package ch.vd.shared.iam.web.filter.auth;

import ch.vd.shared.iam.core.filter.auth.IamAuthentication;
import ch.vd.shared.iam.web.common.RequestHelper;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:ch/vd/shared/iam/web/filter/auth/IamAuthenticationSpringFilter.class */
public class IamAuthenticationSpringFilter extends AbstractSharedIamAuthenticationFilter implements InitializingBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(IamAuthenticationSpringFilter.class);
    private String failureUrl;

    public IamAuthenticationSpringFilter() {
        toString();
    }

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.isTrue(StringUtils.isNotBlank(this.failureUrl), "'failureUrl' must be set");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        IamRequestWrapper iamRequestWrapper = new IamRequestWrapper(httpServletRequest);
        RequestHelper.dumpRequestForDebug(httpServletRequest);
        invalidateHttpSessionIfNotsameBetweenIamAuthenticationAndRequest(iamRequestWrapper, httpServletResponse);
        if (requiresAuthentication(iamRequestWrapper)) {
            IamAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
            RequestHelper.logRequestInfos(iamRequestWrapper, httpServletResponse, RequestHelper.normalize("NEED", 8), getUsernameForLog(iamRequestWrapper), authentication != null ? authentication.getAllRoles() : null);
            if (!doAuthentication(iamRequestWrapper, httpServletResponse)) {
                RequestHelper.logRequestInfos(iamRequestWrapper, httpServletResponse, RequestHelper.normalize("AUTH-KO", 8), getUsernameForLog(iamRequestWrapper), authentication != null ? authentication.getAllRoles() : null);
                return;
            }
            RequestHelper.logRequestInfos(iamRequestWrapper, httpServletResponse, RequestHelper.normalize("AUTH-OK", 8), getUsernameForLog(iamRequestWrapper), authentication != null ? authentication.getAllRoles() : null);
        }
        long nanoTime = System.nanoTime();
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        httpServletResponse.addHeader("iamstats-app-response-time", "D=" + ((System.nanoTime() - nanoTime) / 1000));
    }

    private void invalidateHttpSessionIfNotsameBetweenIamAuthenticationAndRequest(IamRequestWrapper iamRequestWrapper, HttpServletResponse httpServletResponse) {
        IamAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return;
        }
        String usedPrincipal = getUsedPrincipal(iamRequestWrapper);
        String name = authentication.getName();
        Integer authLevel = authentication.getAuthLevel();
        boolean equals = Objects.equals(name, usedPrincipal);
        boolean equals2 = Objects.equals(authLevel, iamRequestWrapper.getAuthLevel());
        if (equals && equals2) {
            return;
        }
        iamRequestWrapper.getSession().invalidate();
    }

    private boolean requiresAuthentication(IamRequestWrapper iamRequestWrapper) {
        boolean z;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            z = true;
        } else if (authentication.isAuthenticated()) {
            String usedPrincipal = getUsedPrincipal(iamRequestWrapper);
            String name = authentication.getName();
            if (name == null) {
                z = true;
            } else {
                z = (usedPrincipal == null || name.equals(usedPrincipal)) ? false : true;
            }
        } else {
            z = true;
        }
        return z;
    }

    private boolean doAuthentication(IamRequestWrapper iamRequestWrapper, HttpServletResponse httpServletResponse) throws IOException {
        SecurityContextHolder.clearContext();
        String userName = iamRequestWrapper.getUserName();
        String application = iamRequestWrapper.getApplication();
        String roles = iamRequestWrapper.getRoles();
        if (StringUtils.isBlank(userName) || StringUtils.isBlank(application)) {
            LOGGER.error("Il manque des headers dans la request -> redirige sur '{}' (username={}, application={})", new Object[]{this.failureUrl, userName, application});
            iamRequestWrapper.getSession().setAttribute(AbstractSharedIamAuthenticationFilter.IAM_AUTH_SAVED_PATH, iamRequestWrapper.getRequestURI());
            relativeRedirect(iamRequestWrapper, httpServletResponse, this.failureUrl);
            return false;
        }
        Integer authLevel = iamRequestWrapper.getAuthLevel();
        String lastLogin = iamRequestWrapper.getLastLogin();
        authenticate(new AuthenticateDTO(getUsedPrincipal(iamRequestWrapper), userName, application, roles, iamRequestWrapper.getFirstName(), iamRequestWrapper.getLastName(), iamRequestWrapper.getEmail(), authLevel, lastLogin));
        return true;
    }

    public void setFailureUrl(String str) {
        this.failureUrl = str;
    }
}
