package noo.security;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import noo.exception.AuthenticateException;
import noo.exception.SessionTimeoutException;
import noo.exception.UnAuthrizedException;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:noo/security/SecurityFilter.class */
public class SecurityFilter implements Filter {

    @Autowired
    private SecuritySettingService us;
    public static final String SESSION_KEY = "noo.session.userobj";
    public String username = "username";
    public String password = "password";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        if (this.us.isIgnore(requestURI)) {
            doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        if (requestURI.startsWith(this.us.getLoginUrl())) {
            String parameter = servletRequest.getParameter(this.username);
            String parameter2 = servletRequest.getParameter(this.password);
            User loadUserByName = this.us.loadUserByName(parameter);
            if (this.us.checkUserPassword(loadUserByName, parameter2)) {
                httpServletRequest.getSession(true).setAttribute(SESSION_KEY, loadUserByName);
                ((HttpServletResponse) servletResponse).sendRedirect(this.us.getSuccessUrl());
                return;
            } else {
                HttpSession session = httpServletRequest.getSession();
                if (session != null) {
                    session.invalidate();
                }
                throw new AuthenticateException("username, password is wrong.");
            }
        }
        if (requestURI.startsWith(this.us.getLogoutUrl())) {
            HttpSession session2 = httpServletRequest.getSession();
            if (session2 != null) {
                session2.invalidate();
                return;
            }
            return;
        }
        HttpSession session3 = httpServletRequest.getSession();
        if (session3 == null) {
            throw new SessionTimeoutException();
        }
        User user = (User) session3.getAttribute(SESSION_KEY);
        if (user == null) {
            throw new SessionTimeoutException();
        }
        if (!this.us.checkPath(user, requestURI)) {
            throw new UnAuthrizedException("username, password is wrong.");
        }
        doFilter(servletRequest, servletResponse, filterChain);
    }

    public void destroy() {
    }
}
