package org.cloudfoundry.identity.uaa.authentication.manager;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.type.TypeReference;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.7.0.jar:org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationFilter.class */
public class LoginAuthenticationFilter implements Filter {
    private static final Log logger = LogFactory.getLog(LoginAuthenticationFilter.class);
    private final AuthenticationManager authenticationManager;
    private final ClientDetailsService clientDetailsService;
    private List<String> parameterNames = Collections.emptyList();
    private ObjectMapper mapper = new ObjectMapper();
    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();

    public LoginAuthenticationFilter(AuthenticationManager authenticationManager, ClientDetailsService clientDetailsService) {
        this.authenticationManager = authenticationManager;
        this.clientDetailsService = clientDetailsService;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isDebugEnabled = logger.isDebugEnabled();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            Authentication extractCredentials = extractCredentials(httpServletRequest);
            if (extractCredentials != null) {
                if (isDebugEnabled) {
                    logger.debug("Authentication credentials found for '" + extractCredentials.getName() + "'");
                }
                Authentication authenticate = this.authenticationManager.authenticate(extractCredentials);
                if (isDebugEnabled) {
                    logger.debug("Authentication success: " + authenticate.getName());
                }
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null) {
                    throw new BadCredentialsException("No client authentication found. Remember to put a filter upstream of the LoginAuthenticationFilter.");
                }
                String parameter = httpServletRequest.getParameter("client_id");
                if (null == parameter) {
                    logger.error("No client_id in the request");
                    throw new BadCredentialsException("No client_id in the request");
                }
                ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(parameter);
                if (loadClientByClientId == null) {
                    throw new BadCredentialsException("No client " + parameter + " found");
                }
                DefaultAuthorizationRequest defaultAuthorizationRequest = new DefaultAuthorizationRequest(getSingleValueMap(httpServletRequest), null, loadClientByClientId.getClientId(), getScope(httpServletRequest));
                if (authentication.isAuthenticated()) {
                    defaultAuthorizationRequest.setApproved(true);
                }
                SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(defaultAuthorizationRequest, authenticate));
                onSuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticate);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            SecurityContextHolder.clearContext();
            if (isDebugEnabled) {
                logger.debug("Authentication request for failed: " + e);
            }
            onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
        }
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
    }

    private Map<String, String> getSingleValueMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        for (String str : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str);
            hashMap.put(str, (strArr == null || strArr.length <= 0) ? null : strArr[0]);
        }
        return hashMap;
    }

    private Collection<String> getScope(HttpServletRequest httpServletRequest) {
        return OAuth2Utils.parseParameterList(httpServletRequest.getParameter("scope"));
    }

    protected Authentication extractCredentials(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("grant_type");
        if (parameter == null || !parameter.equals("password")) {
            return null;
        }
        return new AuthzAuthenticationRequest(getCredentials(httpServletRequest), new UaaAuthenticationDetails(httpServletRequest));
    }

    private Map<String, String> getCredentials(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        for (String str : this.parameterNames) {
            String parameter = httpServletRequest.getParameter(str);
            if (parameter != null) {
                if (parameter.startsWith("{")) {
                    try {
                        hashMap.putAll((Map) this.mapper.readValue(parameter, new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.authentication.manager.LoginAuthenticationFilter.1
                        }));
                    } catch (IOException e) {
                        logger.warn("Unknown format of value for request param: " + str + ". Ignoring.");
                    }
                } else {
                    hashMap.put(str, parameter);
                }
            }
        }
        return hashMap;
    }

    public void setParameterNames(List<String> list) {
        this.parameterNames = list;
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
