package org.objectweb.telosys.auth;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.objectweb.telosys.common.Telosys;
import org.objectweb.telosys.util.web.WebUtil;

/* loaded from: input_file:org/objectweb/telosys/auth/AuthBasicFilter.class */
public class AuthBasicFilter extends AuthAbstractFilter {
    private static final String BASIC_AUTH_LOGIN_PATH = "/l/o/g/i/n/";
    private static final String BASIC_AUTH_LOGOUT_PATH = "/l/o/g/o/u/t";
    private static final String TOKEN_PREFIX = "T";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        trace("----- doFilter()...");
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            error("doFilter() : request and/or response not HTTP ");
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        AuthConfig config = Auth.getConfig();
        trace(new StringBuffer("Request : '").append((Object) httpServletRequest.getRequestURL()).append(httpServletRequest.getQueryString() != null ? new StringBuffer("?").append(httpServletRequest.getQueryString()).toString() : "").toString());
        trace(new StringBuffer("request.getAuthType()   = ").append(httpServletRequest.getAuthType()).toString());
        trace(new StringBuffer("request.getRemoteUser() = ").append(httpServletRequest.getRemoteUser()).toString());
        LoginUser authenticatedUser = Auth.getAuthenticatedUser(httpServletRequest);
        if (authenticatedUser != null) {
            trace(new StringBuffer("User authenticated (found in session) : '").append(authenticatedUser.getLogin()).append("' : req. count = ").append(authenticatedUser.getRequestCount()).toString());
            if (config.isLogoutActionURI(httpServletRequest)) {
                Auth.logout(httpServletRequest);
                redirectToLoggedOutPage(httpServletRequest, httpServletResponse);
                return;
            }
            if (authenticatedUser.getRequestCount() == 0) {
                setTelosysRedirect(httpServletRequest, httpServletResponse);
            }
            filterChain.doFilter(servletRequest, servletResponse);
            if (httpServletResponse.containsHeader("Location")) {
                return;
            }
            authenticatedUser.incrementRequestCount();
            return;
        }
        trace("User not yet authenticated (not found in session).");
        if (isAuthenticationLocked(httpServletRequest)) {
            generateLockedPage(httpServletRequest, httpServletResponse);
            return;
        }
        if (config.isLoggedOutPageURI(httpServletRequest) || config.isNoAuthPageURL(httpServletRequest)) {
            trace("The requested URL is a 'Trusted Page' : OK, let it pass ... ");
            setTelosysRedirect(httpServletRequest, httpServletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (isBasicAuthLogoutURL(httpServletRequest)) {
            trace("The requested URL is default 'LOGOUT PAGE' : print it ... ");
            printLoggedOutPage(httpServletRequest, httpServletResponse, 1);
            return;
        }
        if (!isBasicAuthLoginURL(httpServletRequest)) {
            trace("Request URL for a resource without authentication => force authentication... ");
            redirectToBasicAuthLoginURL(httpServletRequest, httpServletResponse);
            return;
        }
        LoginUser userFromBasicAuthRequest = getUserFromBasicAuthRequest(httpServletRequest);
        if (userFromBasicAuthRequest == null) {
            trace("The request has no 'login/password' : it's the first access ... ");
            buildUnauthorizedResponse(httpServletRequest, httpServletResponse, 1);
            return;
        }
        trace("The request submit a 'login/password' : try to authenticate ... ");
        AuthenticationResult login = Auth.login(httpServletRequest, userFromBasicAuthRequest);
        if (login.isSuccessful()) {
            IAppUser appUser = login.getAppUser();
            trace("User login/password is valid. ");
            clearAuthContext(httpServletRequest);
            trace("Redirect to first page... ");
            redirectToFirstPage(httpServletRequest, httpServletResponse, appUser);
            return;
        }
        trace("Invalid login/password => redirect to login page ");
        AuthContext orCreateAuthContext = getOrCreateAuthContext(httpServletRequest, userFromBasicAuthRequest);
        trace(new StringBuffer("Tries count before increment = ").append(orCreateAuthContext.getTriesUsed()).toString());
        orCreateAuthContext.incrementTriesCount();
        trace(new StringBuffer("Tries count after increment = ").append(orCreateAuthContext.getTriesUsed()).toString());
        if (orCreateAuthContext.isLocked()) {
            trace("The context is locked => locked page ");
            generateLockedPage(httpServletRequest, httpServletResponse);
        } else {
            trace("The context is not locked => try again ");
            buildUnauthorizedResponse(httpServletRequest, httpServletResponse, orCreateAuthContext.getTriesUsed() + 1);
        }
    }

    private void redirectToFirstPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAppUser iAppUser) throws IOException, ServletException {
        String firstPage = iAppUser.getFirstPage();
        if (firstPage == null) {
            firstPage = TelosysAUTH.getFirstPage();
            if (firstPage == null) {
                firstPage = "/";
                trace(new StringBuffer("No default application first page, use context root '").append(firstPage).append("'").toString());
            } else {
                trace(new StringBuffer("Standard application first page = '").append(firstPage).append("'").toString());
            }
        } else {
            trace(new StringBuffer("User first page = '").append(firstPage).append("'").toString());
        }
        sendRedirect(httpServletRequest, httpServletResponse, firstPage);
    }

    private void redirectToLoggedOutPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        trace("gotoLoggedOutPage");
        String contextPage = getContextPage(Auth.getConfig().getLoggedOutPage());
        if (contextPage != null) {
            sendRedirect(httpServletRequest, httpServletResponse, contextPage);
        } else {
            sendRedirect(httpServletRequest, httpServletResponse, getContextPage(BASIC_AUTH_LOGOUT_PATH));
        }
    }

    private boolean isBasicAuthLoginURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer("isBasicAuthLoginURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        return httpServletRequest.getRequestURI().startsWith(new StringBuffer(String.valueOf(httpServletRequest.getContextPath())).append(BASIC_AUTH_LOGIN_PATH).toString());
    }

    private boolean isBasicAuthLogoutURL(HttpServletRequest httpServletRequest) {
        trace(new StringBuffer("isBasicAuthLogoutURL('").append(httpServletRequest.getRequestURI()).append("').").toString());
        return httpServletRequest.getRequestURI().startsWith(new StringBuffer(String.valueOf(httpServletRequest.getContextPath())).append(BASIC_AUTH_LOGOUT_PATH).toString());
    }

    private String getTokenFromURI(HttpServletRequest httpServletRequest) {
        String substring;
        int indexOf;
        String str = "";
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf2 = requestURI.indexOf(BASIC_AUTH_LOGIN_PATH);
        if (indexOf2 >= 0 && (indexOf = (substring = requestURI.substring(indexOf2 + BASIC_AUTH_LOGIN_PATH.length())).indexOf(47)) > 0) {
            str = substring.substring(0, indexOf);
        }
        return str;
    }

    private String getNewToken() {
        return new StringBuffer(TOKEN_PREFIX).append(new Date().getTime()).toString();
    }

    private void redirectToBasicAuthLoginURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String fullURL = getFullURL(httpServletRequest, new StringBuffer(BASIC_AUTH_LOGIN_PATH).append(getNewToken()).append("/login").toString());
        trace(new StringBuffer("sendRedirect to Login URL -> ").append(fullURL).toString());
        httpServletResponse.sendRedirect(fullURL);
    }

    private void buildUnauthorizedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        PrintWriter printWriter;
        trace("buildAuthenticateResponse()... ");
        WebUtil.noCache(httpServletResponse);
        TelosysAUTH.getRealmName();
        httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer("Basic realm=\"").append(new StringBuffer(String.valueOf(TelosysAUTH.getRealmName() != null ? TelosysAUTH.getRealmName() : Telosys.getWebAppName() != null ? Telosys.getWebAppName() : httpServletRequest.getContextPath())).append(" ( ").append(i).append("/").append(getLoginMaxTries()).append(" ) - [").append(getTokenFromURI(httpServletRequest)).append("]").toString()).append("\"").toString());
        httpServletResponse.setStatus(401);
        try {
            printWriter = httpServletResponse.getWriter();
        } catch (IOException e) {
            printWriter = null;
        }
        if (printWriter != null) {
            printWriter.println("<html>");
            printWriter.println("<head><title>Authentication</title></head>");
            printWriter.println("<body>Authentication required</body>");
            printWriter.println("</html>");
            printWriter.close();
        }
    }

    private LoginUser getUserFromBasicAuthRequest(HttpServletRequest httpServletRequest) {
        String str;
        int indexOf;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.toLowerCase().startsWith("basic ") && (indexOf = (str = new String(Base64.decode(header.substring(6).trim().getBytes()))).indexOf(58)) >= 0) {
            return Auth.createLoginUser(str.substring(0, indexOf).trim(), str.substring(indexOf + 1).trim(), httpServletRequest);
        }
        return null;
    }
}
