package org.kuali.rice.kew.web;

import java.io.IOException;
import java.util.Collections;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.MDC;
import org.kuali.rice.core.api.config.property.ConfigurationService;
import org.kuali.rice.core.api.exception.RiceRuntimeException;
import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader;
import org.kuali.rice.coreservice.framework.CoreFrameworkServiceLocator;
import org.kuali.rice.coreservice.framework.parameter.ParameterService;
import org.kuali.rice.kew.api.KewApiConstants;
import org.kuali.rice.kim.api.KimConstants;
import org.kuali.rice.kim.api.identity.AuthenticationService;
import org.kuali.rice.kim.api.identity.IdentityService;
import org.kuali.rice.kim.api.identity.principal.Principal;
import org.kuali.rice.kim.api.permission.PermissionService;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;
import org.kuali.rice.krad.UserSession;
import org.kuali.rice.krad.exception.AuthenticationException;
import org.kuali.rice.krad.service.KRADServiceLocator;
import org.kuali.rice.krad.util.KRADConstants;
import org.kuali.rice.krad.util.KRADUtils;

/* loaded from: input_file:WEB-INF/lib/rice-impl-2.2.5.jar:org/kuali/rice/kew/web/UserLoginFilter.class */
public class UserLoginFilter implements Filter {
    private static final String MDC_USER = "user";
    private IdentityService identityService;
    private PermissionService permissionService;
    private ConfigurationService kualiConfigurationService;
    private ParameterService parameterService;
    private FilterConfig filterConfig;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            establishUserSession(httpServletRequest);
            establishSessionCookie(httpServletRequest, httpServletResponse);
            establishBackdoorUser(httpServletRequest);
            addToMDC(httpServletRequest);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            removeFromMDC();
        } catch (Throwable th) {
            removeFromMDC();
            throw th;
        }
    }

    public void destroy() {
        this.filterConfig = null;
    }

    private void establishUserSession(HttpServletRequest httpServletRequest) {
        if (isUserSessionEstablished(httpServletRequest)) {
            return;
        }
        String principalName = ((AuthenticationService) GlobalResourceLoader.getResourceLoader().getService(new QName("kimAuthenticationService"))).getPrincipalName(httpServletRequest);
        if (StringUtils.isBlank(principalName)) {
            throw new AuthenticationException("Blank User from AuthenticationService - This should never happen.");
        }
        Principal principalByPrincipalName = getIdentityService().getPrincipalByPrincipalName(principalName);
        if (principalByPrincipalName == null) {
            throw new AuthenticationException("Unknown User: " + principalName);
        }
        if (!isAuthorizedToLogin(principalByPrincipalName.getPrincipalId())) {
            throw new AuthenticationException("You cannot log in, because you are not an active Kuali user.\nPlease ask someone to activate your account if you need to use Kuali Systems.\nThe user id provided was: " + principalName + ".\n");
        }
        UserSession userSession = new UserSession(principalName);
        if (userSession.getPerson() == null) {
            throw new AuthenticationException("Invalid User: " + principalName);
        }
        httpServletRequest.getSession().setAttribute("UserSession", userSession);
    }

    private boolean isAuthorizedToLogin(String str) {
        return getPermissionService().isAuthorized(str, "KUALI", KimConstants.PermissionNames.LOG_IN, Collections.singletonMap("principalId", str));
    }

    private void establishSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String kualiSessionId = getKualiSessionId(httpServletRequest.getCookies());
        if (kualiSessionId == null) {
            kualiSessionId = UUID.randomUUID().toString();
            httpServletResponse.addCookie(new Cookie(KRADConstants.KUALI_SESSION_ID, kualiSessionId));
        }
        KRADUtils.getUserSessionFromRequest(httpServletRequest).setKualiSessionId(kualiSessionId);
    }

    private String getKualiSessionId(Cookie[] cookieArr) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (KRADConstants.KUALI_SESSION_ID.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private void establishBackdoorUser(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("backdoorId");
        if (StringUtils.isNotBlank(parameter) && !getKualiConfigurationService().getPropertyValueAsString("production.environment.code").equalsIgnoreCase(getKualiConfigurationService().getPropertyValueAsString("environment")) && getParameterService().getParameterValueAsBoolean("KR-WKFLW", KRADConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KewApiConstants.SHOW_BACK_DOOR_LOGIN_IND).booleanValue()) {
            try {
                KRADUtils.getUserSessionFromRequest(httpServletRequest).setBackdoorUser(parameter);
            } catch (RiceRuntimeException e) {
            }
        }
    }

    private void addToMDC(HttpServletRequest httpServletRequest) {
        MDC.put("user", KRADUtils.getUserSessionFromRequest(httpServletRequest).getPrincipalName());
    }

    private void removeFromMDC() {
        MDC.remove("user");
    }

    private boolean isUserSessionEstablished(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession().getAttribute("UserSession") != null;
    }

    private IdentityService getIdentityService() {
        if (this.identityService == null) {
            this.identityService = KimApiServiceLocator.getIdentityService();
        }
        return this.identityService;
    }

    private PermissionService getPermissionService() {
        if (this.permissionService == null) {
            this.permissionService = KimApiServiceLocator.getPermissionService();
        }
        return this.permissionService;
    }

    private ConfigurationService getKualiConfigurationService() {
        if (this.kualiConfigurationService == null) {
            this.kualiConfigurationService = KRADServiceLocator.getKualiConfigurationService();
        }
        return this.kualiConfigurationService;
    }

    private ParameterService getParameterService() {
        if (this.parameterService == null) {
            this.parameterService = CoreFrameworkServiceLocator.getParameterService();
        }
        return this.parameterService;
    }
}
