package org.securityfilter.authenticator;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.FilterConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.securityfilter.config.SecurityConfig;
import org.securityfilter.filter.SecurityFilter;
import org.securityfilter.filter.SecurityRequestWrapper;
import org.securityfilter.filter.URLPattern;
import org.securityfilter.filter.URLPatternFactory;
import org.securityfilter.filter.URLPatternMatcher;
import org.securityfilter.realm.SecurityRealmInterface;

/* loaded from: input_file:WEB-INF/lib/securityfilter-b3p-5.0.0.jar:org/securityfilter/authenticator/CookieAuthenticator.class */
public class CookieAuthenticator implements Authenticator {
    protected SecurityRealmInterface realm;
    protected String realmName;
    protected String loginPage;
    protected URLPattern loginPagePattern;
    protected URLPattern logoutPagePattern;
    protected URLPattern errorPagePattern;
    protected String errorPage;
    public static final String AUTH_METHOD = "COOKIE";

    @Override // org.securityfilter.authenticator.Authenticator
    public boolean processLogin(SecurityRequestWrapper securityRequestWrapper, HttpServletResponse httpServletResponse) throws Exception {
        Cookie[] cookies;
        if (securityRequestWrapper.getUserPrincipal() != null || (cookies = securityRequestWrapper.getCookies()) == null) {
            return false;
        }
        Cookie cookie = null;
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            Cookie cookie2 = cookies[i];
            if (cookie2.getName().equals("AuthInfo")) {
                cookie = cookie2;
                break;
            }
            i++;
        }
        if (cookie == null) {
            return false;
        }
        Principal authenticate = this.realm.authenticate(cookie.getValue(), "");
        if (authenticate != null) {
            securityRequestWrapper.setUserPrincipal(authenticate);
            return false;
        }
        showError(securityRequestWrapper, httpServletResponse);
        return true;
    }

    @Override // org.securityfilter.authenticator.Authenticator
    public boolean processLogout(SecurityRequestWrapper securityRequestWrapper, HttpServletResponse httpServletResponse, URLPatternMatcher uRLPatternMatcher) throws Exception {
        return false;
    }

    @Override // org.securityfilter.authenticator.Authenticator
    public void showLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SecurityFilter.saveRequestInformation(httpServletRequest);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(this.loginPage));
    }

    private void showError(SecurityRequestWrapper securityRequestWrapper, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(this.errorPage));
    }

    @Override // org.securityfilter.authenticator.Authenticator
    public String getAuthMethod() {
        return AUTH_METHOD;
    }

    @Override // org.securityfilter.authenticator.Authenticator
    public void init(FilterConfig filterConfig, SecurityConfig securityConfig) throws Exception {
        this.realm = securityConfig.getRealm();
        this.realmName = securityConfig.getRealmName();
        URLPatternFactory uRLPatternFactory = new URLPatternFactory();
        this.loginPage = securityConfig.getLoginPage();
        this.loginPagePattern = uRLPatternFactory.createURLPattern(stripQueryString(this.loginPage), null, null, 0);
        this.errorPage = securityConfig.getErrorPage();
        this.errorPagePattern = uRLPatternFactory.createURLPattern(stripQueryString(this.errorPage), null, null, 0);
    }

    @Override // org.securityfilter.authenticator.Authenticator
    public boolean bypassSecurityForThisRequest(SecurityRequestWrapper securityRequestWrapper, URLPatternMatcher uRLPatternMatcher) throws Exception {
        String matchableURL = securityRequestWrapper.getMatchableURL();
        return uRLPatternMatcher.match(matchableURL, this.loginPagePattern) || uRLPatternMatcher.match(matchableURL, this.errorPagePattern) || matchesLogoutPattern(matchableURL, uRLPatternMatcher);
    }

    private String stripQueryString(String str) {
        int indexOf;
        if (str != null && (indexOf = str.indexOf(63)) != -1) {
            str = str.substring(0, indexOf);
        }
        return str;
    }

    private boolean matchesLogoutPattern(String str, URLPatternMatcher uRLPatternMatcher) throws Exception {
        if (this.logoutPagePattern != null) {
            return uRLPatternMatcher.match(str, this.logoutPagePattern);
        }
        return false;
    }
}
