package waffle.spring;

import com.sun.jna.platform.win32.WinError;
import java.io.IOException;
import java.util.Locale;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
import waffle.servlet.AutoDisposableWindowsPrincipal;
import waffle.servlet.WindowsPrincipal;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.util.AuthorizationHeader;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsImpersonationContext;
import waffle.windows.auth.PrincipalFormat;

/* loaded from: input_file:WEB-INF/lib/waffle-spring-security5-3.5.2-SNAPSHOT.jar:waffle/spring/NegotiateSecurityFilter.class */
public class NegotiateSecurityFilter extends GenericFilterBean {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) NegotiateSecurityFilter.class);
    private SecurityFilterProviderCollection provider;
    private boolean impersonate;
    private PrincipalFormat principalFormat = PrincipalFormat.FQN;
    private PrincipalFormat roleFormat = PrincipalFormat.FQN;
    private boolean allowGuestLogin = true;
    private GrantedAuthorityFactory grantedAuthorityFactory = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY_FACTORY;
    private GrantedAuthority defaultGrantedAuthority = WindowsAuthenticationToken.DEFAULT_GRANTED_AUTHORITY;

    public NegotiateSecurityFilter() {
        LOGGER.debug("[waffle.spring.NegotiateSecurityFilter] loaded");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        LOGGER.debug("{} {}, contentlength: {}", httpServletRequest.getMethod(), httpServletRequest.getRequestURI(), Integer.valueOf(httpServletRequest.getContentLength()));
        AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
        if (authorizationHeader.isNull() || !this.provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            IWindowsIdentity doFilter = this.provider.doFilter(httpServletRequest, httpServletResponse);
            if (doFilter == null) {
                return;
            }
            IWindowsImpersonationContext iWindowsImpersonationContext = null;
            try {
                if (!this.allowGuestLogin && doFilter.isGuest()) {
                    LOGGER.warn("guest login disabled: {}", doFilter.getFqn());
                    sendUnauthorized(httpServletResponse, true);
                    if (!this.impersonate || 0 == 0) {
                        doFilter.dispose();
                        return;
                    } else {
                        LOGGER.debug("terminating impersonation");
                        iWindowsImpersonationContext.revertToSelf();
                        return;
                    }
                }
                LOGGER.debug("logged in user: {} ({})", doFilter.getFqn(), doFilter.getSidString());
                WindowsPrincipal autoDisposableWindowsPrincipal = this.impersonate ? new AutoDisposableWindowsPrincipal(doFilter, this.principalFormat, this.roleFormat) : new WindowsPrincipal(doFilter, this.principalFormat, this.roleFormat);
                LOGGER.debug("roles: {}", autoDisposableWindowsPrincipal.getRolesString());
                if (!setAuthentication(httpServletRequest, httpServletResponse, new WindowsAuthenticationToken(autoDisposableWindowsPrincipal, this.grantedAuthorityFactory, this.defaultGrantedAuthority))) {
                    if (!z || iWindowsImpersonationContext == null) {
                        return;
                    } else {
                        return;
                    }
                }
                LOGGER.info("successfully logged in user: {}", doFilter.getFqn());
                if (this.impersonate) {
                    LOGGER.debug("impersonating user");
                    iWindowsImpersonationContext = doFilter.impersonate();
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                if (!this.impersonate || iWindowsImpersonationContext == null) {
                    doFilter.dispose();
                } else {
                    LOGGER.debug("terminating impersonation");
                    iWindowsImpersonationContext.revertToSelf();
                }
            } finally {
                if (!this.impersonate || 0 == 0) {
                    doFilter.dispose();
                } else {
                    LOGGER.debug("terminating impersonation");
                    iWindowsImpersonationContext.revertToSelf();
                }
            }
        } catch (IOException e) {
            LOGGER.warn("error logging in user: {}", e.getMessage());
            LOGGER.trace("", (Throwable) e);
            sendUnauthorized(httpServletResponse, true);
        }
    }

    protected boolean setAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        SecurityContextHolder.getContext().setAuthentication(authentication);
        return true;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        if (this.provider == null) {
            throw new ServletException("Missing NegotiateSecurityFilter.Provider");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendUnauthorized(HttpServletResponse httpServletResponse, boolean z) {
        try {
            this.provider.sendUnauthorized(httpServletResponse);
            if (z) {
                httpServletResponse.setHeader(HttpHeaders.CONNECTION, "close");
            } else {
                httpServletResponse.setHeader(HttpHeaders.CONNECTION, "keep-alive");
            }
            httpServletResponse.sendError(WinError.ERROR_THREAD_MODE_NOT_BACKGROUND);
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public PrincipalFormat getPrincipalFormat() {
        return this.principalFormat;
    }

    public void setPrincipalFormatEnum(PrincipalFormat principalFormat) {
        this.principalFormat = principalFormat;
    }

    public void setPrincipalFormat(String str) {
        setPrincipalFormatEnum(PrincipalFormat.valueOf(str.toUpperCase(Locale.ENGLISH)));
    }

    public PrincipalFormat getRoleFormat() {
        return this.roleFormat;
    }

    public void setRoleFormatEnum(PrincipalFormat principalFormat) {
        this.roleFormat = principalFormat;
    }

    public void setRoleFormat(String str) {
        setRoleFormatEnum(PrincipalFormat.valueOf(str.toUpperCase(Locale.ENGLISH)));
    }

    public boolean isAllowGuestLogin() {
        return this.allowGuestLogin;
    }

    public void setAllowGuestLogin(boolean z) {
        this.allowGuestLogin = z;
    }

    public void setImpersonate(boolean z) {
        this.impersonate = z;
    }

    public boolean isImpersonate() {
        return this.impersonate;
    }

    public SecurityFilterProviderCollection getProvider() {
        return this.provider;
    }

    public void setProvider(SecurityFilterProviderCollection securityFilterProviderCollection) {
        this.provider = securityFilterProviderCollection;
    }

    public GrantedAuthorityFactory getGrantedAuthorityFactory() {
        return this.grantedAuthorityFactory;
    }

    public void setGrantedAuthorityFactory(GrantedAuthorityFactory grantedAuthorityFactory) {
        this.grantedAuthorityFactory = grantedAuthorityFactory;
    }

    public GrantedAuthority getDefaultGrantedAuthority() {
        return this.defaultGrantedAuthority;
    }

    public void setDefaultGrantedAuthority(GrantedAuthority grantedAuthority) {
        this.defaultGrantedAuthority = grantedAuthority;
    }
}
