package org.kuali.kfs.krad.web.filter;

import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.ThreadContext;
import org.kuali.kfs.core.api.config.property.ConfigContext;
import org.kuali.kfs.core.api.resourceloader.GlobalResourceLoader;
import org.kuali.kfs.coreservice.framework.CoreFrameworkServiceLocator;
import org.kuali.kfs.coreservice.framework.parameter.ParameterService;
import org.kuali.kfs.kew.api.KewApiConstants;
import org.kuali.kfs.kim.api.identity.AuthenticationService;
import org.kuali.kfs.kns.bo.AuthenticationValidationResponse;
import org.kuali.kfs.kns.service.CfAuthenticationService;
import org.kuali.kfs.kns.service.KNSServiceLocator;
import org.kuali.kfs.krad.UserSession;
import org.kuali.kfs.krad.exception.AuthenticationException;
import org.kuali.kfs.krad.util.KRADConstants;
import org.kuali.kfs.krad.util.KRADUtils;
import org.kuali.kfs.sys.KFSConstants;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2023-02-22.jar:org/kuali/kfs/krad/web/filter/LoginFilterBase.class */
public abstract class LoginFilterBase implements Filter {
    private static final String MDC_USER = "user";
    protected ParameterService parameterService;
    protected CfAuthenticationService cfAuthenticationService;
    private FilterConfig filterConfig;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    public void destroy() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isUserSessionEstablished(HttpServletRequest httpServletRequest) {
        return KRADUtils.getUserSessionFromRequest(httpServletRequest) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void establishUserSession(HttpServletRequest httpServletRequest) {
        if (isUserSessionEstablished(httpServletRequest)) {
            return;
        }
        String principalName = ((AuthenticationService) GlobalResourceLoader.getService(new QName("kimAuthenticationService"))).getPrincipalName(httpServletRequest);
        switch (getCfAuthenticationService().validatePrincipalName(principalName)) {
            case INVALID_PRINCIPAL_NAME_BLANK:
                throw new AuthenticationException("Blank User from AuthenticationService - This should never happen.");
            case INVALID_PRINCIPAL_DOES_NOT_EXIST:
                throw new AuthenticationException("Unknown User: " + principalName);
            case INVALID_PRINCIPAL_CANNOT_LOGIN:
                throw new AuthenticationException("You cannot log in, because you are not an active Kuali user.\nPlease ask someone to activate your account if you need to use Kuali Systems.\nThe user id provided was: " + principalName + ".\n");
            default:
                UserSession userSession = new UserSession(principalName);
                if (userSession.getPerson() == null) {
                    throw new AuthenticationException("Invalid User: " + principalName);
                }
                httpServletRequest.getSession().setAttribute(KRADConstants.USER_SESSION_KEY, userSession);
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void establishSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String kualiSessionId = getKualiSessionId(httpServletRequest.getCookies());
        if (kualiSessionId == null) {
            kualiSessionId = UUID.randomUUID().toString();
            Cookie cookie = new Cookie(KRADConstants.KUALI_SESSION_ID, kualiSessionId);
            cookie.setPath(this.filterConfig.getServletContext().getContextPath());
            cookie.setSecure(httpServletRequest.isSecure());
            httpServletResponse.addCookie(cookie);
        }
        KRADUtils.getUserSessionFromRequest(httpServletRequest).setKualiSessionId(kualiSessionId);
    }

    private String getKualiSessionId(Cookie[] cookieArr) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (KRADConstants.KUALI_SESSION_ID.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void establishBackdoorUser(HttpServletRequest httpServletRequest) {
        if (ConfigContext.getCurrentContextConfig().isProductionEnvironment()) {
            return;
        }
        String parameter = httpServletRequest.getParameter("backdoorId");
        if (StringUtils.isNotBlank(parameter) && getCfAuthenticationService().validatePrincipalName(parameter) == AuthenticationValidationResponse.VALID_AUTHENTICATION && getParameterService().getParameterValueAsBoolean(KFSConstants.CoreModuleNamespaces.WORKFLOW, KRADConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KewApiConstants.SHOW_BACK_DOOR_LOGIN_IND).booleanValue()) {
            try {
                KRADUtils.getUserSessionFromRequest(httpServletRequest).setBackdoorUser(parameter);
            } catch (RuntimeException e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addToMDC(HttpServletRequest httpServletRequest) {
        ThreadContext.put("user", KRADUtils.getUserSessionFromRequest(httpServletRequest).getUserToLog());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeFromMDC() {
        ThreadContext.remove("user");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CfAuthenticationService getCfAuthenticationService() {
        if (this.cfAuthenticationService == null) {
            this.cfAuthenticationService = KNSServiceLocator.getCfAuthenticationService();
        }
        return this.cfAuthenticationService;
    }

    protected ParameterService getParameterService() {
        if (this.parameterService == null) {
            this.parameterService = CoreFrameworkServiceLocator.getParameterService();
        }
        return this.parameterService;
    }
}
