package org.forgerock.openam.notifications;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.common.configuration.AgentConfiguration;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.forgerock.guice.core.InjectorHolder;
import org.forgerock.openam.authentication.service.AuthUtilsWrapper;
import org.forgerock.openam.core.CoreWrapper;
import org.forgerock.openam.rest.SSOTokenFactory;

/* loaded from: input_file:org/forgerock/openam/notifications/NotificationsWebSocketFilter.class */
public final class NotificationsWebSocketFilter implements Filter {
    private SSOTokenFactory tokenFactory;
    private AuthUtilsWrapper authUtilsWrapper;
    private CoreWrapper coreWrapper;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.tokenFactory = (SSOTokenFactory) InjectorHolder.getInstance(SSOTokenFactory.class);
        this.authUtilsWrapper = (AuthUtilsWrapper) InjectorHolder.getInstance(AuthUtilsWrapper.class);
        this.coreWrapper = (CoreWrapper) InjectorHolder.getInstance(CoreWrapper.class);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SSOToken tokenFromId;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader(this.authUtilsWrapper.getCookieName());
        if (!StringUtils.isNotEmpty(header) || (tokenFromId = this.tokenFactory.getTokenFromId(header)) == null) {
            httpServletResponse.setStatus(401);
            return;
        }
        try {
            AMIdentity identity = this.coreWrapper.getIdentity(tokenFromId);
            if (isJ2eeAgent(identity) || isWebAgent(identity)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.setStatus(403);
            }
        } catch (SSOException | IdRepoException e) {
            httpServletResponse.setStatus(401);
        }
    }

    public void destroy() {
    }

    private boolean isJ2eeAgent(AMIdentity aMIdentity) throws IdRepoException, SSOException {
        return "J2EEAgent".equalsIgnoreCase(AgentConfiguration.getAgentType(aMIdentity));
    }

    private boolean isWebAgent(AMIdentity aMIdentity) throws IdRepoException, SSOException {
        return "WebAgent".equalsIgnoreCase(AgentConfiguration.getAgentType(aMIdentity));
    }
}
