package ru.curs.showcase.security.spnego;

import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sourceforge.spnego.SpnegoAuthenticator;
import net.sourceforge.spnego.SpnegoHttpFilter;
import net.sourceforge.spnego.SpnegoHttpServletResponse;
import net.sourceforge.spnego.SpnegoPrincipal;
import org.custommonkey.xmlunit.XMLConstants;
import org.eclipse.jetty.util.security.Constraint;
import org.ietf.jgss.GSSException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.testng.xml.XmlSuite;
import ru.curs.showcase.app.api.UserInfo;
import ru.curs.showcase.runtime.UserDataUtils;
import ru.curs.showcase.security.AuthFailureHandler;
import ru.curs.showcase.util.UserAndSessionDetails;

/* loaded from: input_file:WEB-INF/classes/ru/curs/showcase/security/spnego/SpnegoAuthenticationProcessingFilter.class */
public class SpnegoAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    private final String pathPref;
    private SpnegoAuthenticator authenticator;

    protected SpnegoAuthenticationProcessingFilter() {
        super("/spnego");
        this.pathPref = "WEB-INF" + File.separator + XmlSuite.PARALLEL_CLASSES + File.separator;
        setAuthenticationFailureHandler(new AuthFailureHandler(Constraint.__SPNEGO_AUTH));
    }

    private void init() throws Exception {
        String str = getServletContext().getRealPath("/") + this.pathPref;
        Properties generalSpnegoProperties = UserDataUtils.getGeneralSpnegoProperties();
        if (generalSpnegoProperties == null) {
            throw new Exception("Spnego properties not found in app.properties");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(UserDataUtils.SPNEGO_LOGGER_LEVEL, generalSpnegoProperties.getProperty(UserDataUtils.SPNEGO_LOGGER_LEVEL, "6"));
        hashMap.put("spnego.allow.basic", generalSpnegoProperties.getProperty("spnego.allow.basic", "true"));
        hashMap.put(SpnegoHttpFilter.Constants.ALLOW_DELEGATION, "false");
        hashMap.put(SpnegoHttpFilter.Constants.ALLOW_LOCALHOST, "false");
        hashMap.put(SpnegoHttpFilter.Constants.ALLOW_UNSEC_BASIC, "true");
        hashMap.put(SpnegoHttpFilter.Constants.CLIENT_MODULE, "spnego-client");
        hashMap.put(SpnegoHttpFilter.Constants.SERVER_MODULE, "spnego-server");
        hashMap.put(SpnegoHttpFilter.Constants.KRB5_CONF, str + "krb5.conf");
        hashMap.put(SpnegoHttpFilter.Constants.LOGIN_CONF, str + "login.conf");
        hashMap.put("spnego.preauth.username", generalSpnegoProperties.getProperty("spnego.preauth.username"));
        hashMap.put("spnego.preauth.password", generalSpnegoProperties.getProperty("spnego.preauth.password"));
        hashMap.put(SpnegoHttpFilter.Constants.PROMPT_NTLM, "true");
        this.authenticator = new SpnegoAuthenticator(hashMap);
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SpnegoHttpServletResponse spnegoHttpServletResponse = new SpnegoHttpServletResponse(httpServletResponse);
        try {
            if (this.authenticator == null) {
                try {
                    init();
                } catch (Exception e) {
                    failure(httpServletRequest, spnegoHttpServletResponse, "Pre-authenticate is failure.", e);
                    return null;
                }
            }
            try {
                SpnegoPrincipal authenticate = this.authenticator.authenticate(httpServletRequest, spnegoHttpServletResponse);
                if (spnegoHttpServletResponse.isStatusSet()) {
                    return null;
                }
                if (authenticate == null) {
                    failure(httpServletRequest, spnegoHttpServletResponse, "Authenticate is failure.", new AuthenticationException("Principal was null.") { // from class: ru.curs.showcase.security.spnego.SpnegoAuthenticationProcessingFilter.1
                        private static final long serialVersionUID = 1;
                    });
                    return null;
                }
                SpnegoAuthenticationToken spnegoAuthenticationToken = new SpnegoAuthenticationToken(authenticate);
                spnegoAuthenticationToken.setAuthenticated(true);
                UserAndSessionDetails userAndSessionDetails = new UserAndSessionDetails(httpServletRequest);
                userAndSessionDetails.setUserInfo(new UserInfo(authenticate.getName(), (String) null, authenticate.getName().split(XMLConstants.XPATH_ATTRIBUTE_IDENTIFIER, 2)[0], (String) null, (String) null, (String) null));
                spnegoAuthenticationToken.setDetails(userAndSessionDetails);
                return spnegoAuthenticationToken;
            } catch (GSSException e2) {
                throw new ServletException((Throwable) e2);
            }
        } catch (Exception e3) {
            failure(httpServletRequest, spnegoHttpServletResponse, "Authenticate is failure.", e3);
            return null;
        }
    }

    private void failure(HttpServletRequest httpServletRequest, SpnegoHttpServletResponse spnegoHttpServletResponse, String str, Exception exc) throws IOException, ServletException {
        AuthenticationException authenticationException;
        if (getFailureHandler() == null) {
            spnegoHttpServletResponse.setStatus(500, true);
            return;
        }
        if (exc == null || !(exc instanceof AuthenticationException)) {
            authenticationException = new AuthenticationException(str + (exc != null ? " Detail: " + exc.getMessage() : ""), exc) { // from class: ru.curs.showcase.security.spnego.SpnegoAuthenticationProcessingFilter.2
                private static final long serialVersionUID = 1;
            };
        } else {
            authenticationException = (AuthenticationException) exc;
        }
        getFailureHandler().onAuthenticationFailure(httpServletRequest, spnegoHttpServletResponse, authenticationException);
    }
}
