package org.apache.isis.viewer.restfulobjects.viewer.webmodule;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.transaction.TransactionalException;
import org.apache.isis.applib.services.iactnlayer.InteractionContext;
import org.apache.isis.applib.services.iactnlayer.InteractionService;
import org.apache.isis.applib.services.xactn.TransactionService;
import org.apache.isis.commons.internal.base._Strings;
import org.apache.isis.commons.internal.collections._Lists;
import org.apache.isis.commons.internal.exceptions._Exceptions;
import org.apache.isis.commons.internal.factory._InstanceUtil;
import org.apache.isis.core.metamodel.commons.StringExtensions;
import org.apache.isis.core.metamodel.specloader.SpecificationLoader;
import org.apache.isis.core.metamodel.specloader.validator.MetaModelInvalidException;
import org.apache.isis.core.metamodel.specloader.validator.ValidationFailures;
import org.apache.isis.core.webapp.modules.templresources.TemplateResourceCachingFilter;
import org.apache.isis.viewer.restfulobjects.viewer.webmodule.auth.AuthenticationStrategy;
import org.apache.isis.viewer.restfulobjects.viewer.webmodule.auth.AuthenticationStrategyAbstract;
import org.apache.isis.viewer.restfulobjects.viewer.webmodule.auth.AuthenticationStrategyDefault;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/apache/isis/viewer/restfulobjects/viewer/webmodule/IsisRestfulObjectsInteractionFilter.class */
public class IsisRestfulObjectsInteractionFilter implements Filter {
    public static final String AUTHENTICATION_SESSION_STRATEGY_KEY = "authenticationStrategy";
    public static final String LOGON_PAGE_KEY = "logonPage";
    public static final String WHEN_NO_SESSION_KEY = "whenNoSession";
    public static final String PASS_THRU_KEY = "passThru";
    public static final String RESTRICTED_KEY = "restricted";
    public static final String REDIRECT_TO_ON_EXCEPTION_KEY = "redirectToOnException";
    public static final String IGNORE_EXTENSIONS_KEY = "ignoreExtensions";
    public static final String ISIS_SESSION_FILTER_QUERY_STRING_FORCE_LOGOUT = "__isis_force_logout";

    @Autowired
    private InteractionService interactionService;

    @Autowired
    private SpecificationLoader specificationLoader;

    @Autowired
    private TransactionService transactionService;
    private List<String> passThruList = Collections.emptyList();
    private AuthenticationStrategy authStrategy;
    private List<String> restrictedPaths;
    private WhenNoSession whenNotAuthenticated;
    private String redirectToOnException;
    private Collection<Pattern> ignoreExtensions;
    public static final String AUTHENTICATION_SESSION_STRATEGY_DEFAULT = AuthenticationStrategyDefault.class.getName();
    private static final Function<String, Pattern> STRING_TO_PATTERN = str -> {
        return Pattern.compile(".*\\." + str);
    };

    /* loaded from: input_file:org/apache/isis/viewer/restfulobjects/viewer/webmodule/IsisRestfulObjectsInteractionFilter$WhenNoSession.class */
    public enum WhenNoSession {
        UNAUTHORIZED("unauthorized") { // from class: org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession.1
            @Override // org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession
            public void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                httpServletResponse.sendError(AuthenticationStrategyAbstract.STATUS_UNAUTHORIZED);
            }
        },
        BASIC_AUTH_CHALLENGE("basicAuthChallenge") { // from class: org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession.2
            @Override // org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession
            public void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Apache Isis\"");
                httpServletResponse.sendError(AuthenticationStrategyAbstract.STATUS_UNAUTHORIZED);
            }
        },
        AUTO("auto") { // from class: org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession.3
            @Override // org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession
            public void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                if (fromWebBrowser(httpServletRequest)) {
                    httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Apache Isis\"");
                }
                httpServletResponse.sendError(AuthenticationStrategyAbstract.STATUS_UNAUTHORIZED);
            }

            private boolean fromWebBrowser(HttpServletRequest httpServletRequest) {
                return httpServletRequest.getHeader("Accept").contains("text/html");
            }
        },
        CONTINUE("continue") { // from class: org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession.4
            @Override // org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession
            public void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        },
        RESTRICTED(IsisRestfulObjectsInteractionFilter.RESTRICTED_KEY) { // from class: org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession.5
            @Override // org.apache.isis.viewer.restfulobjects.viewer.webmodule.IsisRestfulObjectsInteractionFilter.WhenNoSession
            public void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                if (isisRestfulObjectsInteractionFilter.restrictedPaths.contains(httpServletRequest.getServletPath())) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    IsisRestfulObjectsInteractionFilter.redirect(httpServletRequest, httpServletResponse, isisRestfulObjectsInteractionFilter.restrictedPaths.get(0));
                }
            }
        };

        private final String initParamValue;

        WhenNoSession(String str) {
            this.initParamValue = str;
        }

        public static WhenNoSession lookup(String str) {
            for (WhenNoSession whenNoSession : values()) {
                if (whenNoSession.initParamValue.equals(str)) {
                    return whenNoSession;
                }
            }
            throw new IllegalStateException("require an init-param of 'whenNoSession', taking a value of " + values());
        }

        public abstract void handle(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException;
    }

    static void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendRedirect(StringExtensions.combinePath(httpServletRequest.getContextPath(), str));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authStrategy = lookup(filterConfig.getInitParameter(AUTHENTICATION_SESSION_STRATEGY_KEY));
        lookupWhenNoSession(filterConfig);
        lookupPassThru(filterConfig);
        lookupRedirectToOnException(filterConfig);
        lookupIgnoreExtensions(filterConfig);
    }

    public static AuthenticationStrategy lookup(String str) {
        if (str == null) {
            str = AUTHENTICATION_SESSION_STRATEGY_DEFAULT;
        }
        return (AuthenticationStrategy) _InstanceUtil.createInstance(str, new Object[0]);
    }

    private void lookupWhenNoSession(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(WHEN_NO_SESSION_KEY);
        String initParameter2 = filterConfig.getInitParameter(LOGON_PAGE_KEY);
        if (initParameter2 != null) {
            if (initParameter != null) {
                throw new IllegalStateException(String.format("The init-param '%s' is only provided for backwards compatibility; remove if the init-param '%s' has been specified", LOGON_PAGE_KEY, WHEN_NO_SESSION_KEY));
            }
            this.whenNotAuthenticated = WhenNoSession.RESTRICTED;
            this.restrictedPaths = _Lists.of(new String[]{initParameter2});
            return;
        }
        this.whenNotAuthenticated = WhenNoSession.lookup(initParameter);
        if (this.whenNotAuthenticated == WhenNoSession.RESTRICTED) {
            String initParameter3 = filterConfig.getInitParameter(RESTRICTED_KEY);
            if (initParameter3 == null) {
                throw new IllegalStateException(String.format("Require an init-param of '%s' key to be set.", RESTRICTED_KEY));
            }
            this.restrictedPaths = (List) _Strings.splitThenStream(initParameter3, ",").collect(Collectors.toList());
        }
    }

    void lookupPassThru(FilterConfig filterConfig) {
        this.passThruList = lookupAndParsePassThru(filterConfig);
    }

    List<String> lookupAndParsePassThru(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(PASS_THRU_KEY);
        return (initParameter == null || initParameter.equals("")) ? Collections.emptyList() : Arrays.asList(initParameter.split(","));
    }

    private void lookupRedirectToOnException(FilterConfig filterConfig) {
        this.redirectToOnException = filterConfig.getInitParameter(REDIRECT_TO_ON_EXCEPTION_KEY);
    }

    private void lookupIgnoreExtensions(FilterConfig filterConfig) {
        this.ignoreExtensions = Collections.unmodifiableCollection((Collection) parseIgnorePatterns(filterConfig).collect(Collectors.toList()));
    }

    private Stream<Pattern> parseIgnorePatterns(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(IGNORE_EXTENSIONS_KEY);
        return initParameter != null ? _Strings.splitThenStream(initParameter, ",").map(STRING_TO_PATTERN) : Stream.empty();
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Objects.requireNonNull(this.interactionService, "isisInteractionFactory");
        Objects.requireNonNull(this.specificationLoader, "specificationLoader");
        ensureMetamodelIsValid(this.specificationLoader);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && queryString.contains(ISIS_SESSION_FILTER_QUERY_STRING_FORCE_LOGOUT)) {
                this.authStrategy.invalidate(httpServletRequest, httpServletResponse);
                this.interactionService.closeInteractionLayers();
                return;
            }
            if (requestIsIgnoreExtension(this, httpServletRequest) || TemplateResourceCachingFilter.isCachedResource(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
                this.interactionService.closeInteractionLayers();
                return;
            }
            if (requestIsPassThru(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
                this.interactionService.closeInteractionLayers();
                return;
            }
            InteractionContext lookupValid = this.authStrategy.lookupValid(httpServletRequest, httpServletResponse);
            if (lookupValid != null) {
                this.authStrategy.bind(httpServletRequest, httpServletResponse, lookupValid);
                this.interactionService.run(lookupValid, () -> {
                    this.transactionService.runWithinCurrentTransactionElseCreateNew(() -> {
                        filterChain.doFilter(servletRequest, servletResponse);
                    }).mapFailure(th -> {
                        return new TransactionalException("", th);
                    }).optionalElseFail();
                });
                this.interactionService.closeInteractionLayers();
                return;
            }
            try {
                this.whenNotAuthenticated.handle(this, httpServletRequest, httpServletResponse, filterChain);
                this.interactionService.closeInteractionLayers();
            } catch (IOException | RuntimeException | ServletException e) {
                if (this.redirectToOnException == null) {
                    throw e;
                }
                redirect(httpServletRequest, httpServletResponse, this.redirectToOnException);
                this.interactionService.closeInteractionLayers();
            }
        } catch (Throwable th) {
            this.interactionService.closeInteractionLayers();
            throw th;
        }
    }

    private static void ensureMetamodelIsValid(SpecificationLoader specificationLoader) {
        ValidationFailures validationFailures = (ValidationFailures) specificationLoader.getValidationResult().orElseThrow(() -> {
            return _Exceptions.illegalState("Application is not fully initilized yet.", new Object[0]);
        });
        if (validationFailures.hasFailures()) {
            throw new MetaModelInvalidException(validationFailures.getAsLineNumberedString());
        }
    }

    protected boolean requestIsPassThru(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = this.passThruList.iterator();
        while (it.hasNext()) {
            if (requestURI.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean requestIsIgnoreExtension(IsisRestfulObjectsInteractionFilter isisRestfulObjectsInteractionFilter, HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        Iterator<Pattern> it = isisRestfulObjectsInteractionFilter.ignoreExtensions.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(servletPath).matches()) {
                return true;
            }
        }
        return false;
    }
}
