package eu.arrowhead.common.security;

import eu.arrowhead.common.CommonConstants;
import eu.arrowhead.common.SecurityUtilities;
import eu.arrowhead.common.Utilities;
import eu.arrowhead.common.exception.ArrowheadException;
import eu.arrowhead.common.exception.AuthException;
import eu.arrowhead.common.filter.ArrowheadFilter;
import eu.arrowhead.common.filter.thirdparty.MultiReadRequestWrapper;
import java.io.IOException;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;

/* loaded from: input_file:eu/arrowhead/common/security/AccessControlFilter.class */
public abstract class AccessControlFilter extends ArrowheadFilter {

    @Resource(name = CommonConstants.ARROWHEAD_CONTEXT)
    protected Map<String, Object> arrowheadContext;

    @Override // eu.arrowhead.common.filter.ArrowheadFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        this.log.debug("Checking access in AccessControlFilter...");
        try {
            MultiReadRequestWrapper multiReadRequestWrapper = new MultiReadRequestWrapper((HttpServletRequest) servletRequest);
            String stripEndSlash = Utilities.stripEndSlash(multiReadRequestWrapper.getRequestURL().toString());
            String cachedBody = multiReadRequestWrapper.getCachedBody();
            Map parameterMap = multiReadRequestWrapper.getParameterMap();
            String certificateCNFromRequest = getCertificateCNFromRequest(multiReadRequestWrapper);
            if (certificateCNFromRequest == null) {
                this.log.error("Unauthorized access: {}", stripEndSlash);
                throw new AuthException("Unauthorized access: " + stripEndSlash);
            }
            checkClientAuthorized(certificateCNFromRequest, multiReadRequestWrapper.getMethod(), stripEndSlash, cachedBody, parameterMap);
            this.log.debug("Using MultiReadRequestWrapper in the filter chain from now...");
            filterChain.doFilter(multiReadRequestWrapper, servletResponse);
        } catch (ArrowheadException e) {
            handleException(e, servletResponse);
        }
    }

    protected void checkClientAuthorized(String str, String str2, String str3, String str4, Map<String, String[]> map) {
        if (!Utilities.isKeyStoreCNArrowheadValid(str)) {
            this.log.debug("{} is not a valid common name, access denied!", str);
            throw new AuthException(str + " is unauthorized to access " + str3, 401, str3);
        }
        if (Utilities.isKeyStoreCNArrowheadValid(str, getServerCloudCN())) {
            return;
        }
        this.log.debug("{} is unauthorized to access {}", str, str3);
        throw new AuthException(str + " is unauthorized to access " + str3, 401, str3);
    }

    protected String getServerCloudCN() {
        String str = (String) this.arrowheadContext.get(CommonConstants.SERVER_COMMON_NAME);
        String[] split = str.split("\\.", 2);
        Assert.isTrue(split.length >= 2, "Server common name is invalid: " + str);
        return split[1];
    }

    @Nullable
    private String getCertificateCNFromRequest(HttpServletRequest httpServletRequest) {
        return SecurityUtilities.getCertificateCNFromRequest(httpServletRequest);
    }
}
