package br.gov.frameworkdemoiselle.security;

import br.gov.frameworkdemoiselle.util.Beans;
import br.gov.frameworkdemoiselle.util.Strings;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:br/gov/frameworkdemoiselle/security/AbstractHTTPAuthorizationFilter.class */
public abstract class AbstractHTTPAuthorizationFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        RESTSecurityConfig rESTSecurityConfig = (RESTSecurityConfig) Beans.getReference(RESTSecurityConfig.class);
        if (!(servletRequest instanceof HttpServletRequest) || !isActive(rESTSecurityConfig) || !isSupported(getAuthHeader((HttpServletRequest) servletRequest))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            performLogin((HttpServletRequest) servletRequest);
            filterChain.doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
            performLogout();
        } catch (InvalidCredentialsException e) {
            setUnauthorizedStatus((HttpServletResponse) servletResponse, e);
        }
    }

    private String getAuthHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        return header == null ? httpServletRequest.getHeader("authorization") : header;
    }

    protected abstract boolean isSupported(String str);

    protected abstract boolean isActive(RESTSecurityConfig rESTSecurityConfig);

    protected abstract void prepareForLogin();

    private void performLogin(HttpServletRequest httpServletRequest) {
        prepareForLogin();
        ((SecurityContext) Beans.getReference(SecurityContext.class)).login();
    }

    protected abstract void prepareForLogout();

    private void performLogout() {
        if (((SecurityContext) Beans.getReference(SecurityContext.class)).isLoggedIn()) {
            prepareForLogout();
            ((SecurityContext) Beans.getReference(SecurityContext.class)).logout();
        }
    }

    private void setUnauthorizedStatus(HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.getWriter().write(authenticationException.getMessage());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String extractCredentials(String str, String str2) throws InvalidCredentialsException {
        String str3 = null;
        if (!Strings.isEmpty(str) && !Strings.isEmpty(str2)) {
            Matcher matcher = Pattern.compile("^" + str + "[ \\n]+(.+)$").matcher(str2);
            if (matcher.matches()) {
                str3 = matcher.group(1);
            }
        }
        return str3;
    }
}
