package com.force.sdk.oauth;

import com.force.sdk.connector.ForceConnectorConfig;
import com.force.sdk.connector.ForceServiceConnector;
import com.force.sdk.oauth.connector.ForceOAuthConnectionInfo;
import com.force.sdk.oauth.connector.ForceOAuthConnector;
import com.force.sdk.oauth.context.ForceSecurityContextHolder;
import com.force.sdk.oauth.context.SecurityContext;
import com.force.sdk.oauth.context.SecurityContextService;
import com.force.sdk.oauth.context.SecurityContextServiceImpl;
import com.force.sdk.oauth.context.store.ForceEncryptionException;
import com.force.sdk.oauth.context.store.SecurityContextCookieStore;
import com.force.sdk.oauth.context.store.SecurityContextSessionStore;
import com.force.sdk.oauth.exception.ForceOAuthSessionExpirationException;
import com.force.sdk.oauth.userdata.CustomUserDataRetrievalService;
import com.force.sdk.oauth.userdata.CustomUserDataRetriever;
import com.force.sdk.oauth.userdata.UserDataRetrievalService;
import com.sforce.ws.ConnectionException;
import com.sforce.ws.ConnectorConfig;
import com.sforce.ws.SessionRenewer;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/force/sdk/oauth/AuthFilter.class */
public class AuthFilter implements Filter, SessionRenewer {
    static final String FILTER_ALREADY_VISITED = "__force_auth_filter_already_visited";
    static final String SECURITY_AUTH_SUBJECT = "javax.security.auth.subject";
    static final String SECURITY_CONFIG_NAME = "ForceLogin";
    static final String DEFAULT_USER_PROFILE = "myProfile";
    static final String CONTEXT_STORE_SESSION_VALUE = "session";
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthFilter.class);
    private ForceOAuthConnector oauthConnector;
    private SecurityContextService securityContextService = null;
    private boolean logoutFromDatabaseCom = true;
    private String logoutUrl = "";

    /* loaded from: input_file:com/force/sdk/oauth/AuthFilter$AuthenticatedRequestWrapper.class */
    private static final class AuthenticatedRequestWrapper extends HttpServletRequestWrapper {
        private final ForceUserPrincipal userP;
        private final ForceRolePrincipal roleP;

        public AuthenticatedRequestWrapper(HttpServletRequest httpServletRequest, SecurityContext securityContext) {
            super(httpServletRequest);
            this.userP = new ForceUserPrincipal(securityContext.getUserName(), securityContext.getSessionId());
            this.roleP = new ForceRolePrincipal(securityContext.getRole());
        }

        public String getRemoteUser() {
            return this.userP != null ? this.userP.getName() : super.getRemoteUser();
        }

        public Principal getUserPrincipal() {
            return this.userP != null ? this.userP : super.getUserPrincipal();
        }

        public boolean isUserInRole(String str) {
            return this.roleP != null ? this.roleP.getName().endsWith(str) : super.isUserInRole(str);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v59, types: [com.force.sdk.oauth.userdata.UserDataRetrievalService] */
    public void init(FilterConfig filterConfig) throws ServletException {
        SecurityContextServiceImpl securityContextServiceImpl = new SecurityContextServiceImpl();
        String initParameter = filterConfig.getInitParameter("customDataRetriever");
        boolean z = true;
        if ("false".equals(filterConfig.getInitParameter("storeUsername"))) {
            z = false;
        }
        CustomUserDataRetrievalService customUserDataRetrievalService = null;
        if (initParameter != null) {
            try {
                Object newInstance = Class.forName(initParameter).newInstance();
                if (newInstance instanceof CustomUserDataRetriever) {
                    customUserDataRetrievalService = new CustomUserDataRetrievalService((CustomUserDataRetriever) newInstance, z);
                }
            } catch (ClassNotFoundException e) {
                throw new ServletException("Custom user data retriever class not found: " + initParameter, e);
            } catch (IllegalAccessException e2) {
                throw new ServletException("Custom user data retriever class could not be instantiated: " + initParameter, e2);
            } catch (InstantiationException e3) {
                throw new ServletException("Custom user data retriever class could not be instantiated: " + initParameter, e3);
            }
        } else {
            customUserDataRetrievalService = new UserDataRetrievalService(z);
        }
        securityContextServiceImpl.setUserDataRetrievalService(customUserDataRetrievalService);
        this.oauthConnector = new ForceOAuthConnector(customUserDataRetrievalService);
        if (filterConfig.getInitParameter("endpoint") != null) {
            ForceOAuthConnectionInfo forceOAuthConnectionInfo = new ForceOAuthConnectionInfo();
            forceOAuthConnectionInfo.setEndpoint(filterConfig.getInitParameter("endpoint"));
            forceOAuthConnectionInfo.setOauthKey(filterConfig.getInitParameter("oauthKey"));
            forceOAuthConnectionInfo.setOauthSecret(filterConfig.getInitParameter("oauthSecret"));
            this.oauthConnector.setConnectionInfo(forceOAuthConnectionInfo);
        } else if (filterConfig.getInitParameter("url") != null) {
            ForceOAuthConnectionInfo forceOAuthConnectionInfo2 = new ForceOAuthConnectionInfo();
            forceOAuthConnectionInfo2.setConnectionUrl(filterConfig.getInitParameter("url"));
            this.oauthConnector.setConnectionInfo(forceOAuthConnectionInfo2);
        } else {
            if (filterConfig.getInitParameter("connectionName") == null) {
                throw new IllegalArgumentException("Could not find any init state for AuthFilter. Please specify an endpoint, oauthKey and oauthSecret or a connection url or a connection name.");
            }
            this.oauthConnector.setConnectionName(filterConfig.getInitParameter("connectionName"));
        }
        if (CONTEXT_STORE_SESSION_VALUE.equals(filterConfig.getInitParameter("securityContextStorageMethod"))) {
            securityContextServiceImpl.setSecurityContextStorageService(new SecurityContextSessionStore());
        } else {
            SecurityContextCookieStore securityContextCookieStore = new SecurityContextCookieStore();
            try {
                securityContextCookieStore.setKeyFileName(filterConfig.getInitParameter("secure-key-file"));
                securityContextServiceImpl.setSecurityContextStorageService(securityContextCookieStore);
            } catch (ForceEncryptionException e4) {
                throw new ServletException(e4);
            }
        }
        this.securityContextService = securityContextServiceImpl;
        if ("false".equalsIgnoreCase(filterConfig.getInitParameter("logoutFromDatabaseDotCom"))) {
            this.logoutFromDatabaseCom = false;
        }
        this.logoutUrl = filterConfig.getInitParameter("logoutUrl");
        if (this.logoutUrl == null || "".equals(this.logoutUrl)) {
            this.logoutUrl = "/logout";
        }
    }

    /* JADX WARN: Finally extract failed */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getAttribute(FILTER_ALREADY_VISITED) != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        SecurityContext securityContext = null;
        if (!ForceOAuthConnector.REDIRECT_AUTH_URI.equals(httpServletRequest.getServletPath())) {
            securityContext = this.securityContextService.getSecurityContextFromSession(httpServletRequest);
        }
        if (isLogoutUrl(httpServletRequest)) {
            if (securityContext != null) {
                logout(httpServletRequest, httpServletResponse, securityContext, filterChain);
                return;
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (securityContext == null) {
            doOAuthLogin(httpServletRequest, httpServletResponse);
            return;
        }
        this.securityContextService.setSecurityContextToSession(httpServletRequest, httpServletResponse, securityContext);
        ForceSecurityContextHolder.set(securityContext);
        ForceConnectorConfig forceConnectorConfig = new ForceConnectorConfig();
        forceConnectorConfig.setSessionId(securityContext.getSessionId());
        forceConnectorConfig.setServiceEndpoint(securityContext.getEndPoint());
        forceConnectorConfig.setSessionRenewer(this);
        try {
            try {
                ForceServiceConnector.setThreadLocalConnectorConfig(forceConnectorConfig);
                httpServletRequest.setAttribute(FILTER_ALREADY_VISITED, Boolean.TRUE);
                filterChain.doFilter(new AuthenticatedRequestWrapper(httpServletRequest, securityContext), httpServletResponse);
                try {
                    httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
                    ForceSecurityContextHolder.release();
                    ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                } catch (Throwable th) {
                    ForceSecurityContextHolder.release();
                    ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                    throw th;
                }
            } catch (Throwable th2) {
                try {
                    httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
                    ForceSecurityContextHolder.release();
                    ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                    throw th2;
                } catch (Throwable th3) {
                    ForceSecurityContextHolder.release();
                    ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                    throw th3;
                }
            }
        } catch (ForceOAuthSessionExpirationException e) {
            doOAuthLogin(httpServletRequest, httpServletResponse);
            try {
                httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
                ForceSecurityContextHolder.release();
                ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
            } catch (Throwable th4) {
                ForceSecurityContextHolder.release();
                ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                throw th4;
            }
        } catch (SecurityException e2) {
            httpServletResponse.sendError(403, httpServletRequest.getRequestURI());
            try {
                httpServletRequest.removeAttribute(FILTER_ALREADY_VISITED);
                ForceSecurityContextHolder.release();
                ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
            } catch (Throwable th5) {
                ForceSecurityContextHolder.release();
                ForceServiceConnector.setThreadLocalConnectorConfig((ForceConnectorConfig) null);
                throw th5;
            }
        }
    }

    private void doOAuthLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!ForceOAuthConnector.REDIRECT_AUTH_URI.equals(httpServletRequest.getServletPath())) {
            httpServletResponse.sendRedirect(this.oauthConnector.getLoginRedirectUrl(httpServletRequest));
        } else {
            this.securityContextService.setSecurityContextToSession(httpServletRequest, httpServletResponse, this.oauthConnector.getAccessToken(this.oauthConnector.getAccessCode(httpServletRequest), this.oauthConnector.getRedirectUri(httpServletRequest)));
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(httpServletRequest.getParameter("state")));
        }
    }

    public void destroy() {
    }

    public SecurityContextService getSecurityContextService() {
        return this.securityContextService;
    }

    public SessionRenewer.SessionRenewalHeader renewSession(ConnectorConfig connectorConfig) throws ConnectionException {
        throw new ForceOAuthSessionExpirationException();
    }

    private void logout(ServletRequest servletRequest, ServletResponse servletResponse, SecurityContext securityContext, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ForceConnectorConfig forceConnectorConfig = new ForceConnectorConfig();
        try {
            forceConnectorConfig.setServiceEndpoint(securityContext.getEndPoint());
            forceConnectorConfig.setSessionId(securityContext.getSessionId());
            forceConnectorConfig.setSessionRenewer(this);
            ForceServiceConnector forceServiceConnector = new ForceServiceConnector();
            forceServiceConnector.setConnectorConfig(forceConnectorConfig);
            forceServiceConnector.getConnection().logout();
        } catch (ConnectionException e) {
            LOGGER.warn("Error logging out through API: ", e.getMessage());
            LOGGER.debug("Error logging out through API: ", e);
        }
        ForceSecurityContextHolder.release();
        this.securityContextService.clearSecurityContext(httpServletRequest, httpServletResponse);
        if (this.logoutFromDatabaseCom) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getForceDotComLogoutUrl(httpServletRequest, securityContext, null)));
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isLogoutUrl(HttpServletRequest httpServletRequest) {
        return (this.logoutUrl == null || "".equals(this.logoutUrl) || !this.logoutUrl.equals(httpServletRequest.getServletPath())) ? false : true;
    }

    private String getForceDotComLogoutUrl(HttpServletRequest httpServletRequest, SecurityContext securityContext, String str) {
        return this.oauthConnector.getForceLogoutUrl(httpServletRequest, securityContext.getEndPoint(), str);
    }
}
