package com.evolveum.midpoint.web.security.filter;

import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.security.BasicMidPointAuthenticationSuccessHandler;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/filter/HttpAuthenticationFilter.class */
public abstract class HttpAuthenticationFilter extends BasicAuthenticationFilter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) HttpAuthenticationFilter.class);
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private RememberMeServices rememberMeServices;
    private String credentialsCharset;
    private AuthenticationSuccessHandler successHandler;

    public HttpAuthenticationFilter(AuthenticationManager authenticationManager, AuthenticationEntryPoint authenticationEntryPoint) {
        super(authenticationManager, authenticationEntryPoint);
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.rememberMeServices = new NullRememberMeServices();
        this.credentialsCharset = "UTF-8";
        this.successHandler = new BasicMidPointAuthenticationSuccessHandler();
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter, org.springframework.web.filter.OncePerRequestFilter
    protected abstract void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException;

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] extractAndDecodeHeader(String str, HttpServletRequest httpServletRequest, int i) throws IOException {
        try {
            String str2 = new String(Base64.getDecoder().decode(str.substring(i).getBytes(StandardCharsets.UTF_8)), getCredentialsCharset(httpServletRequest));
            int indexOf = str2.indexOf(":");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid authentication token");
            }
            return new String[]{str2.substring(0, indexOf), str2.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode authentication token");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean authenticationIsRequired(String str, Class<? extends Authentication> cls) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return true;
        }
        return (((authentication != null && authentication.getClass().isAssignableFrom(cls)) || (authentication instanceof MidpointAuthentication)) && !authentication.getName().equals(str)) || (authentication instanceof AnonymousAuthenticationToken);
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter
    public void setRememberMeServices(RememberMeServices rememberMeServices) {
        Assert.notNull(rememberMeServices, "rememberMeServices cannot be null");
        this.rememberMeServices = rememberMeServices;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RememberMeServices getRememberMeServices() {
        return this.rememberMeServices;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
        return this.authenticationDetailsSource;
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter
    public void setCredentialsCharset(String str) {
        Assert.hasText(str, "credentialsCharset cannot be null or empty");
        this.credentialsCharset = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter
    public String getCredentialsCharset(HttpServletRequest httpServletRequest) {
        return this.credentialsCharset;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter
    public void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        try {
            this.successHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
        } catch (ServletException e) {
            LOGGER.error("Couldn't execute post successful authentication method", e);
        }
    }
}
