package org.apache.jetspeed.login.filter;

import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.jetspeed.Jetspeed;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.administration.PortalConfiguration;
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.profiler.impl.JetspeedProfilerImpl;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.impl.PrincipalsSet;
import org.apache.jetspeed.security.impl.UserSubjectPrincipalImpl;

/* loaded from: input_file:WEB-INF/lib/jetspeed-portal-2.1.4.jar:org/apache/jetspeed/login/filter/PortalFilter.class */
public class PortalFilter implements Filter {
    protected String guest = JetspeedProfilerImpl.DEFAULT_GUEST_PRINCIPAL_NAME;
    static Class class$org$apache$jetspeed$security$UserPrincipal;

    public void init(FilterConfig filterConfig) throws ServletException {
        PortalConfiguration configuration = Jetspeed.getConfiguration();
        if (configuration != null) {
            this.guest = configuration.getString("default.user.principal");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Class cls;
        Class cls2;
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String parameter = httpServletRequest.getParameter("org.apache.jetspeed.login.username");
            String parameter2 = httpServletRequest.getParameter("org.apache.jetspeed.login.password");
            if (parameter != null) {
                UserManager userManager = (UserManager) Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
                AuditActivity auditActivity = (AuditActivity) Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.audit.AuditActivity");
                if (userManager.authenticate(parameter, parameter2)) {
                    auditActivity.logUserActivity(parameter, httpServletRequest.getRemoteAddr(), "login-success", "PortalFilter");
                    if (((PortalAuthenticationConfiguration) Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.administration.PortalAuthenticationConfiguration")).isCreateNewSessionOnLogin()) {
                        httpServletRequest.getSession().invalidate();
                    }
                    Subject subject = null;
                    try {
                        User user = userManager.getUser(parameter);
                        if (user != null) {
                            subject = user.getSubject();
                        }
                    } catch (SecurityException e) {
                    }
                    if (subject == null) {
                        PrincipalsSet principalsSet = new PrincipalsSet();
                        UserSubjectPrincipalImpl userSubjectPrincipalImpl = new UserSubjectPrincipalImpl(parameter);
                        principalsSet.add(userSubjectPrincipalImpl);
                        subject = new Subject(true, principalsSet, new HashSet(), new HashSet());
                        userSubjectPrincipalImpl.setSubject(subject);
                    }
                    Subject subject2 = subject;
                    if (class$org$apache$jetspeed$security$UserPrincipal == null) {
                        cls2 = class$("org.apache.jetspeed.security.UserPrincipal");
                        class$org$apache$jetspeed$security$UserPrincipal = cls2;
                    } else {
                        cls2 = class$org$apache$jetspeed$security$UserPrincipal;
                    }
                    servletRequest = wrapperRequest(httpServletRequest, subject, SecurityHelper.getPrincipal(subject2, cls2));
                    httpServletRequest.getSession().removeAttribute("org.apache.jetspeed.login.errorcode");
                    httpServletRequest.getSession(true).setAttribute("org.apache.jetspeed.security.subject", subject);
                } else {
                    auditActivity.logUserActivity(parameter, httpServletRequest.getRemoteAddr(), "login-failure", "PortalFilter");
                    httpServletRequest.getSession().setAttribute("org.apache.jetspeed.login.errorcode", LoginConstants.ERROR_INVALID_PASSWORD);
                }
            } else {
                Subject subject3 = (Subject) httpServletRequest.getSession().getAttribute("org.apache.jetspeed.security.subject");
                if (subject3 != null) {
                    if (class$org$apache$jetspeed$security$UserPrincipal == null) {
                        cls = class$("org.apache.jetspeed.security.UserPrincipal");
                        class$org$apache$jetspeed$security$UserPrincipal = cls;
                    } else {
                        cls = class$org$apache$jetspeed$security$UserPrincipal;
                    }
                    Principal principal = SecurityHelper.getPrincipal(subject3, cls);
                    if (principal == null || !principal.getName().equals(this.guest)) {
                        servletRequest = wrapperRequest(httpServletRequest, subject3, principal);
                    }
                }
            }
            servletRequest.setAttribute("org.apache.jetspeed.login.filter.PortalFilter", "true");
        }
        if (filterChain != null) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private ServletRequest wrapperRequest(HttpServletRequest httpServletRequest, Subject subject, Principal principal) {
        return new PortalRequestWrapper(httpServletRequest, subject, principal);
    }

    public void destroy() {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
