package org.gecko.util.pac4j.servlet;

import com.nimbusds.jwt.proc.BadJWTException;
import java.io.IOException;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.StringJoiner;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardFilterPattern;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.session.J2ESessionStore;
import org.pac4j.core.engine.DefaultCallbackLogic;
import org.pac4j.core.engine.DefaultSecurityLogic;
import org.pac4j.core.engine.SecurityLogic;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.http.adapter.J2ENopHttpActionAdapter;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.util.CommonHelper;

@HttpWhiteboardFilterPattern({"/*"})
@Component(name = "Pac4jSecurityFilter", service = {Filter.class}, configurationPolicy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/gecko/util/pac4j/servlet/SecurityFilter.class */
public class SecurityFilter extends AbstractConfigFilter {
    private SecurityLogic<Object, J2EContext> securityLogic;
    private String clients;
    private String authorizers;
    private String matchers;
    private Boolean multiProfile;

    @Reference(name = "clients", cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.STATIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile List<Client> clientInstances;
    private Map<String, Authorizer<? extends CommonProfile>> authorizerInstance;

    public SecurityFilter() {
        this.securityLogic = new DefaultSecurityLogic();
        this.clientInstances = new LinkedList();
        this.authorizerInstance = new HashMap();
    }

    public SecurityFilter(Config config) {
        this.securityLogic = new DefaultSecurityLogic();
        this.clientInstances = new LinkedList();
        this.authorizerInstance = new HashMap();
        setConfig(config);
    }

    public SecurityFilter(Config config, String str) {
        this(config);
        this.clients = str;
    }

    public SecurityFilter(Config config, String str, String str2) {
        this(config, str);
        this.authorizers = str2;
    }

    @Activate
    public void activate(Map<String, Object> map) {
        StringJoiner stringJoiner = new StringJoiner(",");
        Stream<R> map2 = this.clientInstances.stream().map(client -> {
            return client.getName();
        });
        Objects.requireNonNull(stringJoiner);
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        Config config = new Config(this.clientInstances);
        config.setSessionStore(new J2ESessionStore());
        config.setCallbackLogic(new DefaultCallbackLogic());
        Map<String, Authorizer<? extends CommonProfile>> map3 = this.authorizerInstance;
        Objects.requireNonNull(config);
        map3.forEach(config::addAuthorizer);
        setConfig(config);
        this.authorizers = getStringParam(map, "authorizers", this.authorizers);
        this.clients = stringJoiner.toString();
        this.matchers = getStringParam(map, "matchers", this.matchers);
        this.multiProfile = getBooleanParam(map, "multiProfile", this.multiProfile);
    }

    @Reference(name = "authorizer", cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.STATIC, policyOption = ReferencePolicyOption.GREEDY)
    public void setAuthorizerInstances(Authorizer<? extends CommonProfile> authorizer, Map<String, Object> map) {
        String str = (String) map.get("name");
        if (str == null) {
            str = authorizer.getClass().getSimpleName();
        }
        this.authorizerInstance.put(str, authorizer);
    }

    @Override // org.gecko.util.pac4j.servlet.AbstractConfigFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.clients = getStringParam(filterConfig, "clients", this.clients);
        this.authorizers = getStringParam(filterConfig, "authorizers", this.authorizers);
        this.matchers = getStringParam(filterConfig, "matchers", this.matchers);
        this.multiProfile = getBooleanParam(filterConfig, "multiProfile", this.multiProfile);
        checkForbiddenParameter(filterConfig, "clientsFactory");
        checkForbiddenParameter(filterConfig, "isAjax");
        checkForbiddenParameter(filterConfig, "stateless");
        checkForbiddenParameter(filterConfig, "requireAnyRole");
        checkForbiddenParameter(filterConfig, "requireAllRoles");
        checkForbiddenParameter(filterConfig, "clientName");
        checkForbiddenParameter(filterConfig, "authorizerName");
        checkForbiddenParameter(filterConfig, "matcherName");
    }

    @Override // org.gecko.util.pac4j.servlet.AbstractConfigFilter
    protected final void internalFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        CommonHelper.assertNotNull("securityLogic", this.securityLogic);
        Config config = getConfig();
        CommonHelper.assertNotNull("config", config);
        try {
            this.securityLogic.perform(new J2EContext(httpServletRequest, httpServletResponse, config.getSessionStore()), config, (j2EContext, collection, objArr) -> {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return null;
            }, J2ENopHttpActionAdapter.INSTANCE, this.clients, this.authorizers, this.matchers, this.multiProfile, new Object[0]);
        } catch (TechnicalException e) {
            if (!(e.getCause() instanceof BadJWTException)) {
                throw e;
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.getOutputStream().write(e.getCause().getMessage().getBytes());
        }
    }

    public String getClients() {
        return this.clients;
    }

    public void setClients(String str) {
        this.clients = str;
    }

    public String getAuthorizers() {
        return this.authorizers;
    }

    public void setAuthorizers(String str) {
        this.authorizers = str;
    }

    public String getMatchers() {
        return this.matchers;
    }

    public void setMatchers(String str) {
        this.matchers = str;
    }

    public Boolean getMultiProfile() {
        return this.multiProfile;
    }

    public void setMultiProfile(Boolean bool) {
        this.multiProfile = bool;
    }

    public SecurityLogic<Object, J2EContext> getSecurityLogic() {
        return this.securityLogic;
    }

    public void setSecurityLogic(SecurityLogic<Object, J2EContext> securityLogic) {
        this.securityLogic = securityLogic;
    }
}
