package io.hawt.web.auth;

import io.hawt.system.AuthHelpers;
import io.hawt.system.AuthenticateResult;
import io.hawt.system.Authenticator;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-4.0-M1.jar:io/hawt/web/auth/LoginRedirectFilter.class */
public class LoginRedirectFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) LoginRedirectFilter.class);
    public final String ATTRIBUTE_UNSECURED_PATHS = "unsecuredPaths";
    private int timeout;
    private AuthenticationConfiguration authConfiguration;
    private String[] unsecuredPaths;
    private Redirector redirector;

    public LoginRedirectFilter() {
        this(AuthenticationConfiguration.UNSECURED_PATHS);
    }

    public LoginRedirectFilter(String[] strArr) {
        this.ATTRIBUTE_UNSECURED_PATHS = "unsecuredPaths";
        this.redirector = new Redirector();
        this.unsecuredPaths = strArr;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.authConfiguration = AuthenticationConfiguration.getConfiguration(filterConfig.getServletContext());
        this.timeout = AuthSessionHelpers.getSessionTimeout(filterConfig.getServletContext());
        LOG.info("Hawtio loginRedirectFilter is using {} sec. HttpSession timeout", Integer.valueOf(this.timeout));
        Object attribute = filterConfig.getServletContext().getAttribute("unsecuredPaths");
        if (attribute != null) {
            this.unsecuredPaths = (String[]) attribute;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        LOG.trace("Applying {}", getClass().getSimpleName());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isRedirectRequired(httpServletRequest.getSession(false), httpServletRequest.getServletPath(), httpServletRequest)) {
            this.redirector.doRedirect(httpServletRequest, httpServletResponse, AuthenticationConfiguration.LOGIN_URL);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isRedirectRequired(HttpSession httpSession, String str, HttpServletRequest httpServletRequest) {
        return (!this.authConfiguration.isEnabled() || this.authConfiguration.isKeycloakEnabled() || AuthSessionHelpers.isSpringSecurityEnabled() || AuthSessionHelpers.isAuthenticated(httpSession) || !isSecuredPath(str) || tryAuthenticateRequest(httpServletRequest, httpSession)) ? false : true;
    }

    boolean tryAuthenticateRequest(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        return new Authenticator(httpServletRequest, this.authConfiguration).authenticate(subject -> {
            String username = AuthHelpers.getUsername(subject);
            LOG.info("Logging in user: {}", username);
            AuthSessionHelpers.setup(httpSession != null ? httpSession : httpServletRequest.getSession(true), subject, username, this.timeout);
        }) == AuthenticateResult.AUTHORIZED;
    }

    boolean isSecuredPath(String str) {
        Stream stream = Arrays.stream(this.unsecuredPaths);
        Objects.requireNonNull(str);
        return stream.noneMatch(str::startsWith);
    }

    public void destroy() {
    }

    public void setRedirector(Redirector redirector) {
        this.redirector = redirector;
    }
}
