package com.worklight.core.auth.impl;

import com.ibm.json.java.JSONObject;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.common.type.Environment;
import com.worklight.core.auth.api.AuthenticationService;
import com.worklight.core.auth.api.ProtectedAction;
import com.worklight.core.auth.api.ProtectedResource;
import com.worklight.core.util.RssBrokerUtils;
import com.worklight.gadgets.api.GadgetAPIRequestCoder;
import com.worklight.gadgets.serving.APIMethodHandlerMgr;
import com.worklight.gadgets.serving.handler.AppVesionAccessHandler;
import com.worklight.gadgets.utils.GadgetUtils;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.AuthenticationStatus;
import com.worklight.server.auth.impl.WorkLightAuthenticationException;
import com.worklight.server.util.ConfigurationUtils;
import com.worklight.server.util.JSONUtils;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/worklight/core/auth/impl/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final WorklightServerLogger logger = new WorklightServerLogger(AuthenticationFilter.class, WorklightLogger.MessagesBundles.CORE);
    FilterConfig filterConfig;

    /* renamed from: com.worklight.core.auth.impl.AuthenticationFilter$2, reason: invalid class name */
    /* loaded from: input_file:com/worklight/core/auth/impl/AuthenticationFilter$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus = new int[AuthenticationStatus.values().length];

        static {
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.CLIENT_INTERACTION_REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[AuthenticationStatus.FAILURE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Object attribute = this.filterConfig.getServletContext().getAttribute("com.worklight.server.bundle.project.initialized");
        if (attribute != null && !((Boolean) attribute).booleanValue()) {
            logger.debug("doFilter", "Worklight JEE Project Servlet not fully initialized; Worklight filters can not run");
            throw new ServletException("Worklight Project not initialized");
        }
        WLResponseWrapper wLResponseWrapper = servletResponse instanceof WLResponseWrapper ? (WLResponseWrapper) servletResponse : new WLResponseWrapper((HttpServletResponse) servletResponse);
        if (httpServletRequest.getCharacterEncoding() == null) {
            httpServletRequest.setCharacterEncoding("UTF-8");
        }
        HttpSession session = httpServletRequest.getSession();
        logger.entering("doFilter");
        AuthenticationContext orCreateAuthenticationContext = AuthenticationContext.getOrCreateAuthenticationContext(session);
        AuthenticationContext.setThreadContext(orCreateAuthenticationContext);
        session.setMaxInactiveInterval(ConfigurationUtils.getConfiguredTimeoutInSecs());
        ((ClientData) orCreateAuthenticationContext.getContextPlugin(ClientData.class)).processRequest(httpServletRequest);
        try {
            try {
                try {
                    try {
                        if (blockOldClients(httpServletRequest, wLResponseWrapper)) {
                            logger.debug("doFilter", "request execution finished - cleanup the thread context");
                            AuthenticationContext.clearThreadContext();
                            logger.exiting("doFilter");
                            return;
                        }
                        logger.debug("doFilter", "Phase 1 - pass to the auth context. (" + httpServletRequest.getMethod() + ")" + httpServletRequest.getRequestURI());
                        AuthenticationResult processRequest = orCreateAuthenticationContext.processRequest(httpServletRequest, wLResponseWrapper);
                        if (processRequest.getStatus() == AuthenticationStatus.FAILURE) {
                            sendFailure(wLResponseWrapper, processRequest);
                            logger.debug("doFilter", "request execution finished - cleanup the thread context");
                            AuthenticationContext.clearThreadContext();
                            logger.exiting("doFilter");
                            return;
                        }
                        if (processRequest.getStatus() == AuthenticationStatus.CLIENT_INTERACTION_REQUIRED) {
                            if (processRequest.getJson() == null) {
                                logger.debug("doFilter", "request execution finished - cleanup the thread context");
                                AuthenticationContext.clearThreadContext();
                                logger.exiting("doFilter");
                                return;
                            } else {
                                sendChallenges(httpServletRequest, wLResponseWrapper, processRequest);
                                logger.debug("doFilter", "request execution finished - cleanup the thread context");
                                AuthenticationContext.clearThreadContext();
                                logger.exiting("doFilter");
                                return;
                            }
                        }
                        ProtectedResource protectedResource = getProtectedResource(httpServletRequest);
                        String pathInfo = httpServletRequest.getPathInfo();
                        if (pathInfo != null && pathInfo.endsWith(GadgetAPIRequestCoder.REQ_PATH_LOGOUT)) {
                            String parameter = httpServletRequest.getParameter(GadgetAPIRequestCoder.REQ_PARAM_LOGIN_REALM);
                            if (parameter == null) {
                                parameter = protectedResource.getUserRealm().getName();
                            }
                            logger.debug("doFilter", "Logout from " + parameter);
                            orCreateAuthenticationContext.logout(parameter);
                            logger.debug("doFilter", "request execution finished - cleanup the thread context");
                            AuthenticationContext.clearThreadContext();
                            logger.exiting("doFilter");
                            return;
                        }
                        logger.debug("doFilter", "Phase 2 - checking access to the resource " + protectedResource);
                        final WLResponseWrapper wLResponseWrapper2 = wLResponseWrapper;
                        getAuthenticationService().accessResource(protectedResource, new ProtectedAction() { // from class: com.worklight.core.auth.impl.AuthenticationFilter.1
                            @Override // com.worklight.core.auth.api.ProtectedAction
                            public Object execute() throws Exception {
                                AuthenticationFilter.logger.debug("doFilter", "Phase 3 - proceed with the original request.");
                                filterChain.doFilter(new WLRequestWrapper(httpServletRequest), wLResponseWrapper2);
                                return null;
                            }
                        });
                        JSONObject responseJSON = wLResponseWrapper.getResponseJSON();
                        if (responseJSON != null) {
                            orCreateAuthenticationContext.addIdentitiesToResponse(httpServletRequest, responseJSON, protectedResource);
                            wLResponseWrapper.sendResponseJSON();
                        }
                        logger.debug("doFilter", "request execution finished - cleanup the thread context");
                        AuthenticationContext.clearThreadContext();
                        logger.exiting("doFilter");
                    } catch (WorkLightAuthenticationException e) {
                        AuthenticationResult result = e.getResult();
                        if (result == null) {
                            logger.debug("doFilter", "request execution finished - cleanup the thread context");
                            AuthenticationContext.clearThreadContext();
                            logger.exiting("doFilter");
                            return;
                        }
                        JSONObject json = result.getJson();
                        switch (AnonymousClass2.$SwitchMap$com$worklight$server$auth$api$AuthenticationStatus[result.getStatus().ordinal()]) {
                            case 1:
                                if (json != null) {
                                    sendChallenges(httpServletRequest, wLResponseWrapper, result);
                                    break;
                                }
                                break;
                            case 2:
                                sendFailure(wLResponseWrapper, result);
                                break;
                            default:
                                throw new IllegalStateException("WorklightAuthenticationException thrown with result " + result + ". It is not expected on this phase.");
                        }
                        logger.debug("doFilter", "WLAuthenticationException caught, return the response to the client. Exception: " + e.getMessage());
                        logger.debug("doFilter", "request execution finished - cleanup the thread context");
                        AuthenticationContext.clearThreadContext();
                        logger.exiting("doFilter");
                    }
                } catch (IOException e2) {
                    logger.error(e2, "doFilter", "logger.unhandledException", new Object[]{e2.getLocalizedMessage()});
                    throw e2;
                } catch (RuntimeException e3) {
                    logger.error("doFilter", "logger.unhandledException", new Object[]{e3.getLocalizedMessage()});
                    logger.debug(e3, "doFilter", e3.getLocalizedMessage());
                    throw e3;
                }
            } catch (ServletException e4) {
                logger.error(e4, "doFilter", "logger.unhandledException", new Object[]{e4.getLocalizedMessage()});
                throw e4;
            } catch (Exception e5) {
                logger.error(e5, "doFilter", "logger.unhandledException", new Object[]{e5.getLocalizedMessage()});
                throw new RuntimeException(e5);
            }
        } catch (Throwable th) {
            logger.debug("doFilter", "request execution finished - cleanup the thread context");
            AuthenticationContext.clearThreadContext();
            logger.exiting("doFilter");
            throw th;
        }
    }

    private void sendChallenges(HttpServletRequest httpServletRequest, WLResponseWrapper wLResponseWrapper, AuthenticationResult authenticationResult) throws IOException {
        Environment environment = null;
        try {
            environment = GadgetAPIRequestCoder.decodeGadgetRequestInfo(httpServletRequest).getGadgetEnvironment();
        } catch (Exception e) {
        }
        setChallengeResponseStatus(httpServletRequest, wLResponseWrapper, environment);
        setChallengeResponseAuthenticateHeader(wLResponseWrapper, environment);
        JSONUtils.sendJSONObject(wLResponseWrapper, authenticationResult.getJson());
    }

    private void setChallengeResponseAuthenticateHeader(WLResponseWrapper wLResponseWrapper, Environment environment) {
        wLResponseWrapper.setHeader("WWW-Authenticate", environment == Environment.JAVAMENATIVE ? "JavaME_WA" : "WL-Composite-Challenge");
    }

    private void setChallengeResponseStatus(HttpServletRequest httpServletRequest, WLResponseWrapper wLResponseWrapper, Environment environment) {
        wLResponseWrapper.setStatus(environment == Environment.BLACKBERRY || environment == Environment.WINDOWSPHONE || environment == Environment.WINDOWSPHONE8 || (environment == Environment.MOBILEWEBAPP && httpServletRequest.getHeader("user-agent").contains("MSIE")) ? 403 : 401);
    }

    private void sendFailure(WLResponseWrapper wLResponseWrapper, AuthenticationResult authenticationResult) throws IOException {
        wLResponseWrapper.setStatus(403);
        JSONUtils.sendJSONObject(wLResponseWrapper, authenticationResult.getJson());
    }

    private ProtectedResource getProtectedResource(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            servletPath = servletPath + pathInfo;
        }
        ProtectedResource findProtectedResourceByPath = getAuthenticationService().getDao().findProtectedResourceByPath(servletPath);
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (findProtectedResourceByPath == null) {
            logger.debug("getProtectedResource", "Request to unprotected resource: " + stringBuffer);
        } else {
            logger.debug("getProtectedResource", "Request to protected resource (" + findProtectedResourceByPath.getResourceId() + "): " + stringBuffer);
        }
        return findProtectedResourceByPath;
    }

    private AuthenticationServiceBean getAuthenticationService() {
        return (AuthenticationServiceBean) RssBrokerUtils.getBeanFactory().getBean(AuthenticationService.BEAN_ID);
    }

    private boolean blockOldClients(HttpServletRequest httpServletRequest, WLResponseWrapper wLResponseWrapper) throws ServletException, IOException {
        boolean z = false;
        if (httpServletRequest.getRequestURI().indexOf(GadgetAPIRequestCoder.REQ_PATH_AUTHENTICATION) > 0) {
            GadgetAPIRequestCoder.GadgetRequestInfo decodeGadgetRequestInfo = GadgetAPIRequestCoder.decodeGadgetRequestInfo(httpServletRequest);
            if (decodeGadgetRequestInfo.urlHasInstanceId()) {
                AppVesionAccessHandler appVesionAccessHandler = (AppVesionAccessHandler) APIMethodHandlerMgr.getInstance().getHandler(GadgetAPIRequestCoder.REQ_PATH_APP_VERSION_ACCESS);
                if (GadgetUtils.isBlockedApp(decodeGadgetRequestInfo)) {
                    appVesionAccessHandler.doGet(httpServletRequest, wLResponseWrapper, decodeGadgetRequestInfo);
                    z = true;
                } else {
                    appVesionAccessHandler.sendCustomBlockMessage(wLResponseWrapper, decodeGadgetRequestInfo);
                    z = true;
                }
            }
        }
        return z;
    }
}
