package org.geoserver.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.filter.GeoServerSecurityFilter;
import org.geotools.util.logging.Logging;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.25.3-georchestra.jar:org/geoserver/security/GeoServerSecurityFilterChainProxy.class */
public class GeoServerSecurityFilterChainProxy implements SecurityManagerListener, ApplicationContextAware, InitializingBean, Filter {
    static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    static ThreadLocal<HttpServletRequest> REQUEST = new ThreadLocal<>();
    public static final String SECURITY_ENABLED_ATTRIBUTE = "org.geoserver.security.enabled";
    private boolean chainsInitialized;
    GeoServerSecurityManager securityManager;
    FilterChainProxy proxy;
    ApplicationContext appContext;

    public GeoServerSecurityFilterChainProxy(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
        this.securityManager.addListener(this);
        this.chainsInitialized = false;
    }

    public static boolean isSecurityEnabledForCurrentRequest() {
        return REQUEST.get() == null || Boolean.TRUE.equals(REQUEST.get().getAttribute(SECURITY_ENABLED_ATTRIBUTE));
    }

    @Override // org.springframework.context.ApplicationContextAware
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.appContext = applicationContext;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        if (this.proxy != null) {
            this.proxy.init(filterConfig);
        } else {
            LOGGER.warning("init() called but proxy not yet configured");
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setAttribute(SECURITY_ENABLED_ATTRIBUTE, Boolean.FALSE);
        REQUEST.set((HttpServletRequest) servletRequest);
        try {
            this.proxy.doFilter(servletRequest, servletResponse, filterChain);
            REQUEST.remove();
        } catch (Throwable th) {
            REQUEST.remove();
            throw th;
        }
    }

    @Override // org.geoserver.security.SecurityManagerListener
    public void handlePostChanged(GeoServerSecurityManager geoServerSecurityManager) {
        createFilterChain();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        createFilterChain();
    }

    void createFilterChain() {
        Filter lookupFilter;
        if (this.securityManager.isInitialized()) {
            GeoServerSecurityFilterChain geoServerSecurityFilterChain = new GeoServerSecurityFilterChain(this.securityManager.getSecurityConfig().getFilterChain());
            geoServerSecurityFilterChain.postConfigure(this.securityManager);
            ArrayList arrayList = new ArrayList();
            loop0: for (RequestFilterChain requestFilterChain : geoServerSecurityFilterChain.getRequestChains()) {
                GeoServerRequestMatcher matcherForChain = matcherForChain(requestFilterChain);
                ArrayList arrayList2 = new ArrayList();
                for (String str : requestFilterChain.getCompiledFilterNames()) {
                    try {
                        lookupFilter = lookupFilter(str);
                    } catch (Exception e) {
                        LOGGER.log(Level.SEVERE, "Error loading filter: " + str, (Throwable) e);
                    }
                    if (lookupFilter == null) {
                        throw new NullPointerException("No filter named " + str + " could be found");
                        break loop0;
                    }
                    arrayList2.add(lookupFilter);
                }
                arrayList.add(new DefaultSecurityFilterChain(matcherForChain, arrayList2));
            }
            synchronized (this) {
                if (this.chainsInitialized) {
                    Iterator<SecurityFilterChain> it2 = this.proxy.getFilterChains().iterator();
                    while (it2.hasNext()) {
                        Iterator<Filter> it3 = it2.next().getFilters().iterator();
                        while (it3.hasNext()) {
                            it3.next().destroy();
                        }
                    }
                }
                this.securityManager.getAuthenticationCache().removeAll();
                this.proxy = new FilterChainProxy(arrayList);
                this.proxy.setFirewall(new GeoServerHttpFirewall());
                this.proxy.afterPropertiesSet();
                this.chainsInitialized = true;
            }
        }
    }

    public GeoServerRequestMatcher matcherForChain(RequestFilterChain requestFilterChain) {
        Set<HTTPMethod> httpMethods = requestFilterChain.getHttpMethods();
        if (!requestFilterChain.isMatchHTTPMethod()) {
            httpMethods = null;
        }
        List<String> patterns = requestFilterChain.getPatterns();
        if (patterns == null) {
            return new GeoServerRequestMatcher(httpMethods, (RequestMatcher[]) null);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it2 = patterns.iterator();
        while (it2.hasNext()) {
            for (String str : it2.next().split(",")) {
                arrayList.add(str);
            }
        }
        RequestMatcher[] requestMatcherArr = new RequestMatcher[arrayList.size()];
        for (int i = 0; i < requestMatcherArr.length; i++) {
            requestMatcherArr[i] = new IncludeQueryStringAntPathRequestMatcher((String) arrayList.get(i));
        }
        return new GeoServerRequestMatcher(httpMethods, requestMatcherArr);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [javax.servlet.Filter] */
    public Filter lookupFilter(String str) throws IOException {
        GeoServerSecurityFilter loadFilter = this.securityManager.loadFilter(str);
        if (loadFilter == null) {
            try {
                Object bean = GeoServerExtensions.bean(str, this.appContext);
                if (bean != null && (bean instanceof Filter)) {
                    loadFilter = (Filter) bean;
                }
            } catch (NoSuchBeanDefinitionException e) {
            }
        }
        return loadFilter;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.proxy.destroy();
        this.securityManager.removeListener(this);
    }

    public List<SecurityFilterChain> getFilterChains() {
        return this.proxy.getFilterChains();
    }
}
