package org.broadleafcommerce.profile.web.core.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.broadleafcommerce.profile.core.domain.Customer;
import org.broadleafcommerce.profile.core.service.CustomerService;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.core.Ordered;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component("blCustomerStateFilter")
/* loaded from: input_file:org/broadleafcommerce/profile/web/core/security/CustomerStateFilter.class */
public class CustomerStateFilter extends GenericFilterBean implements ApplicationEventPublisherAware, Ordered {
    protected final Log logger = LogFactory.getLog(getClass());
    public static final String BLC_RULE_MAP_PARAM = "blRuleMap";

    @Resource(name = "blCustomerService")
    protected CustomerService customerService;
    private ApplicationEventPublisher eventPublisher;
    private static String customerRequestAttributeName = "customer";
    public static final String ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME = "_blc_anonymousCustomer";
    private static final String LAST_PUBLISHED_EVENT_SESSION_ATTRIBUTED_NAME = "_blc_lastPublishedEvent";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Customer customer = null;
        if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
            String name = httpServletRequest.getUserPrincipal().getName();
            customer = (Customer) httpServletRequest.getAttribute(customerRequestAttributeName);
            if (name != null && (customer == null || !name.equals(customer.getUsername()))) {
                customer = this.customerService.readCustomerByUsername(name);
                if (this.logger.isDebugEnabled() && customer != null) {
                    this.logger.debug("Customer found by username " + name);
                }
            }
            if (customer != null) {
                ApplicationEvent applicationEvent = (ApplicationEvent) httpServletRequest.getSession(true).getAttribute(LAST_PUBLISHED_EVENT_SESSION_ATTRIBUTED_NAME);
                if (authentication instanceof RememberMeAuthenticationToken) {
                    customer.setCookied(true);
                    boolean z = true;
                    if (applicationEvent != null && (applicationEvent instanceof CustomerAuthenticatedFromCookieEvent) && name.equals(((CustomerAuthenticatedFromCookieEvent) applicationEvent).getCustomer().getUsername())) {
                        z = false;
                    }
                    if (z) {
                        CustomerAuthenticatedFromCookieEvent customerAuthenticatedFromCookieEvent = new CustomerAuthenticatedFromCookieEvent(customer, getClass().getName());
                        this.eventPublisher.publishEvent(customerAuthenticatedFromCookieEvent);
                        httpServletRequest.getSession().setAttribute(LAST_PUBLISHED_EVENT_SESSION_ATTRIBUTED_NAME, customerAuthenticatedFromCookieEvent);
                    }
                } else if (authentication instanceof UsernamePasswordAuthenticationToken) {
                    customer.setLoggedIn(true);
                    boolean z2 = true;
                    if (applicationEvent != null && (applicationEvent instanceof CustomerLoggedInEvent) && name.equals(((CustomerLoggedInEvent) applicationEvent).getCustomer().getUsername())) {
                        z2 = false;
                    }
                    if (z2) {
                        CustomerLoggedInEvent customerLoggedInEvent = new CustomerLoggedInEvent(customer, getClass().getName());
                        this.eventPublisher.publishEvent(customerLoggedInEvent);
                        httpServletRequest.getSession().setAttribute(LAST_PUBLISHED_EVENT_SESSION_ATTRIBUTED_NAME, customerLoggedInEvent);
                    }
                } else {
                    customer = null;
                }
            }
        }
        if (customer == null) {
            customer = (Customer) httpServletRequest.getSession(true).getAttribute(ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME);
            if (customer == null) {
                customer = this.customerService.createCustomerFromId((Long) null);
                customer.setAnonymous(true);
                httpServletRequest.getSession().setAttribute(ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME, customer);
            }
        }
        httpServletRequest.setAttribute(customerRequestAttributeName, customer);
        Map map = (Map) httpServletRequest.getAttribute(BLC_RULE_MAP_PARAM);
        if (map == null) {
            map = new HashMap();
        }
        map.put("customer", customer);
        httpServletRequest.setAttribute(BLC_RULE_MAP_PARAM, map);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public int getOrder() {
        return 1501;
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public static String getCustomerRequestAttributeName() {
        return customerRequestAttributeName;
    }

    public static void setCustomerRequestAttributeName(String str) {
        customerRequestAttributeName = str;
    }
}
