package org.geoserver.security.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.config.BasicAuthenticationFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.password.GeoServerPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/* loaded from: input_file:org/geoserver/security/filter/GeoServerBasicAuthenticationFilter.class */
public class GeoServerBasicAuthenticationFilter extends GeoServerCompositeFilter implements AuthenticationCachingFilter, GeoServerAuthenticationFilter {
    private BasicAuthenticationEntryPoint aep;
    private MessageDigest digest;

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        try {
            this.digest = MessageDigest.getInstance("MD5");
            this.aep = new BasicAuthenticationEntryPoint();
            this.aep.setRealmName(GeoServerSecurityManager.REALM);
            try {
                this.aep.afterPropertiesSet();
                BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(getSecurityManager().authenticationManager(), this.aep);
                if (((BasicAuthenticationFilterConfig) securityNamedServiceConfig).isUseRememberMe()) {
                    basicAuthenticationFilter.setRememberMeServices(this.securityManager.getRememberMeService());
                    basicAuthenticationFilter.setAuthenticationDetailsSource(new GeoServerWebAuthenticationDetailsSource());
                }
                basicAuthenticationFilter.afterPropertiesSet();
                getNestedFilters().add(basicAuthenticationFilter);
            } catch (Exception e) {
                throw new IOException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("No MD5 algorithm available!");
        }
    }

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService
    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.aep;
    }

    @Override // org.geoserver.security.filter.GeoServerCompositeFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, this.aep);
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    @Override // org.geoserver.security.filter.AuthenticationCachingFilter
    public String getCacheKey(HttpServletRequest httpServletRequest) {
        String header;
        if (httpServletRequest.getSession(false) != null || (header = httpServletRequest.getHeader("Authorization")) == null || !header.startsWith("Basic ")) {
            return null;
        }
        try {
            String str = new String(Base64.getDecoder().decode(header.substring(6).getBytes("UTF-8")));
            int indexOf = str.indexOf(GeoServerPasswordEncoder.PREFIX_DELIMTER);
            if (indexOf == -1) {
                return null;
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            if (GeoServerUser.ROOT_USERNAME.equals(substring)) {
                return null;
            }
            StringBuffer stringBuffer = new StringBuffer(substring2);
            stringBuffer.append(GeoServerPasswordEncoder.PREFIX_DELIMTER);
            stringBuffer.append(getName());
            try {
                String str2 = new String(Hex.encode(((MessageDigest) this.digest.clone()).digest(stringBuffer.toString().getBytes("utf-8"))));
                StringBuffer stringBuffer2 = new StringBuffer(substring);
                stringBuffer2.append(GeoServerPasswordEncoder.PREFIX_DELIMTER);
                stringBuffer2.append(str2);
                return stringBuffer2.toString();
            } catch (UnsupportedEncodingException | CloneNotSupportedException e) {
                throw new RuntimeException(e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForHtml() {
        return true;
    }

    @Override // org.geoserver.security.filter.GeoServerAuthenticationFilter
    public boolean applicableForServices() {
        return true;
    }
}
