package net.roboconf.dm.rest.services.internal.filters;

import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.roboconf.core.utils.Utils;
import net.roboconf.dm.rest.commons.security.AuthenticationManager;
import net.roboconf.dm.rest.services.cors.ResponseCorsFilter;
import net.roboconf.dm.rest.services.internal.ServletRegistrationComponent;
import net.roboconf.dm.rest.services.internal.annotations.RestIndexer;
import net.roboconf.dm.rest.services.internal.audit.AuditLogRecord;
import net.roboconf.dm.rest.services.internal.resources.IPreferencesResource;
import net.roboconf.dm.rest.services.jmx.RestServicesMBean;

/* loaded from: input_file:net/roboconf/dm/rest/services/internal/filters/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    static final String USER_AGENT = "User-Agent";
    private final RestServicesMBean restServicesMBean;
    private AuthenticationManager authenticationMngr;
    private boolean authenticationEnabled;
    private boolean enableCors;
    private long sessionPeriod;
    private final Logger logger = Logger.getLogger(getClass().getName());
    private final RestIndexer restIndexer = new RestIndexer();

    public AuthenticationFilter(RestServicesMBean restServicesMBean) {
        this.restServicesMBean = restServicesMBean;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ((ServletRegistrationComponent) this.restServicesMBean).restRequestsCount.incrementAndGet();
        if (!this.authenticationEnabled) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if ("roboconf-sid".equals(cookie.getName())) {
                    str = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        audit(httpServletRequest, str);
        boolean z = false;
        if (Utils.isEmptyOrWhitespaces(str)) {
            this.logger.finest("No session ID was found in the cookie. Authentication cannot be performed.");
        } else {
            z = this.authenticationMngr.isSessionValid(str, this.sessionPeriod);
            this.logger.finest("Session " + str + (z ? " was successfully " : " failed to be ") + "validated.");
        }
        boolean endsWith = requestURI.endsWith("/auth/e");
        boolean equalsIgnoreCase = "options".equalsIgnoreCase(method);
        boolean z2 = requestURI.endsWith(IPreferencesResource.PATH) && "get".equalsIgnoreCase(method) && "key=user.language".equals(httpServletRequest.getQueryString());
        if (z || endsWith || z2 || equalsIgnoreCase) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.enableCors) {
            for (Map.Entry<String, String> entry : ResponseCorsFilter.buildHeaders(httpServletRequest.getHeader(ResponseCorsFilter.CORS_REQ_HEADERS), httpServletRequest.getHeader(ResponseCorsFilter.ORIGIN)).entrySet()) {
                httpServletResponse.setHeader(entry.getKey(), entry.getValue());
            }
        }
        ((ServletRegistrationComponent) this.restServicesMBean).restRequestsWithAuthFailureCount.incrementAndGet();
        httpServletResponse.sendError(403, "Authentication is required.");
    }

    private void audit(HttpServletRequest httpServletRequest, String str) {
        RestIndexer.RestOperationBean restOperationBean = null;
        String method = httpServletRequest.getMethod();
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            requestURI = requestURI + "?" + queryString;
        }
        String cleanPath = cleanPath(requestURI);
        Iterator<RestIndexer.RestOperationBean> it = this.restIndexer.restMethods.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RestIndexer.RestOperationBean next = it.next();
            if (cleanPath != null && cleanPath.matches(next.getUrlPattern()) && next.getRestVerb().equalsIgnoreCase(method)) {
                restOperationBean = next;
                break;
            }
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String header = httpServletRequest.getHeader(USER_AGENT);
        String findUsername = this.authenticationMngr.findUsername(str);
        boolean z = findUsername != null;
        if (restOperationBean != null) {
            this.logger.log(new AuditLogRecord(findUsername, restOperationBean.getJerseyPath(), requestURI, method, remoteAddr, header, z));
        } else {
            this.logger.log(new AuditLogRecord(findUsername, null, requestURI, method, remoteAddr, header, z));
        }
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void setAuthenticationEnabled(boolean z) {
        this.authenticationEnabled = z;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationMngr = authenticationManager;
    }

    public void setSessionPeriod(long j) {
        this.sessionPeriod = j;
    }

    public void setEnableCors(boolean z) {
        this.enableCors = z;
    }

    static String cleanPath(String str) {
        return str.replaceFirst("^/roboconf-dm/", "/").replaceFirst("^/roboconf-dm-websocket/", "/").replaceFirst("\\?.*", "");
    }
}
