package net.javapla.jawn.security;

import java.text.MessageFormat;
import net.javapla.jawn.core.Response;
import net.javapla.jawn.core.ResponseBuilder;
import net.javapla.jawn.core.database.DatabaseConnection;
import net.javapla.jawn.core.http.Context;
import net.javapla.jawn.core.http.HttpMethod;
import net.javapla.jawn.core.http.SessionFacade;
import net.javapla.jawn.core.spi.FilterChain;
import net.javapla.jawn.security.interfaces.JawnSubject;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:net/javapla/jawn/security/SecurityFilterImpl.class */
class SecurityFilterImpl implements SecurityFilter {
    protected static final String SESSION_USER = "SecurityFilterImpl.user";
    protected static final String SESSION_REQUESTED_PATH = "SecurityFilterImpl.path";
    protected static final String DEFAULT_NOT_LOGGED_IN_REDIRECT = "/login";
    protected static final String DEFAULT_NOT_CORRECTLY_AUTH = "/login?failure=notAuthorized";
    protected static final String DEFAULT_LOG_OUT = "/logout";
    protected String role;
    protected String notLoggedInRedirect = DEFAULT_NOT_LOGGED_IN_REDIRECT;
    protected String notAuthRedirect = DEFAULT_NOT_CORRECTLY_AUTH;
    protected String logout = DEFAULT_LOG_OUT;
    protected DatabaseConnection db;

    public Response before(FilterChain filterChain, Context context) {
        Subject subject;
        SessionFacade session = context.getSession(false);
        if (context.getHttpMethod() == HttpMethod.GET) {
            String path = context.path();
            if (path.equals(this.notLoggedInRedirect)) {
                return filterChain.before(context);
            }
            if (path.equals(this.logout)) {
                if (session != null && (subject = (Subject) session.get(SESSION_USER, Subject.class)) != null) {
                    subject.logout();
                    session.remove(SESSION_USER);
                }
                return filterChain.before(context);
            }
        }
        String parameter = context.getParameter("username");
        String parameter2 = context.getParameter("password");
        System.out.println(MessageFormat.format("username {0} + pass {1} + remember {2} --  ip {3}", parameter, parameter2, context.getParameter("rememberMe"), context.remoteHost()));
        if (session == null) {
            session = context.getSession(true);
        }
        JawnSubject createSubject = createSubject(context);
        updateSessionLastAccessTime(createSubject);
        session.put(SESSION_USER, createSubject);
        System.out.println("is remembered? " + createSubject.isRemembered());
        if (!createSubject.isAuthenticated()) {
            System.out.println("not AUTH");
            if (context.getHttpMethod() != HttpMethod.POST) {
                session.put(SESSION_REQUESTED_PATH, context.path());
                return ResponseBuilder.redirect(this.notLoggedInRedirect);
            }
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(parameter, parameter2);
            usernamePasswordToken.setHost(context.host());
            usernamePasswordToken.setRememberMe(context.getParameter("rememberMe") != null);
            try {
                createSubject.login(usernamePasswordToken);
            } catch (LockedAccountException e) {
                e.printStackTrace();
            } catch (AuthenticationException e2) {
                e2.printStackTrace();
            } catch (UnknownAccountException | IncorrectCredentialsException e3) {
                context.setFlash("credentials", "not match");
                return ResponseBuilder.redirect(this.notLoggedInRedirect + "?credentials");
            }
        }
        System.out.println(createSubject.getPrincipal() + " is AUTH (" + this.role + ") " + createSubject.hasRole(this.role));
        if (!createSubject.hasRole(this.role)) {
            return ResponseBuilder.redirect(this.notAuthRedirect);
        }
        String str = (String) session.get(SESSION_REQUESTED_PATH, String.class);
        session.remove(SESSION_REQUESTED_PATH);
        return str != null ? ResponseBuilder.redirect(str) : filterChain.before(context);
    }

    public void after(FilterChain filterChain, Context context) {
        filterChain.after(context);
    }

    public void onException(FilterChain filterChain, Exception exc) {
        filterChain.onException(exc);
    }

    @Override // net.javapla.jawn.security.SecurityFilter
    public void onRole(String str) {
        this.role = str;
    }

    @Override // net.javapla.jawn.security.SecurityFilter
    public void redirectWhenNotLoggedIn(String str) {
        this.notLoggedInRedirect = str;
    }

    @Override // net.javapla.jawn.security.SecurityFilter
    public void redirectWhenNotAuth(String str) {
        this.notAuthRedirect = str;
    }

    @Override // net.javapla.jawn.security.SecurityFilter
    public void redirectWhenLogout(String str) {
        this.logout = str;
    }

    protected JawnSubject createSubject(Context context) {
        return new JawnSubject.Builder(context).buildJawnSubject();
    }

    protected void updateSessionLastAccessTime(Subject subject) {
        Session session;
        if (subject == null || (session = subject.getSession(false)) == null) {
            return;
        }
        try {
            session.touch();
        } catch (Throwable th) {
        }
    }
}
