package io.hawt.web;

import io.hawt.system.Authenticator;
import io.hawt.system.Helpers;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jgit.lib.RefDatabase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/io/hawt/web/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final transient Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class);
    private String realm;
    private String role;
    private boolean enabled;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.realm = (String) filterConfig.getServletContext().getAttribute("realm");
        this.role = (String) filterConfig.getServletContext().getAttribute("role");
        this.enabled = ((Boolean) filterConfig.getServletContext().getAttribute("authEnabled")).booleanValue();
        if (this.enabled) {
            LOG.info("Starting hawtio authentication filter, authentication realm: \"" + this.realm + "\" authorized role: \"" + this.role + "\"");
        } else {
            LOG.info("Starting hawtio authentication filter, authentication disabled");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.realm == null || this.realm.equals(RefDatabase.ALL) || !this.enabled) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(false);
        LOG.debug("Handling request for path {}", httpServletRequest.getServletPath());
        if (session != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String servletPath = httpServletRequest.getServletPath();
        if (!(servletPath.startsWith("/auth") || servletPath.startsWith("/jolokia") || servletPath.startsWith("/upload"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        LOG.debug("Doing authentication and authorization for path {}", servletPath);
        switch (Authenticator.authenticate(this.realm, this.role, httpServletRequest)) {
            case AUTHORIZED:
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            case NOT_AUTHORIZED:
                Helpers.doForbidden((HttpServletResponse) servletResponse);
                return;
            case NO_CREDENTIALS:
                Helpers.doForbidden((HttpServletResponse) servletResponse);
                return;
            default:
                return;
        }
    }

    public void destroy() {
        LOG.info("Destroying hawtio authentication filter");
    }
}
