package io.vertigo.vega.impl.servlet.filter;

import io.vertigo.account.security.UserSession;
import io.vertigo.account.security.VSecurityManager;
import io.vertigo.core.lang.Tuple;
import io.vertigo.core.node.Node;
import io.vertigo.vega.webservice.exception.SessionException;
import java.io.IOException;
import java.util.Optional;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:io/vertigo/vega/impl/servlet/filter/SecurityFilter.class */
public final class SecurityFilter extends AbstractFilter {
    private static final String USER_SESSION = "io.vertigo.Session";
    private static final String NO_AUTHENTIFICATION_PATTERN_PARAM_NAME = "url-no-authentification";
    private static final String DELEGATE_AUTHENTICATION_HANDLER_PARAM_NAME = "delegate-authentication-handler-component";
    private Optional<DelegateAuthenticationFilterHandler> authenticationHandlerOpt;
    private VSecurityManager securityManager;
    private Optional<Pattern> noAuthentificationPattern;

    @Override // io.vertigo.vega.impl.servlet.filter.AbstractFilter
    public void doInit() {
        this.securityManager = (VSecurityManager) Node.getNode().getComponentSpace().resolve(VSecurityManager.class);
        this.noAuthentificationPattern = parsePattern(getFilterConfig().getInitParameter(NO_AUTHENTIFICATION_PATTERN_PARAM_NAME));
        this.authenticationHandlerOpt = Optional.ofNullable(getFilterConfig().getInitParameter(DELEGATE_AUTHENTICATION_HANDLER_PARAM_NAME)).map(str -> {
            return (DelegateAuthenticationFilterHandler) Node.getNode().getComponentSpace().resolve(str, DelegateAuthenticationFilterHandler.class);
        });
    }

    @Override // io.vertigo.vega.impl.servlet.filter.AbstractFilter
    public void doMyFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doSecurityFilter(!isUrlMatch(servletRequest, this.noAuthentificationPattern), (HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doSecurityFilter(boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z2 = httpServletRequest.getSession(false) != null;
        UserSession obtainUserSession = obtainUserSession(httpServletRequest);
        try {
            this.securityManager.startCurrentUserSession(obtainUserSession);
            bindUser(httpServletRequest, obtainUserSession);
            if (!z || obtainUserSession.isAuthenticated()) {
                if (this.authenticationHandlerOpt.isPresent()) {
                    DelegateAuthenticationFilterHandler delegateAuthenticationFilterHandler = this.authenticationHandlerOpt.get();
                    try {
                        Tuple<Boolean, HttpServletRequest> doBeforeChain = delegateAuthenticationFilterHandler.doBeforeChain(httpServletRequest, httpServletResponse);
                        if (((Boolean) doBeforeChain.getVal1()).booleanValue()) {
                            this.securityManager.stopCurrentUserSession();
                        } else {
                            filterChain.doFilter((ServletRequest) doBeforeChain.getVal2(), httpServletResponse);
                            delegateAuthenticationFilterHandler.doAfterChain((HttpServletRequest) doBeforeChain.getVal2(), httpServletResponse);
                            delegateAuthenticationFilterHandler.doFinally(httpServletRequest, httpServletResponse);
                        }
                    } finally {
                        delegateAuthenticationFilterHandler.doFinally(httpServletRequest, httpServletResponse);
                    }
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            } else {
                if (!z2) {
                    httpServletResponse.sendError(401, "Session Expired");
                    httpServletRequest.setAttribute("SessionExpired", true);
                    throw new ServletException(new SessionException("Session Expired"));
                }
                httpServletResponse.sendError(401);
            }
        } finally {
            this.securityManager.stopCurrentUserSession();
        }
    }

    private static void bindUser(HttpServletRequest httpServletRequest, UserSession userSession) {
        HttpSession session = httpServletRequest.getSession(true);
        Object attribute = session.getAttribute(USER_SESSION);
        if (attribute == null || !attribute.equals(userSession)) {
            session.setAttribute(USER_SESSION, userSession);
        }
    }

    private UserSession obtainUserSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        UserSession userSession = getUserSession(session);
        if (userSession == null) {
            userSession = this.securityManager.createUserSession();
            if (session != null) {
                session.setAttribute(USER_SESSION, userSession);
            }
        }
        return userSession;
    }

    private static UserSession getUserSession(HttpSession httpSession) {
        if (httpSession == null) {
            return null;
        }
        return (UserSession) httpSession.getAttribute(USER_SESSION);
    }
}
