package org.pentaho.platform.web.http.filters;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.Callable;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;

/* loaded from: input_file:org/pentaho/platform/web/http/filters/ProxyTrustingFilter.class */
public class ProxyTrustingFilter implements Filter {
    FilterConfig filterConfig;
    private static final String DefaultParameterName = "_TRUST_USER_";
    private String requestParameterName;
    private String headerName;
    private static final Log logger = LogFactory.getLog(ProxyTrustingFilter.class);
    String[] trustedIpAddrs = null;
    private boolean checkHeader = true;
    private Map<String, Pattern> ipPatterns = new HashMap();

    public Log getLogger() {
        return logger;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        this.trustedIpAddrs = null;
        String initParameter = this.filterConfig.getInitParameter("TrustedIpAddrs");
        if (initParameter != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter, ",");
            ArrayList arrayList = new ArrayList();
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (trim.length() > 0) {
                    arrayList.add(trim);
                }
            }
            if (arrayList.size() > 0) {
                this.trustedIpAddrs = (String[]) arrayList.toArray(new String[0]);
            }
        }
        String initParameter2 = this.filterConfig.getInitParameter("CheckHeader");
        if (!isEmpty(initParameter2)) {
            this.checkHeader = initParameter2.equalsIgnoreCase("true");
        }
        String initParameter3 = this.filterConfig.getInitParameter("RequestParameterName");
        if (isEmpty(initParameter3)) {
            this.requestParameterName = DefaultParameterName;
        } else {
            this.requestParameterName = initParameter3;
        }
        String initParameter4 = this.filterConfig.getInitParameter("HeaderName");
        if (isEmpty(initParameter4)) {
            this.headerName = DefaultParameterName;
        } else {
            this.headerName = initParameter4;
        }
    }

    boolean isTrusted(String str) {
        if (this.trustedIpAddrs == null) {
            return false;
        }
        for (String str2 : this.trustedIpAddrs) {
            if (str2.equals(str)) {
                return true;
            }
            Pattern pattern = this.ipPatterns.get(str2);
            if (pattern == null) {
                try {
                    pattern = Pattern.compile(str2);
                    this.ipPatterns.put(str2, pattern);
                } catch (PatternSyntaxException e) {
                }
            }
            if (pattern.matcher(str).find()) {
                return true;
            }
        }
        return false;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.trustedIpAddrs != null && (servletRequest instanceof HttpServletRequest)) {
            final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (isTrusted(httpServletRequest.getRemoteAddr())) {
                String trustUser = getTrustUser(httpServletRequest);
                if (!isEmpty(trustUser)) {
                    try {
                        SecurityHelper.getInstance().runAsUser(trustUser, new Callable<Void>() { // from class: org.pentaho.platform.web.http.filters.ProxyTrustingFilter.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.util.concurrent.Callable
                            public Void call() throws Exception {
                                HttpSession session = httpServletRequest.getSession();
                                session.setAttribute("pentaho-session-context", PentahoSessionHolder.getSession());
                                SecurityContext securityContext = new SecurityContext() { // from class: org.pentaho.platform.web.http.filters.ProxyTrustingFilter.1.1
                                    private static final long serialVersionUID = 1;
                                    private Authentication authentication;

                                    public Authentication getAuthentication() {
                                        return this.authentication;
                                    }

                                    public void setAuthentication(Authentication authentication) {
                                        this.authentication = authentication;
                                    }
                                };
                                securityContext.setAuthentication(SecurityContextHolder.getContext().getAuthentication());
                                session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
                                return null;
                            }
                        });
                    } catch (Exception e) {
                        throw new ServletException(e);
                    }
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public static void main(String[] strArr) {
    }

    protected String getHeaderName() {
        return this.headerName;
    }

    protected String getParameterName() {
        return this.requestParameterName;
    }

    protected boolean checkHeader() {
        return this.checkHeader;
    }

    protected String getTrustUser(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(getParameterName());
        if (checkHeader() && isEmpty(parameter)) {
            parameter = httpServletRequest.getHeader(normalizeHeaderName(getHeaderName()));
        }
        return parameter;
    }

    public boolean isEmpty(String str) {
        return str == null || str.length() == 0;
    }

    protected String normalizeHeaderName(String str) {
        String lowerCase = str.toLowerCase();
        return Character.toUpperCase(lowerCase.charAt(0)) + lowerCase.substring(1);
    }
}
