package org.geoserver.security.filter;

import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.batik.constants.XMLConstants;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.HttpDigestUserDetailsServiceWrapper;
import org.geoserver.security.config.DigestAuthenticationFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.DigestAuthUtils;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.25.3-georchestra.jar:org/geoserver/security/filter/GeoServerDigestAuthenticationFilter.class */
public class GeoServerDigestAuthenticationFilter extends GeoServerCompositeFilter implements AuthenticationCachingFilter, GeoServerAuthenticationFilter {
    private DigestAuthenticationEntryPoint aep;

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = (DigestAuthenticationFilterConfig) securityNamedServiceConfig;
        this.aep = new DigestAuthenticationEntryPoint();
        this.aep.setKey(securityNamedServiceConfig.getName());
        this.aep.setNonceValiditySeconds(digestAuthenticationFilterConfig.getNonceValiditySeconds() <= 0 ? 300 : digestAuthenticationFilterConfig.getNonceValiditySeconds());
        this.aep.setRealmName(GeoServerSecurityManager.REALM);
        try {
            this.aep.afterPropertiesSet();
            DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
            digestAuthenticationFilter.setCreateAuthenticatedToken(true);
            digestAuthenticationFilter.setPasswordAlreadyEncoded(true);
            digestAuthenticationFilter.setAuthenticationEntryPoint(this.aep);
            digestAuthenticationFilter.setUserDetailsService(new HttpDigestUserDetailsServiceWrapper(getSecurityManager().loadUserGroupService(digestAuthenticationFilterConfig.getUserGroupServiceName()), Charset.defaultCharset()));
            digestAuthenticationFilter.afterPropertiesSet();
            getNestedFilters().add(digestAuthenticationFilter);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Override // org.geoserver.security.filter.GeoServerCompositeFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, this.aep);
        Integer valueOf = Integer.valueOf(this.aep.getNonceValiditySeconds());
        servletRequest.setAttribute(GeoServerCompositeFilter.CACHE_KEY_IDLE_SECS, valueOf);
        servletRequest.setAttribute(GeoServerCompositeFilter.CACHE_KEY_LIVE_SECS, valueOf);
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService
    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.aep;
    }

    @Override // org.geoserver.security.filter.AuthenticationCachingFilter
    public String getCacheKey(HttpServletRequest httpServletRequest) {
        String header;
        if (httpServletRequest.getSession(false) != null || (header = httpServletRequest.getHeader("Authorization")) == null || !header.startsWith("Digest ")) {
            return null;
        }
        Map<String, String> splitEachArrayElementAndCreateMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(DigestAuthUtils.splitIgnoringQuotes(header.substring(7), ','), XMLConstants.XML_EQUAL_SIGN, "\"");
        String str = splitEachArrayElementAndCreateMap.get("username");
        String str2 = splitEachArrayElementAndCreateMap.get("realm");
        String str3 = splitEachArrayElementAndCreateMap.get("nonce");
        String str4 = splitEachArrayElementAndCreateMap.get("response");
        if (!StringUtils.hasLength(str) || !StringUtils.hasLength(str2) || !StringUtils.hasLength(str3) || !StringUtils.hasLength(str4) || "root".equals(str)) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str).append(":");
        stringBuffer.append(str2).append(":");
        stringBuffer.append(str3).append(":");
        stringBuffer.append(str4);
        return stringBuffer.toString();
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForHtml() {
        return true;
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForServices() {
        return true;
    }
}
