package org.craftercms.studio.impl.v1.web.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.security.SecurityProvider;
import org.craftercms.studio.api.v1.util.StudioConfiguration;
import org.craftercms.studio.impl.v1.util.SessionTokenUtils;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/craftercms/studio/impl/v1/web/filter/StudioSecurityFilter.class */
public class StudioSecurityFilter extends GenericFilterBean {
    private static final String STUDIO_SESSION_TOKEN_ATRIBUTE = "studioSessionToken";
    private static final Logger logger = LoggerFactory.getLogger(StudioSecurityFilter.class);
    protected SecurityProvider securityProvider;
    protected StudioConfiguration studioConfiguration;
    protected PathMatcher pathMatcher = new AntPathMatcher();

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (getExceptionUrls().contains(HttpUtils.getRequestUriWithoutContextPath(httpServletRequest))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (checkSessionTimeout(httpServletRequest, httpServletResponse)) {
            this.securityProvider.logout();
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/");
        } else if (includeRequest(httpServletRequest) || !excludeRequest(httpServletRequest)) {
            doFilterInternal(httpServletRequest, httpServletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    protected boolean checkSessionTimeout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.getRequestURI().contains("/validate-session.json")) {
            return false;
        }
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute("studioSessionToken");
        String currentUser = this.securityProvider.getCurrentUser();
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(currentUser)) {
            return false;
        }
        if (!StringUtils.isNotEmpty(str) || !StringUtils.isNotEmpty(currentUser) || !SessionTokenUtils.validateToken(str, currentUser)) {
            return true;
        }
        session.setAttribute("studioSessionToken", SessionTokenUtils.createToken(currentUser, getSessionTimeout()));
        return false;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            try {
                String currentToken = this.securityProvider.getCurrentToken();
                if (StringUtils.isEmpty(this.securityProvider.getCurrentUser()) || StringUtils.isEmpty(currentToken) || StringUtils.equals(currentToken, "NOTICKET")) {
                    httpServletResponse.sendError(401);
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            } catch (Exception e) {
                throw new ServletException(e.getMessage(), e);
            }
        } catch (IOException | ServletException | RuntimeException e2) {
            throw e2;
        }
    }

    protected boolean excludeRequest(HttpServletRequest httpServletRequest) {
        if (!CollectionUtils.isNotEmpty(getUrlsToExclude())) {
            return false;
        }
        Iterator<String> it = getUrlsToExclude().iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.match(it.next(), HttpUtils.getRequestUriWithoutContextPath(httpServletRequest))) {
                return true;
            }
        }
        return false;
    }

    protected boolean includeRequest(HttpServletRequest httpServletRequest) {
        if (!CollectionUtils.isNotEmpty(getUrlsToInclude())) {
            return false;
        }
        Iterator<String> it = getUrlsToInclude().iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.match(it.next(), HttpUtils.getRequestUriWithoutContextPath(httpServletRequest))) {
                return true;
            }
        }
        return false;
    }

    public int getSessionTimeout() {
        return Integer.parseInt(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_SESSION_TIMEOUT));
    }

    public List<String> getUrlsToInclude() {
        return Arrays.asList(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_URLS_TO_INCLUDE).split(","));
    }

    public List<String> getUrlsToExclude() {
        return Arrays.asList(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_URLS_TO_EXCLUDE).split(","));
    }

    public List<String> getExceptionUrls() {
        return Arrays.asList(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_EXCEPTION_URLS).split(","));
    }

    public SecurityProvider getSecurityProvider() {
        return this.securityProvider;
    }

    public void setSecurityProvider(SecurityProvider securityProvider) {
        this.securityProvider = securityProvider;
    }

    public StudioConfiguration getStudioConfiguration() {
        return this.studioConfiguration;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }
}
