package org.apache.airavata.services.registry.rest.security;

import java.io.IOException;
import java.io.InputStream;
import java.util.Calendar;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.airavata.security.AuthenticationException;
import org.apache.airavata.security.Authenticator;
import org.apache.airavata.security.configurations.AuthenticatorConfigurationReader;
import org.apache.axis2.deployment.DeploymentConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/airavata-rest-services-0.10.jar:org/apache/airavata/services/registry/rest/security/HttpAuthenticatorFilter.class */
public class HttpAuthenticatorFilter implements Filter {
    private List<Authenticator> authenticatorList;
    private static Logger log = LoggerFactory.getLogger(HttpAuthenticatorFilter.class);
    private ServletRequestHelper servletRequestHelper = new ServletRequestHelper();

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("authenticatorConfigurations");
        InputStream resourceAsStream = HttpAuthenticatorFilter.class.getClassLoader().getResourceAsStream(initParameter);
        if (resourceAsStream == null) {
            String concat = "Invalid authenticator configuration. Cannot read file - ".concat(initParameter);
            log.error(concat);
            throw new ServletException(concat);
        }
        AuthenticatorConfigurationReader authenticatorConfigurationReader = new AuthenticatorConfigurationReader();
        try {
            try {
                try {
                    try {
                        authenticatorConfigurationReader.init(resourceAsStream);
                        this.authenticatorList = authenticatorConfigurationReader.getAuthenticatorList();
                        if (this.authenticatorList.isEmpty()) {
                            log.error("No authenticators registered in the system. System cannot function without authenticators");
                            throw new ServletException("No authenticators registered in the system. System cannot function without authenticators");
                        }
                    } catch (ParserConfigurationException e) {
                        log.error("Error parsing authenticator configurations.", (Throwable) e);
                        throw new ServletException("Error parsing authenticator configurations.", e);
                    }
                } catch (SAXException e2) {
                    log.error("Error parsing authenticator configurations.", (Throwable) e2);
                    throw new ServletException("Error parsing authenticator configurations.", e2);
                }
            } catch (IOException e3) {
                log.error("Error reading authenticator configurations.", (Throwable) e3);
                throw new ServletException("Error reading authenticator configurations.", e3);
            }
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e4) {
                log.error("Error closing authenticator file stream.", (Throwable) e4);
            }
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!AuthenticatorConfigurationReader.isAuthenticationEnabled()) {
            try {
                this.servletRequestHelper.addIdentityInformationToSession((HttpServletRequest) servletRequest);
            } catch (AuthenticationException e) {
                log.warn("Error adding identity information to session.", (Throwable) e);
                populateUnauthorisedData(servletResponse, "Error adding identity information to session.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Authenticator authenticator = getAuthenticator(httpServletRequest);
        if (authenticator == null) {
            populateUnauthorisedData(servletResponse, "Invalid request. Request does not contain sufficient credentials to authenticate");
            return;
        }
        if (authenticator.isAuthenticated(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            if (authenticator.authenticate(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                populateUnauthorisedData(servletResponse, "Invalid request. Request does not contain sufficient credentials to authenticate");
            }
        } catch (AuthenticationException e2) {
            log.error("An error occurred while authenticating request.", (Throwable) e2);
            populateUnauthorisedData(servletResponse, "Invalid request. Request does not contain sufficient credentials to authenticate");
        }
    }

    public static void sendUnauthorisedError(ServletResponse servletResponse, String str) throws IOException {
        ((HttpServletResponse) servletResponse).sendError(401, str);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.authenticatorList = null;
    }

    private Authenticator getAuthenticator(HttpServletRequest httpServletRequest) {
        for (Authenticator authenticator : this.authenticatorList) {
            if (authenticator.canProcess(httpServletRequest)) {
                return authenticator;
            }
        }
        return null;
    }

    public static void populateUnauthorisedData(ServletResponse servletResponse, String str) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setStatus(401);
        httpServletResponse.addHeader("Server", "Airavata Server");
        httpServletResponse.addHeader(DeploymentConstants.TAG_DESCRIPTION, str);
        httpServletResponse.addDateHeader("Date", Calendar.getInstance().getTimeInMillis());
        httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=Airavata");
        httpServletResponse.setContentType(MediaType.TEXT_HTML);
    }
}
