package org.acegisecurity.ui.x509;

import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.event.authentication.InteractiveAuthenticationSuccessEvent;
import org.acegisecurity.providers.x509.X509AuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/acegi-security-1.0.2.jar:org/acegisecurity/ui/x509/X509ProcessingFilter.class */
public class X509ProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware {
    private static final Log logger;
    private ApplicationEventPublisher eventPublisher;
    private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
    private AuthenticationManager authenticationManager;
    static Class class$org$acegisecurity$ui$x509$X509ProcessingFilter;

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager must be set");
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Checking secure context token: ").append(SecurityContextHolder.getContext().getAuthentication()).toString());
        }
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            try {
                X509AuthenticationToken x509AuthenticationToken = new X509AuthenticationToken(extractClientCertificate(httpServletRequest));
                x509AuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails((HttpServletRequest) servletRequest));
                successfulAuthentication(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(x509AuthenticationToken));
            } catch (AuthenticationException e) {
                unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private X509Certificate extractClientCertificate(HttpServletRequest httpServletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            return x509CertificateArr[0];
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("No client certificate found in request.");
        return null;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Authentication success: ").append(authentication).toString());
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authentication, getClass()));
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        SecurityContextHolder.getContext().setAuthentication(null);
        if (logger.isDebugEnabled()) {
            logger.debug("Updated SecurityContextHolder to contain null Authentication");
        }
        httpServletRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationException);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$ui$x509$X509ProcessingFilter == null) {
            cls = class$("org.acegisecurity.ui.x509.X509ProcessingFilter");
            class$org$acegisecurity$ui$x509$X509ProcessingFilter = cls;
        } else {
            cls = class$org$acegisecurity$ui$x509$X509ProcessingFilter;
        }
        logger = LogFactory.getLog(cls);
    }
}
