type '" + str + "'");
        }
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal != null) {
            request.getContext().getManager().changeSessionId(sessionInternal);
            request.changeSessionId(sessionInternal.getId());
        }
        if (sessionInternal != null) {
            sessionInternal.setAuthType(str);
            sessionInternal.setPrincipal(principal);
            if (str2 != null) {
                sessionInternal.setNote("org.apache.catalina.session.USERNAME", str2);
            } else {
                sessionInternal.removeNote("org.apache.catalina.session.USERNAME");
            }
        }
    }

    protected Principal getPrincipal(Realm realm, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Try to find user " + str + " based on container configured realms");
        }
        if (!(realm instanceof RealmBase)) {
            return null;
        }
        if (!(realm instanceof CombinedRealm)) {
            try {
                return (Principal) this.realmBaseGetPrincipalMethod.invoke(realm, str);
            } catch (Exception e) {
                String str2 = "Unable to invoke getPrincipal(..) for user " + str + " [" + e.getMessage() + "]";
                if (LOG.isDebugEnabled()) {
                    LOG.debug(str2, e);
                    return null;
                }
                LOG.error(str2);
                return null;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("application uses a combined realm. try to retrieve realm list.");
        }
        try {
            List list = (List) this.combinedRealmRealmsField.get(realm);
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Principal principal = getPrincipal((Realm) it.next(), str);
                    if (principal != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Sucessfully found principal for given username. " + principal);
                        }
                        return principal;
                    }
                }
            }
            return null;
        } catch (Throwable th) {
            String str3 = "Unable to find principal for user " + str + " [" + th.getMessage() + "]";
            if (LOG.isDebugEnabled()) {
                LOG.debug(str3, th);
                return null;
            }
            LOG.error(str3);
            return null;
        }
    }
}
