package com.sforce.dataset.server.auth;

import com.sforce.soap.partner.PartnerConnection;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpHeaders;
import org.eclipse.jetty.util.URIUtil;

/* loaded from: input_file:com/sforce/dataset/server/auth/AuthFilter.class */
public class AuthFilter implements Filter {
    static final String FILTER_ALREADY_VISITED = "__force_auth_filter_already_visited";
    static final String SECURITY_AUTH_SUBJECT = "javax.security.auth.subject";
    static final String SECURITY_CONFIG_NAME = "ForceLogin";
    static final String DEFAULT_USER_PROFILE = "myProfile";
    static final String CONTEXT_STORE_SESSION_VALUE = "session";
    public static final String FORCE_FORCE_SESSION = "force_sid";
    public static final String FORCE_FORCE_ENDPOINT = "force_ep";
    public static final String DEFAULT_ROLE = "ROLE_USER";
    public static final String REDIRECT_AUTH_URI = "/_auth";
    private String logoutUrl = "";
    private String loginUrl = "/login.html";
    private String oauthCallbackUrl = "/oauthcallback.html";
    private SecurityContextSessionStore securityContextSessionStore = null;

    /* loaded from: input_file:com/sforce/dataset/server/auth/AuthFilter$AuthenticatedRequestWrapper.class */
    private static final class AuthenticatedRequestWrapper extends HttpServletRequestWrapper {
        private final ForceUserPrincipal userP;
        private final ForceRolePrincipal roleP;

        public AuthenticatedRequestWrapper(HttpServletRequest httpServletRequest, SecurityContext securityContext) {
            super(httpServletRequest);
            this.userP = new ForceUserPrincipal(securityContext.getUserName(), securityContext.getSessionId());
            this.roleP = new ForceRolePrincipal(securityContext.getRole());
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getRemoteUser() {
            return this.userP != null ? this.userP.getName() : super.getRemoteUser();
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public Principal getUserPrincipal() {
            return this.userP != null ? this.userP : super.getUserPrincipal();
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public boolean isUserInRole(String str) {
            return this.roleP != null ? this.roleP.getName().endsWith(str) : super.isUserInRole(str);
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.logoutUrl = "/logout";
        this.securityContextSessionStore = new SecurityContextSessionStore();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "private, no-store, no-cache, must-revalidate,max-age=0");
        httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
        httpServletResponse.setHeader(HttpHeaders.EXPIRES, "Tue, 01 Jan 1980 1:00:00 GMT");
        httpServletRequest.getServletPath();
        SecurityContext securityContext = null;
        if (httpServletRequest.getAttribute(FILTER_ALREADY_VISITED) != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (URIUtil.SLASH.equals(httpServletRequest.getServletPath())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (isLogoutUrl(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (isLoginUrl(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (isOauthCallbackUrl(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (isSettingsUrl(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!REDIRECT_AUTH_URI.equals(httpServletRequest.getServletPath())) {
            securityContext = this.securityContextSessionStore.retreiveSecurityContext(httpServletRequest);
        }
        if (securityContext != null && getConnection(httpServletRequest) == null) {
            this.securityContextSessionStore.clearSecurityContext(httpServletRequest);
            securityContext = null;
        }
        try {
            if (securityContext == null) {
                doLogin(httpServletRequest, httpServletResponse);
                return;
            }
            try {
                httpServletRequest.setAttribute(FILTER_ALREADY_VISITED, Boolean.TRUE);
                filterChain.doFilter(new AuthenticatedRequestWrapper(httpServletRequest, securityContext), httpServletResponse);
                httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
            } catch (SessionExpirationException e) {
                doLogin(httpServletRequest, httpServletResponse);
                httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
            } catch (SecurityException e2) {
                httpServletResponse.sendError(403, httpServletRequest.getRequestURI());
                httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
            }
        } catch (Throwable th) {
            httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
            throw th;
        }
    }

    private void doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        httpServletResponse.addHeader("REQUIRES_AUTH", "1");
        httpServletResponse.sendRedirect("/login.html");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private boolean isLogoutUrl(HttpServletRequest httpServletRequest) {
        return (this.logoutUrl == null || "".equals(this.logoutUrl) || !this.logoutUrl.equals(httpServletRequest.getServletPath())) ? false : true;
    }

    private boolean isLoginUrl(HttpServletRequest httpServletRequest) {
        return (this.loginUrl == null || "".equals(this.loginUrl) || !this.loginUrl.equals(httpServletRequest.getServletPath())) ? false : true;
    }

    private boolean isOauthCallbackUrl(HttpServletRequest httpServletRequest) {
        return (this.oauthCallbackUrl == null || "".equals(this.oauthCallbackUrl) || !this.oauthCallbackUrl.equals(httpServletRequest.getServletPath())) ? false : true;
    }

    private boolean isSettingsUrl(HttpServletRequest httpServletRequest) {
        return "/settings.html".equals(httpServletRequest.getServletPath()) || "/settings".equals(httpServletRequest.getServletPath());
    }

    public static PartnerConnection getConnection(HttpServletRequest httpServletRequest) {
        PartnerConnection partnerConnection = null;
        SecurityContextSessionStore securityContextSessionStore = new SecurityContextSessionStore();
        try {
            SecurityContext retreiveSecurityContext = securityContextSessionStore.retreiveSecurityContext(httpServletRequest);
            if (retreiveSecurityContext == null) {
                partnerConnection = null;
            } else if (retreiveSecurityContext.getConnection() != null && retreiveSecurityContext.getSessionId() != null && retreiveSecurityContext.getEndPoint() != null && retreiveSecurityContext.getLastRefreshTimestamp() != null) {
                partnerConnection = retreiveSecurityContext.getConnection();
            }
        } catch (Throwable th) {
            partnerConnection = null;
        }
        if (partnerConnection == null) {
            securityContextSessionStore.clearSecurityContext(httpServletRequest);
        }
        return partnerConnection;
    }
}
