package org.apache.ranger.security.web.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.ranger.biz.SessionMgr;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.HTTPUtil;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RequestContext;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.security.context.RangerContextHolder;
import org.apache.ranger.security.context.RangerSecurityContext;
import org.apache.ranger.util.RestUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.class */
public class RangerSecurityContextFormationFilter extends GenericFilterBean {
    public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT";
    public static final String USER_AGENT = "User-Agent";

    @Autowired
    SessionMgr sessionMgr;

    @Autowired
    HTTPUtil httpUtil;

    @Autowired
    XUserMgr xUserMgr;

    @Autowired
    GUIDUtil guidUtil;
    String testIP;

    public RangerSecurityContextFormationFilter() {
        this.testIP = null;
        this.testIP = PropertiesUtil.getProperty("xa.env.ip");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (!(SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken)) {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                HttpSession session = httpServletRequest.getSession(false);
                RangerSecurityContext rangerSecurityContext = null;
                if (session != null) {
                    rangerSecurityContext = (RangerSecurityContext) session.getAttribute(AKA_SC_SESSION_KEY);
                }
                if (rangerSecurityContext == null) {
                    rangerSecurityContext = new RangerSecurityContext();
                    session.setAttribute(AKA_SC_SESSION_KEY, rangerSecurityContext);
                }
                String header = httpServletRequest.getHeader("User-Agent");
                int intValue = RestUtil.getTimeOffset(httpServletRequest).intValue();
                RequestContext requestContext = new RequestContext();
                String str = this.testIP;
                if (this.testIP == null) {
                    str = httpServletRequest.getRemoteAddr();
                }
                requestContext.setIpAddress(str);
                requestContext.setUserAgent(header);
                requestContext.setDeviceType(this.httpUtil.getDeviceType(httpServletRequest));
                requestContext.setServerRequestId(this.guidUtil.genGUID());
                requestContext.setRequestURL(httpServletRequest.getRequestURI());
                requestContext.setClientTimeOffsetInMinute(intValue);
                rangerSecurityContext.setRequestContext(requestContext);
                RangerContextHolder.setSecurityContext(rangerSecurityContext);
                UserSessionBase processSuccessLogin = this.sessionMgr.processSuccessLogin(1, header, httpServletRequest);
                if (processSuccessLogin != null) {
                    Object attribute = servletRequest.getAttribute("ssoEnabled");
                    processSuccessLogin.setSSOEnabled(Boolean.valueOf(attribute != null ? Boolean.valueOf(String.valueOf(attribute)).booleanValue() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false)));
                    if (processSuccessLogin.getClientTimeOffsetInMinute() == 0) {
                        processSuccessLogin.setClientTimeOffsetInMinute(intValue);
                    }
                }
                rangerSecurityContext.setUserSession(processSuccessLogin);
            }
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setHeader("X-Frame-Options", "DENY");
            httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
            httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
            httpServletResponse.setHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline';font-src 'self'");
            filterChain.doFilter(servletRequest, httpServletResponse);
        } finally {
            RangerContextHolder.resetSecurityContext();
        }
    }
}
