package at.gv.util.filter.moaid;

import at.gv.util.MiscUtil;
import at.gv.util.ToStringUtil;
import at.gv.util.WebAppUtil;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.ArrayList;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateFormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/util/filter/moaid/MOAIDAuthenticationFilter.class */
public class MOAIDAuthenticationFilter implements Filter {
    public static final String USER_AUTH_DATA_ID = "AnyAuthDataObject:authenticatedUser";
    public static final String WEB_XML_INIT_PARAM_LOGIN_PAGE = "loginPage";
    public static final String WEB_XML_INIT_PARAM_ENABLED = "enabled";
    public static final String WEB_XML_INIT_PARAM_ERROR_PAGE = "errorPage";
    public static final String WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE = "authenticatedPage";
    public static final String WEB_XML_INIT_PARAM_SESSION_LOST_PAGE = "sessionLostPage";
    public static final String WEB_XML_INIT_PARAM_ALLOWED_LIST = "allowedList";
    public static final String WEB_XML_INIT_PARAM_ALLOWED_REGEX = "allowed";
    private static final String WEB_XML_INIT_PARAM_EXCLUDED_PAGES_DELIMITER = ",";
    public static final String STORED_REQUEST_URL_ID = String.class.getName() + ":storedRequestURL";
    private static String loginPage = null;
    private static String errorPage = null;
    private static String authenticatedPage = null;
    private static String sessionLostPage = null;
    private static String[] excludedPages = null;
    private static Pattern excludedRegEx = null;
    private final Logger log = LoggerFactory.getLogger(MOAIDAuthenticationFilter.class);
    private boolean enabled = true;
    private boolean loginPageForward = true;
    private HttpServletRequest servletRequest = null;

    public void destroy() {
        this.log.trace("Shutting down " + getClass().getName() + "...");
    }

    public static String getErrorPage() {
        return errorPage;
    }

    public static String getAuthenticatedPage() {
        return authenticatedPage;
    }

    public static String getLoginPage() {
        return loginPage;
    }

    public static String getSessionLostPage() {
        return sessionLostPage;
    }

    public HttpServletRequest getHttpServletRequest() {
        return this.servletRequest;
    }

    private boolean isExcluded(String str) {
        boolean z = false;
        if (MiscUtil.isNotEmpty(excludedPages)) {
            String[] strArr = excludedPages;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (StringUtils.upperCase(str).endsWith(StringUtils.upperCase(strArr[i]))) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (excludedRegEx != null && !z && excludedRegEx.matcher(str).matches()) {
            z = true;
        }
        this.log.debug("URL \"" + str + "\" is " + (z ? ToStringUtil.DEFAULT_AROUND : "NOT ") + "excluded from filter.");
        return z;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.enabled) {
            this.log.debug("Applying " + getClass().getSimpleName() + "...");
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            this.servletRequest = httpServletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            HttpSession session = httpServletRequest.getSession();
            this.log.debug("Using session " + session.getId() + ", created at " + DateFormatUtils.ISO_DATETIME_TIME_ZONE_FORMAT.format(session.getCreationTime()) + ".");
            Object attribute = session.getAttribute(USER_AUTH_DATA_ID);
            String requestURLWithParameters = WebAppUtil.getRequestURLWithParameters(httpServletRequest, true);
            this.log.trace("Request URL: " + requestURLWithParameters);
            if (attribute == null && !isExcluded(requestURLWithParameters)) {
                Object provideDummyAuthenticationData = provideDummyAuthenticationData();
                if (provideDummyAuthenticationData == null) {
                    if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
                        this.log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (this.loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\".");
                    } else {
                        this.log.debug("Unable to find authentication data. Storing request url and " + (this.loginPageForward ? "forwarding" : "redirecting") + " to login page \"" + loginPage + "\".");
                        session.setAttribute(STORED_REQUEST_URL_ID, requestURLWithParameters);
                    }
                    String str = loginPage;
                    if (loginPage.startsWith(MiscUtil.DEFAULT_SLASH) && !loginPage.startsWith("//")) {
                        str = httpServletRequest.getContextPath() + loginPage;
                    }
                    if (this.loginPageForward) {
                        servletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
                        return;
                    } else {
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
                        return;
                    }
                }
                this.log.warn("Unable to find regular authentication data but dummy authentication data is provided.");
                this.log.debug("Authentication data = " + provideDummyAuthenticationData.toString());
                this.log.warn("Putting dummy authentication data into session.");
                session.setAttribute(USER_AUTH_DATA_ID, provideDummyAuthenticationData);
                if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
                    if (this.loginPageForward) {
                        this.log.debug("Authenticated page is set. Forwarding to \"" + getAuthenticatedPage() + "\".");
                        servletRequest.getRequestDispatcher(getAuthenticatedPage()).forward(httpServletRequest, httpServletResponse);
                        return;
                    } else {
                        this.log.debug("Authenticated page is set. Redirecting to \"" + getAuthenticatedPage() + "\".");
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getAuthenticatedPage()));
                        return;
                    }
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.log.debug("Starting init of " + getClass().getName() + ".");
        this.enabled = BooleanUtils.isNotFalse(BooleanUtils.toBooleanObject(StringUtils.trimToNull(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ENABLED))));
        loginPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_LOGIN_PAGE));
        if (MiscUtil.isEmpty(loginPage)) {
            throw new ServletException("ServletInitParameter \"loginPage\" must not be empty.");
        }
        this.loginPageForward = false;
        errorPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ERROR_PAGE));
        if (MiscUtil.isEmpty(errorPage)) {
            throw new ServletException("ServletInitParameter \"errorPage\" must not be empty.");
        }
        sessionLostPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_SESSION_LOST_PAGE));
        if (MiscUtil.isEmpty(sessionLostPage)) {
            this.log.warn("ServletInitParameter \"sessionLostPage\" is empty. This parameter defines a failsafe url the browser is redirected to if the original url has been lost due to session timeout.");
        }
        authenticatedPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE));
        if (MiscUtil.isEmpty(authenticatedPage)) {
            this.log.debug("ServletInitParameter \"authenticatedPage\" is empty. This parameter defines the url the user is redirected to (instead of the original url) on successful authentication.");
        }
        String initParameter = filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_LIST);
        ArrayList arrayList = new ArrayList();
        if (MiscUtil.isNotEmpty(initParameter)) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = StringUtils.trim(stringTokenizer.nextToken());
                if (MiscUtil.isNotEmpty(trim)) {
                    arrayList.add(trim);
                }
            }
        }
        arrayList.add(loginPage);
        arrayList.add(errorPage);
        excludedPages = new String[arrayList.size()];
        excludedPages = (String[]) arrayList.toArray(excludedPages);
        String trim2 = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_REGEX));
        if (MiscUtil.isNotEmpty(trim2)) {
            excludedRegEx = Pattern.compile(trim2);
        }
        if (this.enabled) {
            this.log.debug("enabled = \"" + this.enabled + "\"");
        } else {
            this.log.info(getClass().getName() + " is DISABLED");
        }
        this.log.debug("loginPage [" + (this.loginPageForward ? "forward" : "redirect") + "] = \"" + loginPage + "\"");
        this.log.debug("authenticatedPage = \"" + (MiscUtil.isNotEmpty(authenticatedPage) ? authenticatedPage : "<n/a>") + "\"");
        this.log.debug("errorPage = \"" + errorPage + "\"");
        this.log.debug("sessionLostPage = \"" + (MiscUtil.isNotEmpty(sessionLostPage) ? sessionLostPage : "<n/a>") + "\"");
        this.log.debug("allowedList = " + ToStringUtil.toString(excludedPages, ToStringUtil.DEFAULT_DELIMITER, "\""));
        this.log.debug("allowed = \"" + (excludedRegEx != null ? excludedRegEx.pattern() : "<n/a>") + "\"");
    }

    public Object provideDummyAuthenticationData() {
        return null;
    }
}
