package org.echocat.marquardt.service;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.echocat.marquardt.common.CertificateValidator;
import org.echocat.marquardt.common.domain.Signable;
import org.echocat.marquardt.common.domain.certificate.Certificate;
import org.echocat.marquardt.common.domain.certificate.Role;
import org.echocat.marquardt.common.exceptions.InvalidCertificateException;
import org.echocat.marquardt.common.exceptions.SignatureValidationFailedException;
import org.echocat.marquardt.common.web.RequestValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/echocat/marquardt/service/CertificateAuthenticationFilter.class */
public abstract class CertificateAuthenticationFilter<SIGNABLE extends Signable, ROLE extends Role> implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateAuthenticationFilter.class);
    private final CertificateValidator<SIGNABLE, ROLE> _certificateValidator;
    private final RequestValidator _requestValidator;

    public CertificateAuthenticationFilter(CertificateValidator<SIGNABLE, ROLE> certificateValidator, RequestValidator requestValidator) {
        this._certificateValidator = certificateValidator;
        this._requestValidator = requestValidator;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        try {
            try {
                String header = httpServletRequest.getHeader("X-Certificate");
                if (header != null) {
                    Certificate<SIGNABLE> deserializeAndValidateCertificate = this._certificateValidator.deserializeAndValidateCertificate(Base64.decodeBase64(header));
                    LOGGER.debug("Successful extracted user info from header {}", deserializeAndValidateCertificate.getPayload());
                    if (this._requestValidator.isValid(httpServletRequest, deserializeAndValidateCertificate.getClientPublicKey())) {
                        authenticateUser(deserializeAndValidateCertificate);
                    }
                }
                filterChain.doFilter(servletRequest, servletResponse);
            } catch (InvalidCertificateException e) {
                LOGGER.debug("invalid certificate provided: ", e);
                filterChain.doFilter(servletRequest, servletResponse);
            } catch (SignatureValidationFailedException e2) {
                LOGGER.debug("request signature could not be validated: ", e2);
                filterChain.doFilter(servletRequest, servletResponse);
            }
        } catch (Throwable th) {
            filterChain.doFilter(servletRequest, servletResponse);
            throw th;
        }
    }

    protected abstract void authenticateUser(Certificate<SIGNABLE> certificate);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
