package org.n52.security.service.web.authn;

import java.util.Collections;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.servlet.http.HttpSession;
import org.n52.security.authentication.AuthenticationService;
import org.n52.security.common.subject.SubjectPrincipalAnalyzer;
import org.n52.security.service.web.WebContext;
import org.n52.security.service.web.WebSecurityProcessingContext;
import org.n52.security.service.web.WebSecurityProcessor;
import org.n52.security.service.web.WebSecurityProcessorChain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/web/authn/LogoutWebSecurityProcessor.class */
public class LogoutWebSecurityProcessor implements WebSecurityProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(LogoutWebSecurityProcessor.class);
    private AuthenticationService m_authenticationService;
    private boolean m_invalidateHTTPSession = true;
    private Iterable<Pattern> m_usernamePatterns = Collections.emptyList();

    @Override // org.n52.security.service.web.WebSecurityProcessor
    public void processSecure(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext, WebSecurityProcessorChain webSecurityProcessorChain) {
        checkAuthenticationState(webSecurityProcessingContext, webContext);
        try {
            webSecurityProcessorChain.performAccessControl(webContext);
            checkAuthenticationState(webSecurityProcessingContext, webContext);
        } catch (Throwable th) {
            checkAuthenticationState(webSecurityProcessingContext, webContext);
            throw th;
        }
    }

    private void checkAuthenticationState(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        if (isMatchingUser(webSecurityProcessingContext)) {
            performLogout(webSecurityProcessingContext, webContext);
        }
    }

    private void performLogout(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        HttpSession session;
        HttpSession session2;
        try {
            LOG.debug("logout user: {}", webSecurityProcessingContext.getSubject());
            if (this.m_authenticationService != null) {
                this.m_authenticationService.logout(webSecurityProcessingContext.getAuthenticationContext());
            }
            webSecurityProcessingContext.setAuthenticationContext(null);
            if (!this.m_invalidateHTTPSession || (session2 = webContext.getRequest().getSession(false)) == null) {
                return;
            }
            try {
                session2.invalidate();
            } catch (Exception e) {
                LOG.warn("http session invalidate failed: " + e, e);
            }
        } catch (Throwable th) {
            webSecurityProcessingContext.setAuthenticationContext(null);
            if (this.m_invalidateHTTPSession && (session = webContext.getRequest().getSession(false)) != null) {
                try {
                    session.invalidate();
                } catch (Exception e2) {
                    LOG.warn("http session invalidate failed: " + e2, e2);
                }
            }
            throw th;
        }
    }

    private boolean isMatchingUser(WebSecurityProcessingContext webSecurityProcessingContext) {
        if (!webSecurityProcessingContext.isAuthenticated()) {
            return false;
        }
        if (!this.m_usernamePatterns.iterator().hasNext()) {
            return true;
        }
        String username = new SubjectPrincipalAnalyzer(webSecurityProcessingContext.getSubject()).getUsername();
        Iterator<Pattern> it = this.m_usernamePatterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(username).matches()) {
                return true;
            }
        }
        return false;
    }

    public AuthenticationService getAuthenticationService() {
        return this.m_authenticationService;
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.m_authenticationService = authenticationService;
    }

    public boolean isInvalidateHTTPSession() {
        return this.m_invalidateHTTPSession;
    }

    public void setInvalidateHTTPSession(boolean z) {
        this.m_invalidateHTTPSession = z;
    }

    public Iterable<Pattern> getUsernamePatterns() {
        return this.m_usernamePatterns;
    }

    public void setUsernamePatterns(Iterable<Pattern> iterable) {
        this.m_usernamePatterns = iterable;
    }
}
