package dk.digitalidentity.samlmodule.filter;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_SessionHelper;
import dk.digitalidentity.samlmodule.util.SessionConstant;
import dk.digitalidentity.samlmodule.util.exceptions.SessionException;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:dk/digitalidentity/samlmodule/filter/SAMLFilter.class */
public class SAMLFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(SAMLFilter.class);
    private DISAML_Configuration configuration;
    private DISAML_SessionHelper sessionHelper;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (log.isTraceEnabled()) {
            log.trace("SAMLFilter invoked");
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        if (log.isTraceEnabled()) {
            log.trace("Raw requested path    : '" + (requestURI != null ? requestURI : "<null>") + "'");
            log.trace("Parsing raw path");
        }
        if (requestURI == null) {
            unauthorized(httpServletResponse, "getRequestURI was null", requestURI);
            return;
        }
        if (requestURI.startsWith(this.configuration.getProxy().getContextPath())) {
            requestURI = requestURI.substring(this.configuration.getProxy().getContextPath().length());
        }
        if ("".equals(requestURI)) {
            requestURI = "/";
        }
        if (log.isTraceEnabled()) {
            log.trace("Reqested path: " + requestURI);
        }
        if (requestURI.startsWith(this.configuration.getPages().getPrefix())) {
            authorized(filterChain, servletRequest, servletResponse, requestURI, "SAML page");
            return;
        }
        for (String str : this.configuration.getPages().getNonsecured()) {
            if (str.endsWith("**") && requestURI.startsWith(str.substring(0, str.length() - 2))) {
                authorized(filterChain, servletRequest, servletResponse, requestURI, "Non-secured page or sub path");
                return;
            } else if (requestURI.equals(str)) {
                authorized(filterChain, servletRequest, servletResponse, requestURI, "Non-secured page");
                return;
            }
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated() && !(authentication instanceof AnonymousAuthenticationToken)) {
            authorized(filterChain, servletRequest, servletResponse, requestURI, "Already authenticated");
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("DENIED  Request. Reason: Not authenticated. Redirecting.");
        }
        try {
            this.sessionHelper.setString(SessionConstant.DESIRED_PAGE, requestURI);
            if (log.isDebugEnabled()) {
                log.debug(SessionConstant.DESIRED_PAGE + " successfully set to path: '" + requestURI + "'");
            }
        } catch (SessionException e) {
        }
        httpServletResponse.sendRedirect(this.configuration.getPages().getPrefix() + "/login");
    }

    public void setServices(DISAML_Configuration dISAML_Configuration, DISAML_SessionHelper dISAML_SessionHelper) {
        this.configuration = dISAML_Configuration;
        this.sessionHelper = dISAML_SessionHelper;
    }

    private static void authorized(FilterChain filterChain, ServletRequest servletRequest, ServletResponse servletResponse, String str, String str2) throws IOException, ServletException {
        if (log.isDebugEnabled()) {
            log.debug("ALLOWED Request. Reason: '" + str2 + "'. Path: '" + (str != null ? str : "<null>") + "'");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private static void unauthorized(HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        log.debug("DENIED  Request. Reason: '" + str + "'. Path: '" + (str2 != null ? str2 : "<null>") + "'");
        httpServletResponse.sendError(401, str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
