package io.hawt.web.auth;

import io.hawt.system.AuthHelpers;
import io.hawt.system.AuthenticateResult;
import io.hawt.system.Authenticator;
import io.hawt.web.ServletHelpers;
import io.hawt.web.filters.BaseTagHrefFilter;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/hawt/web/auth/ClientRouteRedirectFilter.class */
public class ClientRouteRedirectFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(ClientRouteRedirectFilter.class);
    public static final String ATTRIBUTE_UNSECURED_PATHS = "unsecuredPaths";
    private int timeout;
    private AuthenticationConfiguration authConfiguration;
    private String[] unsecuredPaths;
    private final String basePath;
    private String baseFullPath;
    private String contextPath;
    private Redirector redirector;

    public ClientRouteRedirectFilter() {
        this(AuthenticationConfiguration.UNSECURED_PATHS, "/");
    }

    public ClientRouteRedirectFilter(String[] strArr, String str) {
        this.redirector = new Redirector();
        this.unsecuredPaths = strArr;
        this.basePath = ServletHelpers.cleanPath(str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authConfiguration = AuthenticationConfiguration.getConfiguration(filterConfig.getServletContext());
        this.timeout = AuthSessionHelpers.getSessionTimeout(filterConfig.getServletContext());
        LOG.info("Hawtio ClientRouteRedirectFilter is using {} sec. HttpSession timeout", Integer.valueOf(this.timeout));
        Object attribute = filterConfig.getServletContext().getAttribute(ATTRIBUTE_UNSECURED_PATHS);
        if (attribute != null) {
            this.unsecuredPaths = (String[]) attribute;
        }
        this.contextPath = filterConfig.getServletContext().getContextPath();
        this.baseFullPath = ServletHelpers.webContextPath(this.contextPath, this.basePath);
        String initParameter = filterConfig.getInitParameter(BaseTagHrefFilter.PARAM_APPLICATION_CONTEXT_PATH);
        if (initParameter == null || initParameter.isEmpty()) {
            return;
        }
        this.baseFullPath = ServletHelpers.cleanPath(initParameter);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        LOG.trace("Applying {}", getClass().getSimpleName());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        String cleanPath = ServletHelpers.cleanPath(httpServletRequest.getRequestURI());
        String substring = cleanPath.length() < this.baseFullPath.length() ? "" : cleanPath.substring(this.baseFullPath.length());
        String substring2 = cleanPath.length() < this.contextPath.length() ? "" : cleanPath.substring(this.contextPath.length());
        boolean startsWith = substring.startsWith(AuthenticationConfiguration.LOGIN_URL);
        if (this.baseFullPath.equals(cleanPath)) {
            substring2 = "/".equals(this.basePath) ? "/" : this.basePath + "/";
        }
        LOG.debug("Check if path [{}] requires redirect", substring2);
        if (!startsWith && !isSecuredPath(substring2)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!this.authConfiguration.isEnabled() || this.authConfiguration.isExternalAuthenticationEnabled()) {
            if (startsWith) {
                this.redirector.doRedirect(httpServletRequest, httpServletResponse, "/");
                return;
            } else {
                this.redirector.doForward(httpServletRequest, httpServletResponse, "/index.html");
                return;
            }
        }
        if (AuthSessionHelpers.isAuthenticated(session)) {
            if (startsWith) {
                this.redirector.doRedirect(httpServletRequest, httpServletResponse, "/");
                return;
            } else {
                this.redirector.doForward(httpServletRequest, httpServletResponse, "/index.html");
                return;
            }
        }
        if (startsWith) {
            this.redirector.doForward(httpServletRequest, httpServletResponse, "/index.html");
            return;
        }
        AuthenticateResult.Type tryAuthenticateRequest = tryAuthenticateRequest(httpServletRequest, session);
        if (tryAuthenticateRequest == AuthenticateResult.Type.AUTHORIZED) {
            this.redirector.doForward(httpServletRequest, httpServletResponse, "/index.html");
        } else if (tryAuthenticateRequest != AuthenticateResult.Type.NOT_AUTHORIZED) {
            this.redirector.doRedirect(httpServletRequest, httpServletResponse, AuthenticationConfiguration.LOGIN_URL);
        } else {
            this.redirector.doRedirect(httpServletRequest, httpServletResponse, "/login#noauth");
        }
    }

    AuthenticateResult.Type tryAuthenticateRequest(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        return new Authenticator(httpServletRequest, this.authConfiguration).authenticate(subject -> {
            String username = AuthHelpers.getUsername(subject);
            LOG.info("Logging in user: {}", username);
            AuthSessionHelpers.setup(httpSession != null ? httpSession : httpServletRequest.getSession(true), subject, username, this.timeout);
        }).getType();
    }

    boolean isSecuredPath(String str) {
        Stream stream = Arrays.stream(this.unsecuredPaths);
        Objects.requireNonNull(str);
        return stream.noneMatch(str::startsWith);
    }

    public void setRedirector(Redirector redirector) {
        this.redirector = redirector;
    }
}
