package org.apache.aries.jax.rs.shiro.authc.impl;

import java.io.IOException;
import java.util.Date;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PreMatching
/* loaded from: input_file:org/apache/aries/jax/rs/shiro/authc/impl/SecurityManagerAssociatingFilter.class */
public class SecurityManagerAssociatingFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private static final Logger _LOG = LoggerFactory.getLogger(SecurityManagerAssociatingFilter.class);
    private final SecurityManager manager;

    public SecurityManagerAssociatingFilter(SecurityManager securityManager) {
        this.manager = securityManager;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        _LOG.debug("Establishing Shiro Security Context");
        ThreadContext.bind(this.manager);
        Cookie cookie = (Cookie) containerRequestContext.getCookies().get(ShiroAuthenticationFeature.SESSION_COOKIE_NAME);
        if (cookie != null) {
            _LOG.debug("Found a Shiro Security Context cookie: {}. Establishing user context", cookie);
            _LOG.debug("Establishing user context:");
            Subject buildSubject = new Subject.Builder(this.manager).sessionId(cookie.getValue()).buildSubject();
            ThreadContext.bind(buildSubject);
            if (_LOG.isDebugEnabled()) {
                _LOG.debug("Established user context for: {}", buildSubject.getPrincipal());
            }
        }
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if ("security/authenticate".equals(uriInfo.getPath())) {
            containerRequestContext.abortWith(authenticate(uriInfo, containerRequestContext.getHeaderString("user"), containerRequestContext.getHeaderString("password")));
        } else if ("security/logout".equals(uriInfo.getPath())) {
            logout();
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        _LOG.debug("Cleaning up the Shiro Security Context");
        Subject subject = ThreadContext.getSubject();
        ThreadContext.unbindSecurityManager();
        ThreadContext.unbindSubject();
        if (subject == null || subject.isAuthenticated() || ((Cookie) containerRequestContext.getCookies().get(ShiroAuthenticationFeature.SESSION_COOKIE_NAME)) == null) {
            return;
        }
        _LOG.debug("The subject associated with this request is not authenticated, removing the session cookie");
        containerResponseContext.getHeaders().add("Set-Cookie", getDeletionCookie(containerRequestContext));
    }

    private NewCookie getDeletionCookie(ContainerRequestContext containerRequestContext) {
        return new NewCookie(ShiroAuthenticationFeature.SESSION_COOKIE_NAME, "deleteMe", containerRequestContext.getUriInfo().getBaseUri().getPath(), (String) null, -1, (String) null, -1, (Date) null, false, true);
    }

    private Response authenticate(UriInfo uriInfo, String str, String str2) {
        Response.ResponseBuilder status;
        _LOG.debug("Received a login request for user {}", str);
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            _LOG.debug("The login request for user {} was already authenticated as user {}", str, subject.getPrincipal());
            status = Response.status(Response.Status.CONFLICT);
        } else {
            _LOG.debug("Authenticating user {}", str);
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, str2);
            usernamePasswordToken.setRememberMe(true);
            subject.login(usernamePasswordToken);
            status = Response.ok().cookie(new NewCookie[]{new NewCookie(ShiroAuthenticationFeature.SESSION_COOKIE_NAME, subject.getSession().getId().toString(), uriInfo.getBaseUri().getPath(), (String) null, -1, (String) null, -1, (Date) null, false, true)});
        }
        return status.build();
    }

    private void logout() {
        _LOG.debug("Received a logout request");
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            _LOG.debug("Logging out user {}", subject.getPrincipal());
            subject.logout();
        }
    }
}
