package org.nhindirect.common.rest.auth.impl;

import java.io.IOException;
import java.security.Principal;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.nhindirect.common.rest.auth.BasicAuthValidator;
import org.nhindirect.common.rest.auth.NHINDPrincipal;
import org.nhindirect.common.rest.auth.exceptions.BasicAuthException;

/* loaded from: input_file:WEB-INF/lib/direct-common-2.0.jar:org/nhindirect/common/rest/auth/impl/BasicAuthFilter.class */
public class BasicAuthFilter implements Filter {
    protected static final String SESSION_PRINCIPAL_ATTRIBUTE = "NHINDAuthPrincipalAttr";
    protected BasicAuthValidator validator;
    protected boolean allowSessions = true;
    protected boolean forceSSL = false;

    /* loaded from: input_file:WEB-INF/lib/direct-common-2.0.jar:org/nhindirect/common/rest/auth/impl/BasicAuthFilter$PrincipalOverrideRequestWrapper.class */
    protected static class PrincipalOverrideRequestWrapper extends HttpServletRequestWrapper {
        private final Principal principal;

        public PrincipalOverrideRequestWrapper(HttpServletRequest httpServletRequest, Principal principal) {
            super(httpServletRequest);
            this.principal = principal;
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getRemoteUser() {
            if (this.principal == null) {
                return null;
            }
            return this.principal.getName();
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public Principal getUserPrincipal() {
            return this.principal;
        }
    }

    public BasicAuthFilter() {
    }

    public BasicAuthFilter(BasicAuthValidator basicAuthValidator) {
        this.validator = basicAuthValidator;
    }

    public void setBasicAuthValidator(BasicAuthValidator basicAuthValidator) {
        this.validator = basicAuthValidator;
    }

    public void setForceSSL(boolean z) {
        this.forceSSL = z;
    }

    public void setAllowSessions(boolean z) {
        this.allowSessions = z;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Principal principal;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.forceSSL && !servletRequest.isSecure()) {
            httpServletResponse.sendError(403);
            return;
        }
        if (isPrincipal(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.allowSessions && (principal = (Principal) httpServletRequest.getSession(true).getAttribute(SESSION_PRINCIPAL_ATTRIBUTE)) != null) {
            filterChain.doFilter(isPrincipal(httpServletRequest) ? httpServletRequest : new PrincipalOverrideRequestWrapper(httpServletRequest, principal), servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.toUpperCase(Locale.getDefault()).startsWith("BASIC")) {
            httpServletResponse.sendError(401);
            return;
        }
        try {
            NHINDPrincipal authenticate = this.validator.authenticate(header);
            if (this.allowSessions) {
                httpServletRequest.getSession(true).setAttribute(SESSION_PRINCIPAL_ATTRIBUTE, authenticate);
            }
            filterChain.doFilter(isPrincipal(httpServletRequest) ? httpServletRequest : new PrincipalOverrideRequestWrapper(httpServletRequest, authenticate), httpServletResponse);
        } catch (BasicAuthException e) {
            httpServletResponse.setHeader("WWW-Authenticate", "BASIC " + ((httpServletRequest.isSecure() ? "https://" : "http://") + httpServletRequest.getLocalName()));
            httpServletResponse.sendError(401);
        }
    }

    protected boolean isPrincipal(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getUserPrincipal() != null;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
