package org.pac4j.j2e.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.pac4j.core.client.Client;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.j2e.configuration.ClientsConfiguration;
import org.pac4j.j2e.util.UserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/j2e/filter/RequiresAuthenticationFilter.class */
public class RequiresAuthenticationFilter extends ClientsConfigFilter {
    private static final Logger logger = LoggerFactory.getLogger(RequiresAuthenticationFilter.class);
    private String clientName;
    private boolean stateless = false;
    private boolean isAjax = false;
    private String requireAnyRole;
    private String requireAllRoles;

    @Override // org.pac4j.j2e.filter.ClientsConfigFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.clientName = filterConfig.getInitParameter("clientName");
        String initParameter = filterConfig.getInitParameter("stateless");
        if (initParameter != null) {
            this.stateless = Boolean.parseBoolean(initParameter);
        }
        String initParameter2 = filterConfig.getInitParameter("isAjax");
        if (initParameter2 != null) {
            this.isAjax = Boolean.parseBoolean(initParameter2);
        }
        this.requireAnyRole = filterConfig.getInitParameter("requireAnyRole");
        this.requireAllRoles = filterConfig.getInitParameter("requireAllRoles");
    }

    @Override // org.pac4j.j2e.filter.ClientsConfigFilter
    protected final void internalFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        J2EContext j2EContext = new J2EContext(httpServletRequest, httpServletResponse);
        try {
            CommonProfile retrieveUserProfile = retrieveUserProfile(httpServletRequest, httpServletResponse, j2EContext);
            if (retrieveUserProfile == null) {
                authenticationFailure(httpServletRequest, httpServletResponse, filterChain, j2EContext);
            } else {
                saveUserProfile(retrieveUserProfile, httpServletRequest);
                authenticationSuccess(retrieveUserProfile, httpServletRequest, httpServletResponse, filterChain, j2EContext);
            }
        } catch (RequiresHttpAction e) {
            logger.debug("extra HTTP action required : {}", Integer.valueOf(e.getCode()));
        }
    }

    protected CommonProfile retrieveUserProfile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebContext webContext) throws RequiresHttpAction {
        if (isStateless()) {
            return authenticate(httpServletRequest, httpServletResponse, webContext);
        }
        CommonProfile profile = UserUtils.getProfile(httpServletRequest);
        logger.debug("profile : {}", profile);
        return profile;
    }

    protected void saveUserProfile(CommonProfile commonProfile, HttpServletRequest httpServletRequest) {
        UserUtils.setProfile(httpServletRequest, commonProfile, isStateless());
    }

    protected void authenticationSuccess(CommonProfile commonProfile, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, WebContext webContext) throws IOException, ServletException {
        if (hasAccess(commonProfile, httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            webContext.setResponseStatus(403);
        }
    }

    protected boolean hasAccess(CommonProfile commonProfile, HttpServletRequest httpServletRequest) {
        return commonProfile.hasAccess(this.requireAnyRole, this.requireAllRoles);
    }

    protected void authenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, WebContext webContext) throws IOException, ServletException {
        if (isStateless()) {
            webContext.setResponseStatus(401);
        } else {
            saveOriginalUrl(httpServletRequest);
            redirectToIdentityProvider(httpServletRequest, webContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CommonProfile authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebContext webContext) throws RequiresHttpAction {
        Client findClient = ClientsConfiguration.getClients().findClient(getClientName(webContext));
        logger.debug("client : {}", findClient);
        Credentials credentials = findClient.getCredentials(webContext);
        logger.debug("credentials : {}", credentials);
        CommonProfile userProfile = findClient.getUserProfile(credentials, webContext);
        logger.debug("profile : {}", userProfile);
        return userProfile;
    }

    protected void saveOriginalUrl(HttpServletRequest httpServletRequest) {
        if (isAjaxRequest(httpServletRequest)) {
            return;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String queryString = httpServletRequest.getQueryString();
        if (CommonHelper.isNotBlank(queryString)) {
            stringBuffer = stringBuffer + "?" + queryString;
        }
        logger.debug("requestedUrl : {}", stringBuffer);
        httpServletRequest.getSession(true).setAttribute("pac4jRequestedUrl", stringBuffer);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String retrieveOriginalUrl(HttpServletRequest httpServletRequest) {
        return (String) httpServletRequest.getSession(true).getAttribute("pac4jRequestedUrl");
    }

    protected boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        return this.isAjax;
    }

    private void redirectToIdentityProvider(HttpServletRequest httpServletRequest, WebContext webContext) {
        try {
            ClientsConfiguration.getClients().findClient(getClientName(webContext)).redirect(webContext, true, isAjaxRequest(httpServletRequest));
        } catch (RequiresHttpAction e) {
            logger.debug("extra HTTP action required : {}", Integer.valueOf(e.getCode()));
        }
    }

    private boolean isStateless() {
        return this.stateless;
    }

    private String getClientName(WebContext webContext) {
        return this.clientName != null ? this.clientName : webContext.getRequestParameter(ClientsConfiguration.getClients().getClientNameParameter());
    }
}
