package org.kuali.kfs.sys.web.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.kuali.kfs.sys.businessobject.JwtData;
import org.kuali.kfs.sys.context.SpringContext;
import org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService;
import org.kuali.kfs.sys.service.JwtService;
import org.kuali.rice.core.api.config.property.ConfigurationService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2018-04-12.jar:org/kuali/kfs/sys/web/filter/AuthenticationTokenFilter.class */
public class AuthenticationTokenFilter implements Filter {
    private static final Logger LOG = Logger.getLogger(AuthenticationTokenFilter.class);
    public static final String AUTH_TOKEN_COOKIE_NAME = "authToken";
    public static final String FIN_AUTH_TOKEN_COOKIE_NAME = "financialsAuthToken";
    public static final String JWT_EXPIRATION_SECONDS = "jwt.expiration.seconds";
    private ConfigurationService configurationService;
    private JwtService jwtService;
    private CoreApiKeyAuthenticationService coreApiKeyAuthenticationService;
    private FilterConfig filterConfig;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (getCoreApiKeyAuthenticationService().useCore()) {
            coreDoFilter(httpServletRequest, httpServletResponse, filterChain);
        } else {
            nonCoreDoFilter(httpServletRequest, httpServletResponse, filterChain);
        }
    }

    protected void coreDoFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Optional<String> coreAuthToken = getCoreAuthToken(httpServletRequest);
        if (!coreAuthToken.isPresent()) {
            throw new RuntimeException("Unable to access core token");
        }
        Optional<String> financialsAuthToken = getFinancialsAuthToken(httpServletRequest);
        if (financialsAuthToken.isPresent()) {
            try {
                if (!getCoreApiKeyAuthenticationService().getPrincipalIdFromApiKey(financialsAuthToken.get()).isPresent()) {
                    throw new RuntimeException();
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (RuntimeException e) {
                LOG.debug("Nothing to see here, we got a bad financialsAuthToken and need to update it");
            }
        }
        Cookie cookie = new Cookie(FIN_AUTH_TOKEN_COOKIE_NAME, coreAuthToken.get());
        cookie.setSecure(httpServletRequest.isSecure());
        cookie.setPath(this.filterConfig.getServletContext().getContextPath());
        httpServletResponse.addCookie(cookie);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void nonCoreDoFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String generateJwt;
        Optional<String> financialsAuthToken = getFinancialsAuthToken(httpServletRequest);
        if (financialsAuthToken.isPresent()) {
            try {
                getJwtService().decodeJwt(financialsAuthToken.get());
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (RuntimeException e) {
                generateJwt = getJwtService().generateJwt(new JwtData(httpServletRequest.getRemoteUser(), getExpirationSeconds()));
            }
        } else {
            generateJwt = getJwtService().generateJwt(new JwtData(httpServletRequest.getRemoteUser(), getExpirationSeconds()));
        }
        Cookie cookie = new Cookie(FIN_AUTH_TOKEN_COOKIE_NAME, generateJwt);
        cookie.setSecure(httpServletRequest.isSecure());
        cookie.setPath(this.filterConfig.getServletContext().getContextPath());
        httpServletResponse.addCookie(cookie);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    protected int getExpirationSeconds() {
        String propertyValueAsString = getConfigurationService().getPropertyValueAsString(JWT_EXPIRATION_SECONDS);
        if (propertyValueAsString == null) {
            LOG.error("getExpirationSeconds() Missing configuration property: jwt.expiration.seconds");
            throw new RuntimeException("Missing configuration property: jwt.expiration.seconds");
        }
        try {
            return new Integer(propertyValueAsString).intValue();
        } catch (NumberFormatException e) {
            LOG.error("getExpirationSeconds() Invalid configuration property - must be number: jwt.expiration.seconds", e);
            throw new RuntimeException("Invalid configuration property: jwt.expiration.seconds");
        }
    }

    protected Optional<String> getFinancialsAuthToken(HttpServletRequest httpServletRequest) {
        return getCookie(httpServletRequest, FIN_AUTH_TOKEN_COOKIE_NAME);
    }

    protected Optional<String> getCoreAuthToken(HttpServletRequest httpServletRequest) {
        return getCookie(httpServletRequest, AUTH_TOKEN_COOKIE_NAME);
    }

    protected Optional<String> getCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        return cookies != null ? Arrays.asList(cookies).stream().filter(cookie -> {
            return cookie.getName().equals(str);
        }).findFirst().map(cookie2 -> {
            return cookie2.getValue();
        }) : Optional.empty();
    }

    protected ConfigurationService getConfigurationService() {
        if (this.configurationService == null) {
            this.configurationService = (ConfigurationService) SpringContext.getBean(ConfigurationService.class);
        }
        return this.configurationService;
    }

    protected JwtService getJwtService() {
        if (this.jwtService == null) {
            this.jwtService = (JwtService) SpringContext.getBean(JwtService.class);
        }
        return this.jwtService;
    }

    protected CoreApiKeyAuthenticationService getCoreApiKeyAuthenticationService() {
        if (this.coreApiKeyAuthenticationService == null) {
            this.coreApiKeyAuthenticationService = (CoreApiKeyAuthenticationService) SpringContext.getBean(CoreApiKeyAuthenticationService.class);
        }
        return this.coreApiKeyAuthenticationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public void setJwtService(JwtService jwtService) {
        this.jwtService = jwtService;
    }

    public void setCoreApiKeyAuthenticationService(CoreApiKeyAuthenticationService coreApiKeyAuthenticationService) {
        this.coreApiKeyAuthenticationService = coreApiKeyAuthenticationService;
    }
}
