package org.sakaiproject.util;

import java.io.IOException;
import java.security.MessageDigest;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.api.UserNotDefinedException;
import org.sakaiproject.user.cover.UserDirectoryService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sakaiproject/util/TrustedLoginFilter.class */
public class TrustedLoginFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(TrustedLoginFilter.class);
    private SessionManager sessionManager;
    private String sharedSecret;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("X-SAKAI-TOKEN");
        if (header == null) {
            header = httpServletRequest.getParameter("t");
        }
        Session session = null;
        Session session2 = null;
        String decodeToken = decodeToken(header);
        if (decodeToken != null) {
            session = this.sessionManager.getCurrentSession();
            if (!decodeToken.equals(session.getUserEid())) {
                session2 = this.sessionManager.startSession();
                try {
                    User userByEid = UserDirectoryService.getUserByEid(decodeToken);
                    session2.setUserEid(userByEid.getEid());
                    session2.setUserId(userByEid.getId());
                    session2.setActive();
                } catch (UserNotDefinedException e) {
                    log.error(e.getMessage(), e);
                }
                this.sessionManager.setCurrentSession(session2);
            }
        }
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            if (session2 != null) {
                if (session != null) {
                    this.sessionManager.setCurrentSession(session);
                }
                session2.invalidate();
            }
        } catch (Throwable th) {
            if (session2 != null) {
                if (session != null) {
                    this.sessionManager.setCurrentSession(session);
                }
                session2.invalidate();
            }
            throw th;
        }
    }

    protected String decodeToken(String str) {
        try {
            int indexOf = str.indexOf(";");
            if (indexOf <= 0) {
                return null;
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            if (substring.equals(byteArrayToHexStr(MessageDigest.getInstance("SHA1").digest((this.sharedSecret + ";" + substring2).getBytes("UTF-8"))))) {
                return substring2.substring(0, substring2.indexOf(";"));
            }
            return null;
        } catch (Exception e) {
            log.warn("Failed to decode token " + str + "  :" + e.getMessage());
            return null;
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.sessionManager = org.sakaiproject.tool.cover.SessionManager.getInstance();
        this.sharedSecret = filterConfig.getInitParameter("shared.secret");
    }

    protected String byteArrayToHexStr(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            byte b = bArr[i];
            int i2 = (b & 240) >> 4;
            int i3 = b & 15;
            cArr[2 * i] = (char) (i2 < 10 ? 48 + i2 : (65 + i2) - 10);
            cArr[(2 * i) + 1] = (char) (i3 < 10 ? 48 + i3 : (65 + i3) - 10);
        }
        return new String(cArr);
    }

    protected void setSharedSecret(String str) {
        this.sharedSecret = str;
    }
}
