package com.zimbra.cs.servlet;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.service.authenticator.SSOAuthenticator;
import com.zimbra.cs.service.authenticator.SpnegoAuthenticator;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.security.SpnegoUserRealm;

/* loaded from: input_file:com/zimbra/cs/servlet/SpnegoFilter.class */
public class SpnegoFilter implements Filter {
    private static final String PARAM_PASS_THRU_ON_FAILURE_URI = "passThruOnFailureUri";
    private URI passThruOnFailureUri = null;
    private SpnegoUserRealm spnegoUserRealm = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(PARAM_PASS_THRU_ON_FAILURE_URI);
        if (initParameter != null) {
            try {
                this.passThruOnFailureUri = new URI(initParameter);
            } catch (URISyntaxException e) {
                throw new ServletException("Malformed URI: " + initParameter, e);
            }
        }
        this.spnegoUserRealm = getSpnegoUserRealm(filterConfig);
    }

    public void destroy() {
    }

    /* JADX WARN: Type inference failed for: r11v1, types: [com.zimbra.cs.service.authenticator.SSOAuthenticator$SSOAuthenticatorServiceException, java.lang.Throwable] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            try {
                authenticate(httpServletRequest, httpServletResponse);
                filterChain.doFilter(servletRequest, servletResponse);
            } catch (SSOAuthenticator.SSOAuthenticatorServiceException e) {
                if (!SSOAuthenticator.SSOAuthenticatorServiceException.SENT_CHALLENGE.equals(e.getCode())) {
                    throw e;
                }
            }
        } catch (ServiceException e2) {
            ZimbraServlet.addRemoteIpToLoggingContext(httpServletRequest);
            ZimbraServlet.addUAToLoggingContext(httpServletRequest);
            if (e2 instanceof AccountServiceException.AuthFailedServiceException) {
                AccountServiceException.AuthFailedServiceException authFailedServiceException = (AccountServiceException.AuthFailedServiceException) e2;
                ZimbraLog.account.info("spnego auth failed: " + authFailedServiceException.getMessage() + authFailedServiceException.getReason(", %s"));
            } else {
                ZimbraLog.account.info("spnego auth failed: " + e2.getMessage());
            }
            ZimbraLog.account.debug("spnego auth failed", e2);
            ZimbraLog.clearContext();
            if (passThruOnAuthFailure(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                httpServletResponse.sendError(403, e2.getMessage());
            }
        }
    }

    private boolean passThruOnAuthFailure(HttpServletRequest httpServletRequest) {
        if (this.passThruOnFailureUri == null) {
            return false;
        }
        try {
            return this.passThruOnFailureUri.equals(new URI(httpServletRequest.getRequestURI()));
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException {
        if (this.spnegoUserRealm == null) {
            throw ServiceException.FAILURE("no spnego user realm", (Throwable) null);
        }
        new SpnegoAuthenticator(httpServletRequest, httpServletResponse, this.spnegoUserRealm).authenticate();
    }

    private SpnegoUserRealm getSpnegoUserRealm(FilterConfig filterConfig) {
        SpnegoUserRealm[] userRealms;
        ContextHandler.SContext servletContext = filterConfig.getServletContext();
        if (!(servletContext instanceof ContextHandler.SContext) || (userRealms = servletContext.getContextHandler().getServer().getUserRealms()) == null) {
            return null;
        }
        for (SpnegoUserRealm spnegoUserRealm : userRealms) {
            String name = spnegoUserRealm.getName();
            if (spnegoUserRealm instanceof SpnegoUserRealm) {
                ZimbraLog.account.debug("Found spnego user realm: [" + name + "]");
                return spnegoUserRealm;
            }
        }
        return null;
    }
}
