package org.craftercms.security.servlet.filters;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.security.processors.RequestSecurityProcessor;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.processors.impl.RequestSecurityProcessorChainImpl;
import org.craftercms.security.utils.SecurityEnabledAware;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-4.1.1.jar:org/craftercms/security/servlet/filters/RequestSecurityFilter.class */
public class RequestSecurityFilter extends GenericFilterBean implements SecurityEnabledAware {
    protected boolean securityEnabled;
    protected List<RequestSecurityProcessor> securityProcessors;
    protected String[] urlsToInclude;
    protected String[] urlsToExclude;
    protected PathMatcher pathMatcher = new AntPathMatcher();

    @Override // org.craftercms.security.utils.SecurityEnabledAware
    public void setSecurityEnabled(boolean z) {
        this.securityEnabled = z;
    }

    @Required
    public void setSecurityProcessors(List<RequestSecurityProcessor> list) {
        this.securityProcessors = list;
    }

    public void setUrlsToInclude(String... strArr) {
        this.urlsToInclude = strArr;
    }

    public void setUrlsToExclude(String... strArr) {
        this.urlsToExclude = strArr;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!this.securityEnabled || (!includeRequest(httpServletRequest) && excludeRequest(httpServletRequest))) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            doFilterInternal((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        RequestContext current = RequestContext.getCurrent();
        if (current == null) {
            current = createRequestContext(httpServletRequest, httpServletResponse);
        }
        ArrayList arrayList = new ArrayList(this.securityProcessors);
        arrayList.add(getLastProcessorInChain(filterChain));
        try {
            new RequestSecurityProcessorChainImpl(arrayList.iterator()).processRequest(current);
        } catch (IOException | ServletException | RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new ServletException(e2.getMessage(), e2);
        }
    }

    protected boolean excludeRequest(HttpServletRequest httpServletRequest) {
        if (!ArrayUtils.isNotEmpty(this.urlsToExclude)) {
            return false;
        }
        for (String str : this.urlsToExclude) {
            if (this.pathMatcher.match(str, HttpUtils.getRequestUriWithoutContextPath(httpServletRequest))) {
                return true;
            }
        }
        return false;
    }

    protected boolean includeRequest(HttpServletRequest httpServletRequest) {
        if (!ArrayUtils.isNotEmpty(this.urlsToInclude)) {
            return false;
        }
        for (String str : this.urlsToInclude) {
            if (this.pathMatcher.match(str, HttpUtils.getRequestUriWithoutContextPath(httpServletRequest))) {
                return true;
            }
        }
        return false;
    }

    protected RequestContext createRequestContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new RequestContext(httpServletRequest, httpServletResponse, getServletContext());
    }

    protected RequestSecurityProcessor getLastProcessorInChain(final FilterChain filterChain) {
        return new RequestSecurityProcessor() { // from class: org.craftercms.security.servlet.filters.RequestSecurityFilter.1
            @Override // org.craftercms.security.processors.RequestSecurityProcessor
            public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
                filterChain.doFilter(requestContext.getRequest(), requestContext.getResponse());
            }
        };
    }
}
