package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.FirewalledRequest;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.util.UrlUtils;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/MidpointFilterChainProxy.class */
public class MidpointFilterChainProxy extends FilterChainProxy {
    private static final Trace LOGGER = TraceManager.getTrace(MidpointFilterChainProxy.class);
    private static final String FILTER_APPLIED = MidpointFilterChainProxy.class.getName().concat(".APPLIED");
    private final List<SecurityFilterChain> filterChains;
    private FilterChainValidator filterChainValidator = new NullFilterChainValidator();
    private HttpFirewall firewall = new StrictHttpFirewall();

    /* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/MidpointFilterChainProxy$FilterChainValidator.class */
    public interface FilterChainValidator {
        void validate(MidpointFilterChainProxy midpointFilterChainProxy);
    }

    /* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/MidpointFilterChainProxy$NullFilterChainValidator.class */
    private static class NullFilterChainValidator implements FilterChainValidator {
        private NullFilterChainValidator() {
        }

        @Override // com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy.FilterChainValidator
        public void validate(MidpointFilterChainProxy midpointFilterChainProxy) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/MidpointFilterChainProxy$VirtualFilterChain.class */
    public static class VirtualFilterChain implements FilterChain {
        private final FilterChain originalChain;
        private final List<Filter> additionalFilters;
        private final FirewalledRequest firewalledRequest;
        private final int size;
        private int currentPosition = 0;

        private VirtualFilterChain(FirewalledRequest firewalledRequest, FilterChain filterChain, List<Filter> list) {
            this.originalChain = filterChain;
            this.additionalFilters = list;
            this.size = list.size();
            this.firewalledRequest = firewalledRequest;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            if (this.currentPosition == this.size) {
                if (MidpointFilterChainProxy.LOGGER.isDebugEnabled()) {
                    MidpointFilterChainProxy.LOGGER.debug(UrlUtils.buildRequestUrl(this.firewalledRequest) + " reached end of additional filter chain");
                    return;
                }
                return;
            }
            this.currentPosition++;
            Filter filter = this.additionalFilters.get(this.currentPosition - 1);
            if (MidpointFilterChainProxy.LOGGER.isDebugEnabled()) {
                MidpointFilterChainProxy.LOGGER.debug(UrlUtils.buildRequestUrl(this.firewalledRequest) + " at position " + this.currentPosition + " of " + this.size + " in additional filter chain; firing Filter: '" + filter.getClass().getSimpleName() + "'");
            }
            if (filter instanceof MidpointAuthFilter) {
                filter.doFilter(servletRequest, servletResponse, this.originalChain);
            } else {
                filter.doFilter(servletRequest, servletResponse, this);
            }
        }
    }

    public MidpointFilterChainProxy(List<SecurityFilterChain> list) {
        this.filterChains = list;
    }

    public void afterPropertiesSet() {
        this.filterChainValidator.validate(this);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest.getAttribute(FILTER_APPLIED) == null)) {
            doFilterInternal(servletRequest, servletResponse, filterChain);
            return;
        }
        try {
            servletRequest.setAttribute(FILTER_APPLIED, Boolean.TRUE);
            doFilterInternal(servletRequest, servletResponse, filterChain);
            SecurityContextHolder.clearContext();
            servletRequest.removeAttribute(FILTER_APPLIED);
        } catch (Throwable th) {
            SecurityContextHolder.clearContext();
            servletRequest.removeAttribute(FILTER_APPLIED);
            throw th;
        }
    }

    private void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequest firewalledRequest = this.firewall.getFirewalledRequest((HttpServletRequest) servletRequest);
        ServletResponse firewalledResponse = this.firewall.getFirewalledResponse((HttpServletResponse) servletResponse);
        List<Filter> filters = getFilters((HttpServletRequest) firewalledRequest);
        if (filters != null && filters.size() != 0) {
            new VirtualFilterChain(firewalledRequest, filterChain, filters).doFilter(firewalledRequest, firewalledResponse);
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(UrlUtils.buildRequestUrl(firewalledRequest) + (filters == null ? " has no matching filters" : " has an empty filter list"));
        }
        firewalledRequest.reset();
        filterChain.doFilter(firewalledRequest, firewalledResponse);
    }

    private List<Filter> getFilters(HttpServletRequest httpServletRequest) {
        for (SecurityFilterChain securityFilterChain : this.filterChains) {
            if (securityFilterChain.matches(httpServletRequest)) {
                return securityFilterChain.getFilters();
            }
        }
        return null;
    }

    public List<Filter> getFilters(String str) {
        return getFilters((HttpServletRequest) this.firewall.getFirewalledRequest(new FilterInvocation(str, "GET").getRequest()));
    }

    public List<SecurityFilterChain> getFilterChains() {
        return Collections.unmodifiableList(this.filterChains);
    }

    public void setFilterChainValidator(FilterChainValidator filterChainValidator) {
        this.filterChainValidator = filterChainValidator;
    }

    public void setFirewall(HttpFirewall httpFirewall) {
        this.firewall = httpFirewall;
    }

    public String toString() {
        return "FilterChainProxy[Filter Chains: " + this.filterChains + "]";
    }
}
