package org.geoserver.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.logging.Level;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.filter.AuthenticationCachingFilter;
import org.geoserver.security.filter.GeoServerAuthenticationFilter;
import org.geoserver.security.filter.GeoServerSecurityFilter;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/gs-authkey-2.18.7.jar:org/geoserver/security/GeoServerAuthenticationKeyFilter.class */
public class GeoServerAuthenticationKeyFilter extends GeoServerSecurityFilter implements AuthenticationCachingFilter, GeoServerAuthenticationFilter {
    private String authKeyMapperName;
    private String authKeyParamName;
    private AuthenticationKeyMapper mapper;
    private String userGroupServiceName;
    protected AuthenticationEntryPoint aep;

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        this.aep = new Http403ForbiddenEntryPoint();
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = (AuthenticationKeyFilterConfig) securityNamedServiceConfig;
        setAuthKeyParamName(authenticationKeyFilterConfig.getAuthKeyParamName());
        setUserGroupServiceName(authenticationKeyFilterConfig.getUserGroupServiceName());
        setAuthKeyMapperName(authenticationKeyFilterConfig.getAuthKeyMapperName());
        this.mapper = (AuthenticationKeyMapper) GeoServerExtensions.bean(this.authKeyMapperName);
        this.mapper.setUserGroupServiceName(this.userGroupServiceName);
        this.mapper.setSecurityManager(getSecurityManager());
        this.mapper.configureMapper(authenticationKeyFilterConfig.getMapperParameters());
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String authenticateFromCache = authenticateFromCache(this, (HttpServletRequest) servletRequest);
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            doAuthenticate((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, authenticateFromCache);
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && authenticateFromCache != null && cacheAuthentication(authentication, (HttpServletRequest) servletRequest)) {
                getSecurityManager().getAuthenticationCache().put(getName(), authenticateFromCache, authentication);
            }
        }
        servletRequest.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, this.aep);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public String getAuthKeyMapperName() {
        return this.authKeyMapperName;
    }

    public void setAuthKeyMapperName(String str) {
        this.authKeyMapperName = str;
    }

    public String getAuthKeyParamName() {
        return this.authKeyParamName;
    }

    public void setAuthKeyParamName(String str) {
        this.authKeyParamName = str;
    }

    public String getUserGroupServiceName() {
        return this.userGroupServiceName;
    }

    public void setUserGroupServiceName(String str) {
        this.userGroupServiceName = str;
    }

    protected void doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        GeoServerUser user;
        if (str == null || (user = this.mapper.getUser(str)) == null) {
            return;
        }
        if ("root".equals(user.getUsername())) {
            LOGGER.warning("Authentication key login does accept the root user");
            return;
        }
        LOGGER.log(Level.FINE, "found user: = " + user.getUsername() + ", trying to authenticate");
        ArrayList arrayList = new ArrayList();
        Iterator<GrantedAuthority> it2 = user.getAuthorities().iterator();
        while (it2.hasNext()) {
            arrayList.add((GeoServerRole) it2.next());
        }
        if (!arrayList.contains(GeoServerRole.AUTHENTICATED_ROLE)) {
            arrayList.add(GeoServerRole.AUTHENTICATED_ROLE);
        }
        SecurityContextHolder.getContext().setAuthentication(new KeyAuthenticationToken(str, this.authKeyParamName, user, arrayList));
    }

    public String getAuthKey(HttpServletRequest httpServletRequest) {
        String authKeyParamValue = getAuthKeyParamValue(httpServletRequest);
        if (StringUtils.hasLength(authKeyParamValue)) {
            return authKeyParamValue;
        }
        return null;
    }

    private String getAuthKeyParamValue(HttpServletRequest httpServletRequest) {
        String authKeyParamName = getAuthKeyParamName();
        Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            if (authKeyParamName.equalsIgnoreCase(nextElement)) {
                return httpServletRequest.getParameter(nextElement);
            }
        }
        return null;
    }

    @Override // org.geoserver.security.filter.AuthenticationCachingFilter
    public String getCacheKey(HttpServletRequest httpServletRequest) {
        return getAuthKey(httpServletRequest);
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForHtml() {
        return true;
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForServices() {
        return true;
    }

    protected boolean cacheAuthentication(Authentication authentication, HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession(false) == null;
    }

    public AuthenticationKeyMapper getMapper() {
        return this.mapper;
    }
}
