package org.cloudfoundry.identity.uaa.authentication;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.login.AccountSavingAuthenticationSuccessHandler;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.1.0.jar:org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilter.class */
public class AuthzAuthenticationFilter implements Filter {
    private AuthenticationManager authenticationManager;
    private AccountSavingAuthenticationSuccessHandler successHandler;
    private final Log logger = LogFactory.getLog(getClass());
    private List<String> parameterNames = Collections.emptyList();
    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    private Set<String> methods = Collections.singleton(HttpMethod.POST.toString());

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.1.0.jar:org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilter$JsonInjectedEnumeration.class */
    static class JsonInjectedEnumeration implements Enumeration<String> {
        private Enumeration<String> underlying;

        public JsonInjectedEnumeration(Enumeration<String> enumeration) {
            this.underlying = enumeration;
        }

        @Override // java.util.Enumeration
        public boolean hasMoreElements() {
            return this.underlying.hasMoreElements();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Enumeration
        public String nextElement() {
            this.underlying.nextElement();
            return "application/json";
        }
    }

    public void setMethods(Set<String> set) {
        this.methods = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            this.methods.add(it.next().toUpperCase());
        }
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setSuccessHandler(AccountSavingAuthenticationSuccessHandler accountSavingAuthenticationSuccessHandler) {
        this.successHandler = accountSavingAuthenticationSuccessHandler;
    }

    public void setParameterNames(List<String> list) {
        this.parameterNames = list;
    }

    public AuthzAuthenticationFilter(AuthenticationManager authenticationManager) {
        Assert.notNull(authenticationManager);
        this.authenticationManager = authenticationManager;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Map<String, String> credentials = getCredentials(httpServletRequest);
        boolean z = false;
        try {
            if (credentials.isEmpty()) {
                throw new BadCredentialsException("Request does not contain credentials.");
            }
            this.logger.debug("Located credentials in request, with keys: " + credentials.keySet());
            if (this.methods != null && !this.methods.contains(httpServletRequest.getMethod().toUpperCase())) {
                throw new BadCredentialsException("Credentials must be sent by (one of methods): " + this.methods);
            }
            Authentication authenticate = this.authenticationManager.authenticate(new AuthzAuthenticationRequest(credentials, new UaaAuthenticationDetails(httpServletRequest)));
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            Optional.ofNullable(this.successHandler).ifPresent(accountSavingAuthenticationSuccessHandler -> {
                accountSavingAuthenticationSuccessHandler.setSavedAccountOptionCookie(httpServletRequest, httpServletResponse, authenticate);
            });
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            this.logger.debug("Authentication failed");
            String header = httpServletRequest.getHeader("accept");
            String parameter = httpServletRequest.getParameter("client_id");
            if ("*/*; q=0.5, application/xml".equals(header) && "vmc".equals(parameter)) {
                z = true;
            }
            if (!z) {
                this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
            } else {
                this.authenticationEntryPoint.commence(new HttpServletRequestWrapper(httpServletRequest) { // from class: org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationFilter.1
                    public Enumeration<String> getHeaders(String str) {
                        return "accept".equalsIgnoreCase(str) ? new JsonInjectedEnumeration(getRequest().getHeaders(str)) : getRequest().getHeaders(str);
                    }

                    public String getHeader(String str) {
                        return str.equalsIgnoreCase("accept") ? "application/json" : getRequest().getHeader(str);
                    }
                }, httpServletResponse, e);
            }
        }
    }

    private Map<String, String> getCredentials(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        for (String str : this.parameterNames) {
            String parameter = httpServletRequest.getParameter(str);
            if (parameter != null) {
                if (parameter.startsWith("{")) {
                    try {
                        hashMap.putAll((Map) JsonUtils.readValue(parameter, new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationFilter.2
                        }));
                    } catch (JsonUtils.JsonUtilException e) {
                        this.logger.warn("Unknown format of value for request param: " + str + ". Ignoring.");
                    }
                } else {
                    hashMap.put(str, parameter);
                }
            }
        }
        return hashMap;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
