package org.eclipse.stardust.ui.web.viewscommon.login.filter;

import com.icesoft.faces.context.effects.JavascriptContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.faces.application.NavigationHandler;
import javax.faces.application.ViewHandler;
import javax.faces.context.FacesContext;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.stardust.common.error.LoginFailedException;
import org.eclipse.stardust.ui.web.admin.common.configuration.UserPreferencesEntries;
import org.eclipse.stardust.ui.web.common.log.LogManager;
import org.eclipse.stardust.ui.web.common.log.Logger;
import org.eclipse.stardust.ui.web.common.util.CollectionUtils;
import org.eclipse.stardust.ui.web.common.util.FacesUtils;
import org.eclipse.stardust.ui.web.common.util.SecurityUtils;
import org.eclipse.stardust.ui.web.common.util.StringUtils;
import org.eclipse.stardust.ui.web.viewscommon.beans.ApplicationContext;
import org.eclipse.stardust.ui.web.viewscommon.beans.SessionContext;
import org.eclipse.stardust.ui.web.viewscommon.common.Constants;
import org.eclipse.stardust.ui.web.viewscommon.login.dialogs.LoginDialogBean;
import org.eclipse.stardust.ui.web.viewscommon.utils.PluginResourceUtils;

/* loaded from: input_file:lib/ipp-views-common.jar:org/eclipse/stardust/ui/web/viewscommon/login/filter/LoginFilter.class */
public class LoginFilter implements Filter {
    protected FilterConfig filterCfg;
    private ServletContext servletContext;
    private static final String LOGIN_PAGE = "loginPage";
    private static final String DEFAULT_LOGIN_PAGE = "plugins/views-common/login.iface";
    private static final String LOGOUT_PAGE = "logoutPage";
    private static final String DEFAULT_LOGOUT_PAGE = "/ipp/common/ippPortalLogout.jsp";
    private static final String MAIN_PAGE = "mainPage";
    private static final String DEFAULT_MAIN_PAGE = "/main.html";
    private static final String PRINCIPAL_USER_ROLES = "principalUserRoles";
    private static final String PARAM_PUBLIC_URI_PATTERNS = "publicUriPatterns";
    private static final String ANY_PLUGIN_URI_PREFIX = "/plugins/<anyId>";
    private static final String DEFAULT_PUBLIC_URI_PATTERNS = "/plugins/<anyId>/public/*";
    private static final String PRINCIPAL_LOGIN_INIT_PAGE = "/plugins/common/initializeSession.iface";
    private static final String SKIP_URIS = "skipURIs";
    private String loginPage;
    private String logoutPage;
    private String mainPage;
    private List<String> skipUris;
    private List<String> principalUserRoles;
    private List<String> publicUris = CollectionUtils.newArrayList();
    private List<String> publicAnyPluginUris = CollectionUtils.newArrayList();
    protected static final Logger trace = LogManager.getLogger((Class<?>) LoginFilter.class);
    public static final String RETURN_URL_PARAM = "returnUrl";
    public static final String SINGLE_VIEW_PREFIX = "portalSingleView";

    public void destroy() {
        this.filterCfg = null;
        this.principalUserRoles = null;
    }

    private void forwardToPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) {
        try {
            httpServletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            trace.error("Unable to forward to " + str, e);
        }
    }

    private boolean handlePrincipalLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FacesContext facesContext, SessionContext sessionContext) {
        try {
            trace.info("Setting session by LoginFilter");
            sessionContext.initPrincipalSession(httpServletRequest);
            return true;
        } catch (Exception e) {
            trace.error("Error occurred durin login", e);
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.invalidate();
            }
            httpServletRequest.getSession(true);
            forwardToPage(httpServletRequest, httpServletResponse, this.logoutPage, false);
            return false;
        }
    }

    private void handleJsfNavigation(FacesContext facesContext, String str, String str2) {
        NavigationHandler navigationHandler = facesContext.getApplication().getNavigationHandler();
        ViewHandler viewHandler = facesContext.getApplication().getViewHandler();
        if (navigationHandler == null || viewHandler == null) {
            return;
        }
        facesContext.setViewRoot(viewHandler.createView(facesContext, str));
        navigationHandler.handleNavigation(facesContext, null, str2);
    }

    private void handleInvalidSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FacesContext facesContext) {
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2)) {
            return;
        }
        httpServletRequest.getSession(true);
        LoginDialogBean loginDialogBean = (LoginDialogBean) FacesUtils.getBeanFromContext(facesContext, LoginDialogBean.BEAN_ID);
        if (loginDialogBean != null) {
            loginDialogBean.setAccount(parameter);
            loginDialogBean.setPassword(parameter2);
            loginDialogBean.setRealm(httpServletRequest.getParameter(UserPreferencesEntries.V_REALM));
            loginDialogBean.setDomain(httpServletRequest.getParameter("domain"));
            loginDialogBean.setPartition(httpServletRequest.getParameter("partition"));
            try {
                String login = loginDialogBean.login();
                if (Constants.WORKFLOW_PRINCIPAL_LOGIN.equals(login)) {
                    forwardToPage(httpServletRequest, httpServletResponse, this.logoutPage, false);
                } else {
                    handleJsfNavigation(facesContext, "/" + this.loginPage, login);
                }
            } catch (LoginFailedException e) {
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String str = (String) httpServletRequest.getAttribute("javax.servlet.forward.request_uri");
        String str2 = (String) httpServletRequest.getAttribute("javax.servlet.forward.context_path");
        String requestURI = StringUtils.isEmpty(str) ? httpServletRequest.getRequestURI() : str;
        String contextPath = StringUtils.isEmpty(str2) ? httpServletRequest.getContextPath() : str2;
        if (isPublicUri(requestURI.substring(contextPath.length())) && !requestURI.endsWith(this.loginPage)) {
            if (trace.isDebugEnabled()) {
                trace.debug("Bypassing login check for public URI: " + requestURI);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (null != this.skipUris && !this.skipUris.isEmpty()) {
            Iterator<String> it = this.skipUris.iterator();
            while (it.hasNext()) {
                if (requestURI.startsWith(contextPath + it.next())) {
                    if (trace.isDebugEnabled()) {
                        trace.debug("Bypassing login check for predefined URI: " + requestURI);
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
        }
        FacesContext facesContext = FacesUtils.getFacesContext(this.servletContext, httpServletRequest, httpServletResponse);
        SessionContext findSessionContext = SessionContext.findSessionContext(facesContext);
        if (requestURI.endsWith(".iface") || requestURI.endsWith(".xhtml") || requestURI.endsWith(".jspx")) {
            includeCustomJS(facesContext, requestURI);
        }
        if (null != findSessionContext) {
            if (!findSessionContext.isSessionInitialized()) {
                if (null != httpServletRequest.getUserPrincipal() && isUserInRoleList(httpServletRequest) && !handlePrincipalLogin(httpServletRequest, httpServletResponse, facesContext, findSessionContext)) {
                    return;
                }
                if (!findSessionContext.isSessionInitialized()) {
                    if (!requestURI.contains(this.loginPage)) {
                        trace.info("Redirect to login, because session was not initialized.");
                        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getContextPath());
                        if (requestURI.endsWith(PRINCIPAL_LOGIN_INIT_PAGE)) {
                            stringBuffer.append("/").append(this.loginPage);
                        } else {
                            stringBuffer.append(this.logoutPage);
                        }
                        LinkedHashMap linkedHashMap = new LinkedHashMap();
                        if (!requestURI.endsWith(this.mainPage) && !requestURI.substring(requestURI.lastIndexOf("/") + 1).startsWith(SINGLE_VIEW_PREFIX) && !ApplicationContext.isPrincipalLogin()) {
                            linkedHashMap.put(RETURN_URL_PARAM, requestURI);
                        }
                        Enumeration parameterNames = httpServletRequest.getParameterNames();
                        while (parameterNames.hasMoreElements()) {
                            String str3 = (String) parameterNames.nextElement();
                            if (!"j_username".equals(str3) && !"j_password".equals(str3)) {
                                linkedHashMap.put(str3, httpServletRequest.getParameter(str3));
                            }
                        }
                        if (linkedHashMap.size() > 0) {
                            stringBuffer.append("?");
                            for (Map.Entry entry : linkedHashMap.entrySet()) {
                                stringBuffer.append((String) entry.getKey()).append("=").append((String) entry.getValue()).append("&");
                            }
                            stringBuffer.deleteCharAt(stringBuffer.length() - 1);
                        }
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(SecurityUtils.sanitizeValue(stringBuffer.toString())));
                        return;
                    }
                    if (!httpServletRequest.isRequestedSessionIdValid()) {
                        handleInvalidSession(httpServletRequest, httpServletResponse, facesContext);
                    }
                }
            } else if (findSessionContext.isSessionInitialized() && !ApplicationContext.isPrincipalLogin() && requestURI.indexOf(this.loginPage) > -1) {
                handleJsfNavigation(facesContext, "/" + this.loginPage, ((LoginDialogBean) FacesUtils.getBeanFromContext(facesContext, LoginDialogBean.BEAN_ID)).getNavigationOutcome());
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void includeCustomJS(FacesContext facesContext, String str) {
        if (null != facesContext) {
            try {
                if (!Arrays.asList(JavascriptContext.getIncludedLibs(facesContext)).contains("/plugins/processportal/integration/iframe/iframe-panel-server-support.js")) {
                    trace.debug("Injecting ICEfaces UI server support library.");
                    JavascriptContext.includeLib("/plugins/processportal/integration/iframe/iframe-panel-server-support.js", facesContext);
                }
            } catch (Exception e) {
                trace.error("Cannot include Custom JS at this point: " + str + " :" + e.getMessage());
            }
        }
    }

    private boolean isUserInRoleList(HttpServletRequest httpServletRequest) {
        boolean z = this.principalUserRoles.isEmpty();
        Iterator<String> it = this.principalUserRoles.iterator();
        while (it.hasNext() && !z) {
            z = httpServletRequest.isUserInRole(it.next());
        }
        return z;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterCfg = filterConfig;
        this.servletContext = filterConfig.getServletContext();
        this.loginPage = filterConfig.getInitParameter(LOGIN_PAGE);
        if (StringUtils.isEmpty(this.loginPage)) {
            this.loginPage = DEFAULT_LOGIN_PAGE;
        } else if (this.loginPage.charAt(0) == '/') {
            this.loginPage = this.loginPage.substring(1);
        }
        this.logoutPage = filterConfig.getInitParameter(LOGOUT_PAGE);
        if (StringUtils.isEmpty(this.logoutPage)) {
            this.logoutPage = DEFAULT_LOGOUT_PAGE;
        }
        this.mainPage = filterConfig.getInitParameter(MAIN_PAGE);
        if (StringUtils.isEmpty(this.mainPage)) {
            this.mainPage = DEFAULT_MAIN_PAGE;
        } else if (this.mainPage.charAt(0) == '/') {
            this.mainPage = this.mainPage.substring(1);
        }
        Iterator<String> split = StringUtils.split(filterConfig.getInitParameter(PRINCIPAL_USER_ROLES), ",");
        this.principalUserRoles = CollectionUtils.newArrayList();
        while (split.hasNext()) {
            this.principalUserRoles.add(split.next());
        }
        String initParameter = filterConfig.getInitParameter(PARAM_PUBLIC_URI_PATTERNS);
        if (null == initParameter) {
            initParameter = DEFAULT_PUBLIC_URI_PATTERNS;
        }
        for (String str : initParameter.split(",")) {
            if (!StringUtils.isEmpty(str)) {
                if (!str.contains("*") || ((str.startsWith("*") || str.endsWith("*")) && !((str.startsWith("*") && str.substring(1).contains("*")) || (str.endsWith("*") && str.substring(0, str.length() - 1).contains("*"))))) {
                    trace.info("URIs matching '" + str + "' will be publicly accessible.");
                    if (str.startsWith(ANY_PLUGIN_URI_PREFIX)) {
                        this.publicAnyPluginUris.add(str.substring(ANY_PLUGIN_URI_PREFIX.length()));
                    } else {
                        this.publicUris.add(str);
                    }
                } else {
                    trace.warn("Ignoring invalid publicUriPattern '" + str + "'. A '*' wildcards must bei either at the first or last position.");
                }
            }
        }
        if (this.publicAnyPluginUris.isEmpty() && this.publicUris.isEmpty()) {
            trace.info("Publicly accessible URIs are disabled.");
        }
        this.skipUris = new ArrayList();
        String initParameter2 = filterConfig.getInitParameter(SKIP_URIS);
        if (StringUtils.isEmpty(initParameter2)) {
            return;
        }
        for (String str2 : initParameter2.split(",")) {
            this.skipUris.add(str2.trim());
        }
    }

    private boolean isPublicUri(String str) {
        boolean z = false;
        if (PluginResourceUtils.isPluginPath(str) && !this.publicAnyPluginUris.isEmpty()) {
            String file = PluginResourceUtils.getFile(str);
            Iterator<String> it = this.publicAnyPluginUris.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isMatch(it.next(), file)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z && !this.publicUris.isEmpty()) {
            Iterator<String> it2 = this.publicUris.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (isMatch(it2.next(), str)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private static boolean isMatch(String str, String str2) {
        return str.startsWith("*") ? str2.endsWith(str.substring(1)) : str.endsWith("*") ? str2.startsWith(str.substring(0, str.length() - 1)) : str2.equals(str);
    }
}
