package org.apache.isis.runtimes.dflt.webapp;

import com.google.common.base.Function;
import com.google.common.base.Splitter;
import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.isis.core.commons.authentication.AuthenticationSession;
import org.apache.isis.core.commons.factory.InstanceUtil;
import org.apache.isis.core.commons.lang.PathUtils;
import org.apache.isis.core.runtime.authentication.AuthenticationManager;
import org.apache.isis.core.webapp.content.ResourceCachingFilter;
import org.apache.isis.runtimes.dflt.runtime.system.context.IsisContext;
import org.apache.isis.runtimes.dflt.webapp.auth.AuthenticationSessionStrategy;
import org.apache.isis.runtimes.dflt.webapp.auth.AuthenticationSessionStrategyDefault;

/* loaded from: input_file:org/apache/isis/runtimes/dflt/webapp/IsisSessionFilter.class */
public class IsisSessionFilter implements Filter {
    public static final String AUTHENTICATION_SESSION_STRATEGY_KEY = "authenticationSessionStrategy";
    public static final String LOGON_PAGE_KEY = "logonPage";
    public static final String WHEN_NO_SESSION_KEY = "whenNoSession";
    public static final String RESTRICTED_KEY = "restricted";
    public static final String REDIRECT_TO_ON_EXCEPTION_KEY = "redirectToOnException";
    public static final String IGNORE_EXTENSIONS_KEY = "ignoreExtensions";
    private AuthenticationSessionStrategy authSessionStrategy;
    private List<String> restrictedPaths;
    private WhenNoSession whenNoSession;
    private String redirectToOnException;
    private Collection<Pattern> ignoreExtensions;
    public static final String AUTHENTICATION_SESSION_STRATEGY_DEFAULT = AuthenticationSessionStrategyDefault.class.getName();
    private static final Function<String, Pattern> STRING_TO_PATTERN = new Function<String, Pattern>() { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.1
        public Pattern apply(String str) {
            return Pattern.compile(".*\\." + str);
        }
    };
    private static final String SESSION_STATE_KEY = SessionState.class.getName();

    /* loaded from: input_file:org/apache/isis/runtimes/dflt/webapp/IsisSessionFilter$SessionState.class */
    public enum SessionState {
        UNDEFINED { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.SessionState.1
            @Override // org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.SessionState
            public void handle(IsisSessionFilter isisSessionFilter, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                if (requestIsIgnoreExtension(isisSessionFilter, httpServletRequest)) {
                    try {
                        filterChain.doFilter(servletRequest, servletResponse);
                        closeSession();
                        return;
                    } finally {
                    }
                }
                if (ResourceCachingFilter.isCachedResource(httpServletRequest)) {
                    try {
                        filterChain.doFilter(servletRequest, servletResponse);
                        closeSession();
                        return;
                    } finally {
                    }
                }
                AuthenticationSession lookupValid = isisSessionFilter.authSessionStrategy.lookupValid(servletRequest, servletResponse);
                try {
                    if (lookupValid != null) {
                        isisSessionFilter.authSessionStrategy.bind(servletRequest, servletResponse, lookupValid);
                        openSession(lookupValid);
                        SESSION_IN_PROGRESS.setOn(servletRequest);
                        try {
                            filterChain.doFilter(servletRequest, servletResponse);
                            UNDEFINED.setOn(servletRequest);
                            closeSession();
                            return;
                        } finally {
                            UNDEFINED.setOn(servletRequest);
                            closeSession();
                        }
                    }
                    try {
                        try {
                            NO_SESSION_SINCE_NOT_AUTHENTICATED.setOn(servletRequest);
                            isisSessionFilter.whenNoSession.handle(isisSessionFilter, httpServletRequest, httpServletResponse, filterChain);
                            UNDEFINED.setOn(servletRequest);
                        } catch (IOException e) {
                            if (isisSessionFilter.redirectToOnException == null) {
                                throw e;
                            }
                            IsisSessionFilter.redirect(httpServletRequest, httpServletResponse, isisSessionFilter.redirectToOnException);
                            UNDEFINED.setOn(servletRequest);
                        }
                    } catch (ServletException e2) {
                        if (isisSessionFilter.redirectToOnException == null) {
                            throw e2;
                        }
                        IsisSessionFilter.redirect(httpServletRequest, httpServletResponse, isisSessionFilter.redirectToOnException);
                        UNDEFINED.setOn(servletRequest);
                    } catch (RuntimeException e3) {
                        if (isisSessionFilter.redirectToOnException == null) {
                            throw e3;
                        }
                        IsisSessionFilter.redirect(httpServletRequest, httpServletResponse, isisSessionFilter.redirectToOnException);
                        UNDEFINED.setOn(servletRequest);
                    }
                } catch (Throwable th) {
                    UNDEFINED.setOn(servletRequest);
                    throw th;
                }
            }

            private boolean requestIsIgnoreExtension(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest) {
                String servletPath = httpServletRequest.getServletPath();
                Iterator it = isisSessionFilter.ignoreExtensions.iterator();
                while (it.hasNext()) {
                    if (((Pattern) it.next()).matcher(servletPath).matches()) {
                        return true;
                    }
                }
                return false;
            }
        },
        NO_SESSION_SINCE_REDIRECTING_TO_LOGON_PAGE,
        NO_SESSION_SINCE_NOT_AUTHENTICATED,
        SESSION_IN_PROGRESS;

        static SessionState lookup(ServletRequest servletRequest) {
            Object attribute = servletRequest.getAttribute(IsisSessionFilter.SESSION_STATE_KEY);
            return attribute != null ? (SessionState) attribute : UNDEFINED;
        }

        boolean isValid(AuthenticationSession authenticationSession) {
            return authenticationSession != null && getAuthenticationManager().isSessionValid(authenticationSession);
        }

        void setOn(ServletRequest servletRequest) {
            servletRequest.setAttribute(IsisSessionFilter.SESSION_STATE_KEY, this);
        }

        public void handle(IsisSessionFilter isisSessionFilter, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            filterChain.doFilter(servletRequest, servletResponse);
        }

        AuthenticationManager getAuthenticationManager() {
            return IsisContext.getAuthenticationManager();
        }

        void openSession(AuthenticationSession authenticationSession) {
            IsisContext.openSession(authenticationSession);
        }

        void closeSession() {
            IsisContext.closeSession();
        }
    }

    /* loaded from: input_file:org/apache/isis/runtimes/dflt/webapp/IsisSessionFilter$WhenNoSession.class */
    public enum WhenNoSession {
        UNAUTHORIZED("unauthorized") { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession.1
            @Override // org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession
            public void handle(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                httpServletResponse.sendError(401);
            }
        },
        BASIC_AUTH_CHALLENGE("basicAuthChallenge") { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession.2
            @Override // org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession
            public void handle(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Apache Isis\"");
                httpServletResponse.sendError(401);
            }
        },
        CONTINUE("continue") { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession.3
            @Override // org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession
            public void handle(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        },
        RESTRICTED(IsisSessionFilter.RESTRICTED_KEY) { // from class: org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession.4
            @Override // org.apache.isis.runtimes.dflt.webapp.IsisSessionFilter.WhenNoSession
            public void handle(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
                if (isisSessionFilter.restrictedPaths.contains(httpServletRequest.getServletPath())) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    IsisSessionFilter.redirect(httpServletRequest, httpServletResponse, (String) isisSessionFilter.restrictedPaths.get(0));
                }
            }
        };

        private final String initParamValue;

        WhenNoSession(String str) {
            this.initParamValue = str;
        }

        public static WhenNoSession lookup(String str) {
            for (WhenNoSession whenNoSession : values()) {
                if (whenNoSession.initParamValue.equals(str)) {
                    return whenNoSession;
                }
            }
            throw new IllegalStateException("require an init-param of 'whenNoSession', taking a value of " + values());
        }

        public abstract void handle(IsisSessionFilter isisSessionFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException;
    }

    static void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendRedirect(PathUtils.combine(httpServletRequest.getContextPath(), str));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authSessionStrategy = lookup(filterConfig.getInitParameter(AUTHENTICATION_SESSION_STRATEGY_KEY));
        lookupWhenNoSession(filterConfig);
        lookupRedirectToOnException(filterConfig);
        lookupIgnoreExtensions(filterConfig);
    }

    public static AuthenticationSessionStrategy lookup(String str) {
        if (str == null) {
            str = AUTHENTICATION_SESSION_STRATEGY_DEFAULT;
        }
        return (AuthenticationSessionStrategy) InstanceUtil.createInstance(str);
    }

    private void lookupWhenNoSession(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(WHEN_NO_SESSION_KEY);
        String initParameter2 = filterConfig.getInitParameter(LOGON_PAGE_KEY);
        if (initParameter2 != null) {
            if (initParameter != null) {
                throw new IllegalStateException("The init-param 'logonPage' is only provided for backwards compatibility; remove if the init-param 'whenNoSession' has been specified");
            }
            this.whenNoSession = WhenNoSession.RESTRICTED;
            this.restrictedPaths = Lists.newArrayList(new String[]{initParameter2});
            return;
        }
        this.whenNoSession = WhenNoSession.lookup(initParameter);
        if (this.whenNoSession == WhenNoSession.RESTRICTED) {
            String initParameter3 = filterConfig.getInitParameter(RESTRICTED_KEY);
            if (initParameter3 == null) {
                throw new IllegalStateException("Require an init-param of 'restricted' key to be set.");
            }
            this.restrictedPaths = Lists.newArrayList(Splitter.on(",").split(initParameter3));
        }
    }

    private void lookupRedirectToOnException(FilterConfig filterConfig) {
        this.redirectToOnException = filterConfig.getInitParameter(REDIRECT_TO_ON_EXCEPTION_KEY);
    }

    private void lookupIgnoreExtensions(FilterConfig filterConfig) {
        this.ignoreExtensions = Collections.unmodifiableCollection(parseIgnorePatterns(filterConfig));
    }

    private Collection<Pattern> parseIgnorePatterns(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(IGNORE_EXTENSIONS_KEY);
        return initParameter != null ? Collections2.transform(Lists.newArrayList(Splitter.on(",").split(initParameter)), STRING_TO_PATTERN) : Lists.newArrayList();
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SessionState.lookup(servletRequest).handle(this, servletRequest, servletResponse, filterChain);
    }
}
