package com.flowlogix.shiro.ee.filters;

import com.flowlogix.shiro.ee.cdi.ShiroScopeContext;
import com.flowlogix.shiro.ee.listeners.EnvironmentLoaderListener;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import javax.servlet.DispatcherType;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import lombok.Generated;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.WebSessionKey;
import org.apache.shiro.web.subject.WebSubjectContext;
import org.apache.shiro.web.util.WebUtils;
import org.omnifaces.util.Servlets;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebFilter(filterName = "ShiroFilter", urlPatterns = {"/*"}, dispatcherTypes = {DispatcherType.ERROR, DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.REQUEST, DispatcherType.ASYNC}, asyncSupported = true)
/* loaded from: input_file:WEB-INF/lib/shiro-ee-5.x-SNAPSHOT.jar:com/flowlogix/shiro/ee/filters/ShiroFilter.class */
public class ShiroFilter extends org.apache.shiro.web.servlet.ShiroFilter {
    private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ShiroFilter.class);
    private static final Pattern HTTP_TO_HTTPS = Pattern.compile("^\\s*http(.*)");

    /* loaded from: input_file:WEB-INF/lib/shiro-ee-5.x-SNAPSHOT.jar:com/flowlogix/shiro/ee/filters/ShiroFilter$WrappedRequest.class */
    private static class WrappedRequest extends ShiroHttpServletRequest {
        private final AtomicReference<Object> httpsNeeded;
        private final AtomicReference<Object> secureRequestURL;

        WrappedRequest(HttpServletRequest httpServletRequest, ServletContext servletContext, boolean z) {
            super(httpServletRequest, servletContext, z);
            this.httpsNeeded = new AtomicReference<>();
            this.secureRequestURL = new AtomicReference<>();
        }

        @Override // org.apache.shiro.web.servlet.ShiroHttpServletRequest, javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public Principal getUserPrincipal() {
            if (EnvironmentLoaderListener.isServletNoPrincipal(this.servletContext)) {
                return null;
            }
            return super.getUserPrincipal();
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public String getScheme() {
            return isHttpsNeeded() ? org.apache.shiro.web.filter.authz.SslFilter.HTTPS_SCHEME : super.getScheme();
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public StringBuffer getRequestURL() {
            return isHttpsNeeded() ? getSecureRequestURL() : super.getRequestURL();
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public boolean isSecure() {
            return super.isSecure() || isHttpsNeeded();
        }

        private boolean createHttpButNeedHttps() {
            return !org.apache.shiro.web.filter.authz.SslFilter.HTTPS_SCHEME.equalsIgnoreCase(super.getScheme()) && org.apache.shiro.web.filter.authz.SslFilter.HTTPS_SCHEME.equalsIgnoreCase(WebUtils.toHttp(getRequest()).getHeader(ShiroFilter.X_FORWARDED_PROTO));
        }

        private StringBuffer rewriteHttpToHttps() {
            return new StringBuffer(ShiroFilter.HTTP_TO_HTTPS.matcher(super.getRequestURL()).replaceFirst("https$1"));
        }

        @Generated
        private boolean isHttpsNeeded() {
            Object obj = this.httpsNeeded.get();
            if (obj == null) {
                synchronized (this.httpsNeeded) {
                    obj = this.httpsNeeded.get();
                    if (obj == null) {
                        obj = Boolean.valueOf(createHttpButNeedHttps());
                        this.httpsNeeded.set(obj);
                    }
                }
            }
            return ((Boolean) obj).booleanValue();
        }

        @Generated
        private StringBuffer getSecureRequestURL() {
            Object obj = this.secureRequestURL.get();
            if (obj == null) {
                synchronized (this.secureRequestURL) {
                    obj = this.secureRequestURL.get();
                    if (obj == null) {
                        StringBuffer rewriteHttpToHttps = rewriteHttpToHttps();
                        obj = rewriteHttpToHttps == null ? this.secureRequestURL : rewriteHttpToHttps;
                        this.secureRequestURL.set(obj);
                    }
                }
            }
            return (StringBuffer) (obj == this.secureRequestURL ? null : obj);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/shiro-ee-5.x-SNAPSHOT.jar:com/flowlogix/shiro/ee/filters/ShiroFilter$WrappedResponse.class */
    private static class WrappedResponse extends HttpServletResponseWrapper {
        private final ServletRequest request;

        WrappedResponse(HttpServletResponse httpServletResponse, ServletRequest servletRequest) {
            super(httpServletResponse);
            this.request = servletRequest;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public void addCookie(Cookie cookie) {
            if (this.request.getAttribute("com.flowlogix.no-more-cookies") != Boolean.TRUE) {
                super.addCookie(cookie);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/shiro-ee-5.x-SNAPSHOT.jar:com/flowlogix/shiro/ee/filters/ShiroFilter$WrappedSecurityManager.class */
    public static class WrappedSecurityManager implements WebSecurityManager {
        final WebSecurityManager wrapped;

        @Override // org.apache.shiro.mgt.SecurityManager
        public Subject createSubject(SubjectContext subjectContext) {
            if (!(subjectContext instanceof WebSubjectContext) || !(this.wrapped instanceof DefaultSecurityManager)) {
                return this.wrapped.createSubject(subjectContext);
            }
            WebSubjectContext webSubjectContext = (WebSubjectContext) subjectContext;
            Session session = null;
            try {
                session = ((DefaultWebSecurityManager) this.wrapped).getSession(new WebSessionKey(webSubjectContext.getSessionId(), webSubjectContext.getServletRequest(), webSubjectContext.getServletResponse()));
            } catch (SessionException e) {
                ShiroFilter.log.debug("Create Session Failed", (Throwable) e);
            }
            Subject createSubject = this.wrapped.createSubject(subjectContext);
            if (createSubject.isRemembered() && session == null && !FormResubmitSupport.isJSFClientStateSavingMethod(webSubjectContext.getServletRequest().getServletContext())) {
                ShiroFilter.log.debug("Remembered Subject with new session {}", createSubject.getPrincipal());
                webSubjectContext.getServletRequest().setAttribute("com.flowlogix.form-is-resubmitted", Boolean.TRUE);
            }
            return createSubject;
        }

        @Generated
        @ConstructorProperties({"wrapped"})
        public WrappedSecurityManager(WebSecurityManager webSecurityManager) {
            this.wrapped = webSecurityManager;
        }

        @Override // org.apache.shiro.web.mgt.WebSecurityManager
        @Generated
        public boolean isHttpSessionMode() {
            return this.wrapped.isHttpSessionMode();
        }

        @Override // org.apache.shiro.mgt.SecurityManager
        @Generated
        public Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException {
            return this.wrapped.login(subject, authenticationToken);
        }

        @Override // org.apache.shiro.mgt.SecurityManager
        @Generated
        public void logout(Subject subject) {
            this.wrapped.logout(subject);
        }

        @Override // org.apache.shiro.authc.Authenticator
        @Generated
        public AuthenticationInfo authenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
            return this.wrapped.authenticate(authenticationToken);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean isPermitted(PrincipalCollection principalCollection, String str) {
            return this.wrapped.isPermitted(principalCollection, str);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean isPermitted(PrincipalCollection principalCollection, Permission permission) {
            return this.wrapped.isPermitted(principalCollection, permission);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean[] isPermitted(PrincipalCollection principalCollection, String... strArr) {
            return this.wrapped.isPermitted(principalCollection, strArr);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean[] isPermitted(PrincipalCollection principalCollection, List<Permission> list) {
            return this.wrapped.isPermitted(principalCollection, list);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean isPermittedAll(PrincipalCollection principalCollection, String... strArr) {
            return this.wrapped.isPermittedAll(principalCollection, strArr);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean isPermittedAll(PrincipalCollection principalCollection, Collection<Permission> collection) {
            return this.wrapped.isPermittedAll(principalCollection, collection);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkPermission(PrincipalCollection principalCollection, String str) throws AuthorizationException {
            this.wrapped.checkPermission(principalCollection, str);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkPermission(PrincipalCollection principalCollection, Permission permission) throws AuthorizationException {
            this.wrapped.checkPermission(principalCollection, permission);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkPermissions(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
            this.wrapped.checkPermissions(principalCollection, strArr);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkPermissions(PrincipalCollection principalCollection, Collection<Permission> collection) throws AuthorizationException {
            this.wrapped.checkPermissions(principalCollection, collection);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean hasRole(PrincipalCollection principalCollection, String str) {
            return this.wrapped.hasRole(principalCollection, str);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean[] hasRoles(PrincipalCollection principalCollection, List<String> list) {
            return this.wrapped.hasRoles(principalCollection, list);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public boolean hasAllRoles(PrincipalCollection principalCollection, Collection<String> collection) {
            return this.wrapped.hasAllRoles(principalCollection, collection);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkRole(PrincipalCollection principalCollection, String str) throws AuthorizationException {
            this.wrapped.checkRole(principalCollection, str);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkRoles(PrincipalCollection principalCollection, Collection<String> collection) throws AuthorizationException {
            this.wrapped.checkRoles(principalCollection, collection);
        }

        @Override // org.apache.shiro.authz.Authorizer
        @Generated
        public void checkRoles(PrincipalCollection principalCollection, String... strArr) throws AuthorizationException {
            this.wrapped.checkRoles(principalCollection, strArr);
        }

        @Override // org.apache.shiro.session.mgt.SessionManager
        @Generated
        public Session start(SessionContext sessionContext) {
            return this.wrapped.start(sessionContext);
        }

        @Override // org.apache.shiro.session.mgt.SessionManager
        @Generated
        public Session getSession(SessionKey sessionKey) throws SessionException {
            return this.wrapped.getSession(sessionKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.servlet.AbstractShiroFilter
    public ServletRequest wrapServletRequest(HttpServletRequest httpServletRequest) {
        return EnvironmentLoaderListener.isShiroEEDisabled(httpServletRequest.getServletContext()) ? super.wrapServletRequest(httpServletRequest) : new WrappedRequest(httpServletRequest, getServletContext(), isHttpSessions());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.servlet.AbstractShiroFilter
    public ServletResponse prepareServletResponse(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        return (EnvironmentLoaderListener.isShiroEEDisabled(servletRequest.getServletContext()) || !(servletRequest instanceof HttpServletRequest)) ? super.prepareServletResponse(servletRequest, servletResponse, filterChain) : new WrappedResponse(WebUtils.toHttp(servletResponse), servletRequest);
    }

    @Override // org.apache.shiro.web.servlet.ShiroFilter, org.apache.shiro.web.servlet.AbstractShiroFilter
    public void init() throws Exception {
        if (EnvironmentLoaderListener.isShiroEEDisabled(getServletContext())) {
            return;
        }
        super.init();
        try {
            ShiroScopeContext.addScopeSessionListeners(super.getSecurityManager());
        } catch (Throwable th) {
            log.warn("Unable to add scope session listeners", th);
        }
    }

    @Override // org.apache.shiro.web.servlet.AbstractShiroFilter
    public void setSecurityManager(WebSecurityManager webSecurityManager) {
        super.setSecurityManager(new WrappedSecurityManager(webSecurityManager));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.servlet.AbstractShiroFilter
    public void executeChain(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (EnvironmentLoaderListener.isShiroEEDisabled(getServletContext())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (Boolean.TRUE.equals(servletRequest.getAttribute("com.flowlogix.form-is-resubmitted")) && FormResubmitSupport.isPostRequest(servletRequest)) {
            servletRequest.setCharacterEncoding(StandardCharsets.UTF_8.name());
            servletRequest.removeAttribute("com.flowlogix.form-is-resubmitted");
            String postData = FormResubmitSupport.getPostData(servletRequest);
            log.debug("Resubmitting Post Data: {}", postData);
            HttpServletRequest http = WebUtils.toHttp(servletRequest);
            Optional.ofNullable(FormResubmitSupport.resubmitSavedForm(postData, Servlets.getRequestURLWithQueryString(http), WebUtils.toHttp(servletRequest), WebUtils.toHttp(servletResponse), servletRequest.getServletContext(), "partial/ajax".equals(http.getHeader("Faces-Request")))).ifPresent(str -> {
                sendRedirect(servletResponse, str);
            });
        } else {
            servletRequest.setCharacterEncoding(StandardCharsets.UTF_8.name());
            super.executeChain(servletRequest, servletResponse, filterChain);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void sendRedirect(ServletResponse servletResponse, String str) {
        try {
            WebUtils.toHttp(servletResponse).sendRedirect(str);
        } catch (IOException e) {
            throw e;
        }
    }
}
