package org.objectweb.telosys.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.objectweb.telosys.common.Telosys;
import org.objectweb.telosys.common.TelosysConst;
import org.objectweb.telosys.common.TelosysObject;
import org.objectweb.telosys.screen.env.ScreenSessionManager;
import org.objectweb.telosys.util.StrUtil;

/* loaded from: input_file:org/objectweb/telosys/auth/AuthFilter.class */
public class AuthFilter extends TelosysObject implements Filter {
    private static final String BASIC_AUTH_LOGIN_PATH = "/l/o/g/i/n/";
    private static final String TOKEN_PREFIX = "T";
    private static final String USER_LOGIN = "user_login";
    private static final String USER_PASSWORD = "user_password";
    private static final String PROP_LOGIN_PAGE = "LoginPage";
    private static final String PROP_LOGIN_ACTION = "LoginAction";
    private static final String PROP_LOGIN_MAX_TRIES = "LoginMaxTries";
    private static final String PROP_LOGIN_ERROR_PAGE = "LoginErrorPage";
    private static final String DEFAULT_LOGIN_ACTION = "/login_action";
    private static final String DEFAULT_LOGIN_MAX_TRIES = "3";
    private static final int MAX_TRIES = 3;
    private ServletContext _servletContext = null;
    private String _sLoginPageParam = null;
    private String _sLoginPageURI = null;
    private String _sLoginActionParam = null;
    private String _sLoginActionURI = null;
    private String _sLoginErrorPageParam = null;
    private String _sLoginErrorPageURI = null;
    private LinkedList _noAuthPages = new LinkedList();
    private int _iMaxTries = 3;

    private String getResourceURI(HttpServletRequest httpServletRequest, String str) {
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null || str == null) {
            return null;
        }
        String trim = contextPath.trim();
        String trim2 = str.trim();
        return trim2.startsWith("/") ? new StringBuffer().append(trim).append(trim2).toString() : new StringBuffer().append(trim).append("/").append(trim2).toString();
    }

    private String getLoginPageURI(HttpServletRequest httpServletRequest) {
        if (this._sLoginPageURI == null) {
            this._sLoginPageURI = getResourceURI(httpServletRequest, this._sLoginPageParam);
            if (this._sLoginPageURI != null) {
                trace(new StringBuffer().append("init LoginPage URI : '").append(this._sLoginPageURI).append("'").toString());
            } else {
                trace(new StringBuffer().append("cannot init LoginPage URI, LoginPage parameter = '").append(this._sLoginPageParam).append("'").toString());
            }
        }
        return this._sLoginPageURI;
    }

    private String getLoginActionURI(HttpServletRequest httpServletRequest) {
        if (this._sLoginActionURI == null) {
            this._sLoginActionURI = getResourceURI(httpServletRequest, this._sLoginActionParam);
            if (this._sLoginActionURI != null) {
                trace(new StringBuffer().append("init LoginAction URI : '").append(this._sLoginActionURI).append("'").toString());
            } else {
                trace(new StringBuffer().append("cannot init LoginAction URI, LoginAction parameter = '").append(this._sLoginActionParam).append("'").toString());
            }
        }
        return this._sLoginActionURI;
    }

    private String getLoginErrorPageURI(HttpServletRequest httpServletRequest) {
        if (this._sLoginErrorPageURI == null) {
            this._sLoginErrorPageURI = getResourceURI(httpServletRequest, this._sLoginErrorPageParam);
            if (this._sLoginErrorPageURI != null) {
                trace(new StringBuffer().append("init LoginErrorPage URI : '").append(this._sLoginErrorPageURI).append("'").toString());
            } else {
                trace(new StringBuffer().append("cannot init LoginPage URI, LoginPage parameter = '").append(this._sLoginErrorPageParam).append("'").toString());
            }
        }
        return this._sLoginErrorPageURI;
    }

    private void setTelosysRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        String str = requestURI;
        if (queryString != null && queryString.trim().length() > 0) {
            str = new StringBuffer().append(requestURI).append("?").append(queryString.trim()).toString();
        }
        trace(new StringBuffer().append("set response header : 'Telosys-Redirect' : '").append(str).append("'").toString());
        httpServletResponse.setHeader(TelosysConst.TELOSYS_REDIRECT, str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String property;
        this._servletContext = filterConfig.getServletContext();
        info(new StringBuffer().append("init() : . ServletContext  = '").append(this._servletContext.getServletContextName()).append("'").toString());
        Properties properties = Telosys.getProperties();
        if (properties == null) {
            error("init() : Cannot get Telosys properties");
            return;
        }
        this._sLoginErrorPageParam = properties.getProperty(PROP_LOGIN_ERROR_PAGE);
        if (this._sLoginErrorPageParam != null) {
            this._sLoginErrorPageParam = this._sLoginErrorPageParam.trim();
        }
        this._sLoginPageParam = properties.getProperty(PROP_LOGIN_PAGE);
        if (this._sLoginPageParam != null) {
            this._sLoginPageParam = this._sLoginPageParam.trim();
            this._sLoginActionParam = properties.getProperty(PROP_LOGIN_ACTION, DEFAULT_LOGIN_ACTION);
            this._sLoginActionParam = this._sLoginActionParam.trim();
        }
        info(new StringBuffer().append("init() : . LoginPage      = '").append(this._sLoginPageParam).append("'").toString());
        info(new StringBuffer().append("init() : . LoginAction    = '").append(this._sLoginActionParam).append("'").toString());
        info(new StringBuffer().append("init() : . LoginErrorPage = '").append(this._sLoginErrorPageParam).append("'").toString());
        this._iMaxTries = StrUtil.getInt(properties.getProperty(PROP_LOGIN_MAX_TRIES, DEFAULT_LOGIN_MAX_TRIES), 3);
        info(new StringBuffer().append("init() : . MaxTries       = ").append(this._iMaxTries).toString());
        this._noAuthPages.clear();
        for (int i = 1; i < 9999 && (property = properties.getProperty(new StringBuffer().append("NoAuthPage").append(i).toString())) != null; i++) {
            this._noAuthPages.add(property.trim());
            info(new StringBuffer().append("init() : . No auth page [ ").append(i).append(" ] : '").append(property.trim()).append("'").toString());
        }
        info("init() : Authentication filter initialized.");
    }

    public void destroy() {
        trace("destroy()");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        trace("----- doFilter()...");
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            error("doFilter() : request and/or response not HTTP ");
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        trace(new StringBuffer().append("Request : '").append((Object) httpServletRequest.getRequestURL()).append(httpServletRequest.getQueryString() != null ? new StringBuffer().append("?").append(httpServletRequest.getQueryString()).toString() : "").toString());
        trace(new StringBuffer().append("request.getAuthType()   = ").append(httpServletRequest.getAuthType()).toString());
        trace(new StringBuffer().append("request.getRemoteUser() = ").append(httpServletRequest.getRemoteUser()).toString());
        LoginUser authenticatedUser = Auth.getAuthenticatedUser(httpServletRequest);
        if (authenticatedUser != null) {
            trace(new StringBuffer().append("User authenticated (found in session) : '").append(authenticatedUser.getLogin()).append("' : req. count = ").append(authenticatedUser.getRequestCount()).toString());
            if (authenticatedUser.getRequestCount() == 0) {
                setTelosysRedirect(httpServletRequest, httpServletResponse);
            }
            filterChain.doFilter(servletRequest, servletResponse);
            if (httpServletResponse.containsHeader("Location")) {
                return;
            }
            authenticatedUser.incrementRequestCount();
            return;
        }
        trace("User not yet authenticated (not found in session).");
        if (getAuthStatusCookieValue(httpServletRequest) < 0) {
            setTelosysRedirect(httpServletRequest, httpServletResponse);
            printLoginErrorPage(httpServletRequest, httpServletResponse);
            return;
        }
        if (isFormAuthLoginPageURL(httpServletRequest)) {
            trace("Request URL is for the Login Page : OK, let it pass ... ");
            setTelosysRedirect(httpServletRequest, httpServletResponse);
            httpServletRequest.setAttribute(PROP_LOGIN_MAX_TRIES, new StringBuffer().append("").append(this._iMaxTries).toString());
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (isFormAuthLoginActionURL(httpServletRequest)) {
            trace("Request URL is a Form Auth Login Action : try to authenticate the user... ");
            LoginUser userFromLoginActionRequest = getUserFromLoginActionRequest(httpServletRequest);
            int countCookieValue = getCountCookieValue(httpServletRequest);
            if (userFromLoginActionRequest == null) {
                trace("login/password not found in request => redirect to login page ");
                redirectToLoginPage(httpServletRequest, httpServletResponse, countCookieValue + 1);
                return;
            }
            IAppUser validUser = Auth.validUser(userFromLoginActionRequest);
            if (validUser != null) {
                trace("User login/password is valid. ");
                trace("Init user in session... ");
                ScreenSessionManager.openScreenSession(httpServletRequest, userFromLoginActionRequest, validUser);
                trace("Redirect to first page... ");
                redirectToFirstPage(httpServletRequest, httpServletResponse, validUser);
                return;
            }
            trace("Invalid login/password => redirect to login page ");
            if (countCookieValue < this._iMaxTries) {
                redirectToLoginPage(httpServletRequest, httpServletResponse, countCookieValue + 1);
                return;
            } else {
                setAuthStatusCookie(httpServletResponse, -1);
                printLoginErrorPage(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (!isBasicAuthLoginURL(httpServletRequest)) {
            if (isNoAuthPageURL(httpServletRequest)) {
                trace("The requested URL is a 'Trusted Page' : OK, let it pass ... ");
                setTelosysRedirect(httpServletRequest, httpServletResponse);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else if (getLoginPageURI(httpServletRequest) != null) {
                redirectToLoginPage(httpServletRequest, httpServletResponse, 1);
                return;
            } else {
                trace(new StringBuffer().append("URL doesn't start with '").append(new StringBuffer().append(httpServletRequest.getContextPath()).append(BASIC_AUTH_LOGIN_PATH).toString()).append("' => '302' Redirect to Authentication URL.").toString());
                redirectToBasicAuthLoginURL(httpServletRequest, httpServletResponse);
                return;
            }
        }
        trace("Request URL is a Basic Auth Login URL : try to authenticate the user... ");
        LoginUser userFromBasicAuthRequest = getUserFromBasicAuthRequest(httpServletRequest);
        int countCookieValue2 = getCountCookieValue(httpServletRequest);
        if (userFromBasicAuthRequest == null) {
            trace("login/password not found in request => '401' (Unauthorized) ");
            buildAuthenticateResponse(httpServletRequest, httpServletResponse, countCookieValue2 + 1);
            return;
        }
        IAppUser validUser2 = Auth.validUser(userFromBasicAuthRequest);
        if (validUser2 != null) {
            trace("User login/password is valid. ");
            trace("Init user in session... ");
            ScreenSessionManager.openScreenSession(httpServletRequest, userFromBasicAuthRequest, validUser2);
            trace("Redirect to first page... ");
            redirectToFirstPage(httpServletRequest, httpServletResponse, validUser2);
            return;
        }
        trace("Invalid login/password => '401' (Unauthorized) ");
        if (countCookieValue2 < this._iMaxTries) {
            buildAuthenticateResponse(httpServletRequest, httpServletResponse, countCookieValue2 + 1);
            return;
        }
        setAuthStatusCookie(httpServletResponse, -1);
        setTelosysRedirect(httpServletRequest, httpServletResponse);
        printLoginErrorPage(httpServletRequest, httpServletResponse);
    }

    private boolean isBasicAuthLoginURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer().append("isBasicAuthLoginURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        return httpServletRequest.getRequestURI().startsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(BASIC_AUTH_LOGIN_PATH).toString());
    }

    private boolean isFormAuthLoginPageURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer().append("isFormAuthLoginPageURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        String loginPageURI = getLoginPageURI(httpServletRequest);
        if (loginPageURI != null) {
            return httpServletRequest.getRequestURI().equals(loginPageURI);
        }
        return false;
    }

    private boolean isFormAuthLoginActionURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer().append("isFormAuthLoginActionURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        String loginActionURI = getLoginActionURI(httpServletRequest);
        if (loginActionURI != null) {
            return httpServletRequest.getRequestURI().equals(loginActionURI);
        }
        return false;
    }

    private boolean isLoginErrorPageURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer().append("isLoginErrorPageURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        String loginErrorPageURI = getLoginErrorPageURI(httpServletRequest);
        if (loginErrorPageURI != null) {
            return httpServletRequest.getRequestURI().equals(loginErrorPageURI);
        }
        return false;
    }

    private boolean isNoAuthPageURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer().append("isNoAuthPageURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        if (this._noAuthPages.isEmpty()) {
            return false;
        }
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        Iterator it = this._noAuthPages.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (requestURI.equals(str) || requestURI.equals(new StringBuffer().append(contextPath).append(str).toString())) {
                return true;
            }
        }
        return false;
    }

    private String getFullURL(HttpServletRequest httpServletRequest, String str) {
        String scheme = httpServletRequest.getScheme();
        String serverName = httpServletRequest.getServerName();
        int serverPort = httpServletRequest.getServerPort();
        return new StringBuffer().append(scheme).append("://").append(serverName).append(":").append(serverPort).append(httpServletRequest.getContextPath()).append(str).toString();
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        String substring;
        int indexOf;
        String str = "";
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf2 = requestURI.indexOf(BASIC_AUTH_LOGIN_PATH);
        if (indexOf2 >= 0 && (indexOf = (substring = requestURI.substring(indexOf2 + BASIC_AUTH_LOGIN_PATH.length())).indexOf(47)) > 0) {
            str = substring.substring(0, indexOf);
        }
        return str;
    }

    private String getNewToken() {
        return new StringBuffer().append(TOKEN_PREFIX).append(new Date().getTime()).toString();
    }

    private void redirectToBasicAuthLoginURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String fullURL = getFullURL(httpServletRequest, new StringBuffer().append(BASIC_AUTH_LOGIN_PATH).append(getNewToken()).append("/login").toString());
        trace(new StringBuffer().append("sendRedirect to Login URL -> ").append(fullURL).toString());
        httpServletResponse.sendRedirect(fullURL);
    }

    private void buildAuthenticateResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        trace(new StringBuffer().append("buildAuthenticateResponse()... ( count = ").append(i).append(" )").toString());
        String token = getToken(httpServletRequest);
        TelosysAUTH.getRealmName();
        String stringBuffer = TelosysAUTH.getRealmName() != null ? new StringBuffer().append(TelosysAUTH.getRealmName()).append(" (").append(token).append(")").toString() : Telosys.getWebAppName() != null ? new StringBuffer().append(Telosys.getWebAppName()).append(" (").append(token).append(")").toString() : new StringBuffer().append(httpServletRequest.getContextPath()).append(" (").append(token).append(")").toString();
        setCountCookie(httpServletRequest, httpServletResponse, i);
        httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer().append("Basic realm=\"").append(stringBuffer).append("\"").toString());
        httpServletResponse.setStatus(401);
    }

    private void redirectToFirstPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAppUser iAppUser) throws IOException, ServletException {
        String firstPage = iAppUser.getFirstPage();
        if (firstPage == null) {
            firstPage = TelosysAUTH.getFirstPage();
            if (firstPage == null) {
                firstPage = getFullURL(httpServletRequest, "/");
                trace(new StringBuffer().append("No default application first page, use context root '").append(firstPage).append("'").toString());
            } else {
                trace(new StringBuffer().append("Default application first page = '").append(firstPage).append("'").toString());
            }
        } else {
            trace(new StringBuffer().append("User first page = '").append(firstPage).append("'").toString());
        }
        if (!firstPage.startsWith("http")) {
            firstPage = getFullURL(httpServletRequest, firstPage);
        }
        trace(new StringBuffer().append("sendRedirect to first page -> ").append(firstPage).toString());
        httpServletResponse.sendRedirect(firstPage);
    }

    private void redirectToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) throws IOException, ServletException {
        String loginPageURI = getLoginPageURI(httpServletRequest);
        if (loginPageURI == null) {
            error("cannot redirect to login page (cannot get login page URI)");
            redirectToBasicAuthLoginURL(httpServletRequest, httpServletResponse);
        } else {
            trace(new StringBuffer().append("sendRedirect to login page -> '").append(loginPageURI).append("'  ( count = ").append(i).append(" )").toString());
            setCountCookie(httpServletRequest, httpServletResponse, i);
            httpServletResponse.sendRedirect(loginPageURI);
        }
    }

    private void printLoginErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (this._sLoginErrorPageParam != null) {
            trace(new StringBuffer().append("forward to login error page -> '").append(this._sLoginErrorPageParam).append("' )").toString());
            if (this._servletContext != null) {
                this._servletContext.getRequestDispatcher(this._sLoginErrorPageParam).forward(httpServletRequest, httpServletResponse);
                return;
            } else {
                error("ServletContext is null => cannot forward to error page");
                return;
            }
        }
        trace("generate login error response ");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<html>");
        writer.println("<head>");
        writer.println(" <title>Access denied</title>");
        writer.println("</head>");
        writer.println("<body>");
        writer.println(" <div style=\"text-align:center;\">");
        writer.println(" <h1>Not Authenticated</h1>");
        writer.println(" <h1>Access denied !</h1>");
        writer.println(" </div>");
        writer.println("</body>");
        writer.println("</html>");
        writer.close();
    }

    private LoginUser getUserFromBasicAuthRequest(HttpServletRequest httpServletRequest) {
        String str;
        int indexOf;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.toLowerCase().startsWith("basic ") && (indexOf = (str = new String(Base64.decode(header.substring(6).trim().getBytes()))).indexOf(58)) >= 0) {
            return Auth.createLoginUser(str.substring(0, indexOf).trim(), str.substring(indexOf + 1).trim(), httpServletRequest);
        }
        return null;
    }

    private LoginUser getUserFromLoginActionRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(USER_LOGIN);
        String parameter2 = httpServletRequest.getParameter(USER_PASSWORD);
        trace(new StringBuffer().append("getUserFromLoginPageRequest() : login = '").append(parameter).append("'").toString());
        LoginUser loginUser = null;
        if (parameter != null && parameter2 != null) {
            loginUser = Auth.createLoginUser(parameter, parameter2, httpServletRequest);
        }
        return loginUser;
    }

    private void setCountCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        Cookie cookie = new Cookie("TelosysAuth", new StringBuffer().append("").append(i).toString());
        String loginActionURI = getLoginActionURI(httpServletRequest);
        if (loginActionURI != null) {
            cookie.setPath(loginActionURI);
        }
        httpServletResponse.addCookie(cookie);
    }

    private int getCountCookieValue(HttpServletRequest httpServletRequest) {
        String value;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return 0;
        }
        for (int i = 0; i < cookies.length; i++) {
            if ("TelosysAuth".equals(cookies[i].getName()) && (value = cookies[i].getValue()) != null) {
                return StrUtil.getInt(value, 0);
            }
        }
        return 0;
    }

    private void setAuthStatusCookie(HttpServletResponse httpServletResponse, int i) {
        httpServletResponse.addCookie(new Cookie("TelosysAuthStatus", new StringBuffer().append("").append(i).toString()));
    }

    private int getAuthStatusCookieValue(HttpServletRequest httpServletRequest) {
        String value;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return 0;
        }
        for (int i = 0; i < cookies.length; i++) {
            if ("TelosysAuthStatus".equals(cookies[i].getName()) && (value = cookies[i].getValue()) != null) {
                return StrUtil.getInt(value, 0);
            }
        }
        return 0;
    }
}
