package org.jasig.portal.security;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.portal.security.provider.AuthorizationImpl;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jasig/portal/security/MaxInactiveFilter.class */
public class MaxInactiveFilter implements Filter {
    protected final Log log = LogFactory.getLog(getClass());
    private IPersonManager personManager;

    public IPersonManager getPersonManager() {
        return this.personManager;
    }

    @Required
    public void setPersonManager(IPersonManager iPersonManager) {
        Assert.notNull(iPersonManager);
        this.personManager = iPersonManager;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        ISecurityContext securityContext;
        filterChain.doFilter(servletRequest, servletResponse);
        IPerson person = this.personManager.getPerson((HttpServletRequest) servletRequest);
        if (person == null || (securityContext = person.getSecurityContext()) == null || !securityContext.isAuthenticated()) {
            return;
        }
        IAuthorizationService singleton = AuthorizationImpl.singleton();
        Integer num = null;
        Integer num2 = null;
        for (IPermission iPermission : singleton.getAllPermissionsForPrincipal(singleton.newPrincipal((String) person.getAttribute("username"), IPerson.class), null, "MAX_INACTIVE", null)) {
            long currentTimeMillis = System.currentTimeMillis();
            if ((iPermission.getEffective() == null || iPermission.getEffective().getTime() <= currentTimeMillis) && (iPermission.getExpires() == null || iPermission.getExpires().getTime() >= currentTimeMillis)) {
                if (iPermission.getType().equals("GRANT")) {
                    try {
                        Integer valueOf = Integer.valueOf(iPermission.getTarget());
                        if (num == null || valueOf.intValue() < 0 || num.intValue() < valueOf.intValue()) {
                            num = valueOf;
                        }
                    } catch (NumberFormatException e) {
                        this.log.warn("Invalid MAX_INACTIVE permission grant '" + iPermission.getTarget() + "';  target must be an integer value.");
                    }
                } else if (iPermission.getType().equals(IPermission.PERMISSION_TYPE_DENY)) {
                    try {
                        Integer valueOf2 = Integer.valueOf(iPermission.getTarget());
                        if (num2 == null || num2.intValue() > valueOf2.intValue()) {
                            num2 = valueOf2;
                        }
                    } catch (NumberFormatException e2) {
                        this.log.warn("Invalid MAX_INACTIVE permission deny '" + iPermission.getTarget() + "';  target must be an integer value.");
                    }
                } else {
                    this.log.warn("Unknown permission type:  " + iPermission.getType());
                }
            }
        }
        if (num2 != null && num2.intValue() < 0) {
            this.log.warn("A MAX_INACTIVE DENY entry improperly specified a negative target:  " + num2.intValue());
            num2 = null;
        }
        if (num == null && num2 == null) {
            return;
        }
        int intValue = num != null ? num.intValue() : 0;
        if (num2 != null) {
            int intValue2 = num2.intValue();
            intValue = intValue >= 0 ? intValue2 < intValue ? intValue2 : intValue : intValue2;
        }
        ((HttpServletRequest) servletRequest).getSession().setMaxInactiveInterval(intValue);
        if (this.log.isInfoEnabled()) {
            this.log.info("Setting maxInactive to '" + intValue + "' for user '" + person.getAttribute("username") + "'");
        }
    }
}
