package org.springframework.security.cas.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.util.CommonUtils;
import org.springframework.context.ApplicationEvent;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-cas-5.1.0.M1.jar:org/springframework/security/cas/web/CasAuthenticationFilter.class */
public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String CAS_STATEFUL_IDENTIFIER = "_cas_stateful_";
    public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
    private RequestMatcher proxyReceptorMatcher;
    private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
    private String artifactParameter;
    private boolean authenticateAllArtifacts;
    private AuthenticationFailureHandler proxyFailureHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-security-cas-5.1.0.M1.jar:org/springframework/security/cas/web/CasAuthenticationFilter$CasAuthenticationFailureHandler.class */
    public class CasAuthenticationFailureHandler implements AuthenticationFailureHandler {
        private final AuthenticationFailureHandler serviceTicketFailureHandler;

        public CasAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
            Assert.notNull(authenticationFailureHandler, "failureHandler");
            this.serviceTicketFailureHandler = authenticationFailureHandler;
        }

        @Override // org.springframework.security.web.authentication.AuthenticationFailureHandler
        public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
            if (CasAuthenticationFilter.this.serviceTicketRequest(httpServletRequest, httpServletResponse)) {
                this.serviceTicketFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
            } else {
                CasAuthenticationFilter.this.proxyFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
            }
        }
    }

    public CasAuthenticationFilter() {
        super("/login/cas");
        this.artifactParameter = "ticket";
        this.proxyFailureHandler = new SimpleUrlAuthenticationFailureHandler();
        setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public final void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        if (!proxyTicketRequest(serviceTicketRequest(httpServletRequest, httpServletResponse), httpServletRequest)) {
            super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authentication);
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent((ApplicationEvent) new InteractiveAuthenticationSuccessEvent(authentication, getClass()));
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        if (proxyReceptorRequest(httpServletRequest)) {
            this.logger.debug("Responding to proxy receptor request");
            CommonUtils.readAndRespondToProxyReceptorRequest(httpServletRequest, httpServletResponse, this.proxyGrantingTicketStorage);
            return null;
        }
        String str = serviceTicketRequest(httpServletRequest, httpServletResponse) ? CAS_STATEFUL_IDENTIFIER : CAS_STATELESS_IDENTIFIER;
        String obtainArtifact = obtainArtifact(httpServletRequest);
        if (obtainArtifact == null) {
            this.logger.debug("Failed to obtain an artifact (cas ticket)");
            obtainArtifact = "";
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, obtainArtifact);
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
    }

    protected String obtainArtifact(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.artifactParameter);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean serviceTicketRequest = serviceTicketRequest(httpServletRequest, httpServletResponse);
        boolean z = serviceTicketRequest || proxyReceptorRequest(httpServletRequest) || proxyTicketRequest(serviceTicketRequest, httpServletRequest);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("requiresAuthentication = " + z);
        }
        return z;
    }

    public final void setProxyAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        Assert.notNull(authenticationFailureHandler, "proxyFailureHandler cannot be null");
        this.proxyFailureHandler = authenticationFailureHandler;
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public final void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        super.setAuthenticationFailureHandler(new CasAuthenticationFailureHandler(authenticationFailureHandler));
    }

    public final void setProxyReceptorUrl(String str) {
        this.proxyReceptorMatcher = new AntPathRequestMatcher("/**" + str);
    }

    public final void setProxyGrantingTicketStorage(ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
        this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
    }

    public final void setServiceProperties(ServiceProperties serviceProperties) {
        this.artifactParameter = serviceProperties.getArtifactParameter();
        this.authenticateAllArtifacts = serviceProperties.isAuthenticateAllArtifacts();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean serviceTicketRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean requiresAuthentication = super.requiresAuthentication(httpServletRequest, httpServletResponse);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("serviceTicketRequest = " + requiresAuthentication);
        }
        return requiresAuthentication;
    }

    private boolean proxyTicketRequest(boolean z, HttpServletRequest httpServletRequest) {
        if (z) {
            return false;
        }
        boolean z2 = (!this.authenticateAllArtifacts || obtainArtifact(httpServletRequest) == null || authenticated()) ? false : true;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("proxyTicketRequest = " + z2);
        }
        return z2;
    }

    private boolean authenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication == null || !authentication.isAuthenticated() || (authentication instanceof AnonymousAuthenticationToken)) ? false : true;
    }

    private boolean proxyReceptorRequest(HttpServletRequest httpServletRequest) {
        boolean z = proxyReceptorConfigured() && this.proxyReceptorMatcher.matches(httpServletRequest);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("proxyReceptorRequest = " + z);
        }
        return z;
    }

    private boolean proxyReceptorConfigured() {
        boolean z = (this.proxyGrantingTicketStorage == null || this.proxyReceptorMatcher == null) ? false : true;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("proxyReceptorConfigured = " + z);
        }
        return z;
    }
}
