package org.eclipse.sensinact.gateway.security.oauth2.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.sensinact.gateway.security.oauth2.IdentityServer;
import org.eclipse.sensinact.gateway.security.oauth2.OAuthServer;
import org.eclipse.sensinact.gateway.security.oauth2.UserInfo;

@WebFilter
/* loaded from: input_file:org/eclipse/sensinact/gateway/security/oauth2/filter/SecurityFilter.class */
public class SecurityFilter implements Filter {
    private IdentityServer idServer;
    private OAuthServer authServer;

    public SecurityFilter(IdentityServer identityServer, OAuthServer oAuthServer) {
        this.idServer = identityServer;
        this.authServer = oAuthServer;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequest servletRequest2 = (HttpServletRequest) servletRequest;
        ServletResponse servletResponse2 = (HttpServletResponse) servletResponse;
        HttpSession session = servletRequest2.getSession();
        String str = (String) session.getAttribute("token");
        String header = servletRequest2.getHeader("Authorization");
        boolean z = header != null;
        boolean z2 = str != null && str.length() > 0;
        if (str == null && z) {
            try {
                if (header.matches("^Bearer .*")) {
                    str = header.substring(7);
                }
                if (header.matches("^Basic .*")) {
                    str = this.authServer.basicToken(servletRequest2, header);
                }
                z2 = str != null && str.length() > 0;
            } catch (Exception e) {
                e.printStackTrace();
                return;
            }
        }
        if (z2) {
            UserInfo check = this.authServer.check(str);
            if (check == null || !this.idServer.check(check, servletRequest2)) {
                session.setAttribute("token", (Object) null);
                servletResponse2.sendError(401, "unauthorized");
                return;
            } else {
                servletRequest2.setAttribute("token", str);
                filterChain.doFilter(servletRequest2, servletResponse2);
                return;
            }
        }
        UserInfo anonymous = this.authServer.anonymous();
        if (anonymous != null && this.idServer.check(anonymous, servletRequest2)) {
            filterChain.doFilter(servletRequest2, servletResponse2);
            return;
        }
        if (z) {
            session.setAttribute("token", (Object) null);
            servletResponse2.sendError(401, "unauthorized");
        } else if (this.authServer.handleSecurity(servletRequest2, servletResponse2)) {
            filterChain.doFilter(servletRequest2, servletResponse2);
        }
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
