package io.hawt.web;

import io.hawt.system.ConfigManager;
import io.hawt.system.HawtioProperty;
import io.hawt.system.Helpers;
import io.hawt.util.Strings;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.5.8.jar:io/hawt/web/SessionExpiryFilter.class */
public class SessionExpiryFilter implements Filter {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) SessionExpiryFilter.class);
    private static final String[] ignoredPaths = {"jolokia", "proxy"};
    private List<String> ignoredPathList;
    private ServletContext context;
    private boolean noCredentials401;
    private int pathIndex;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.ignoredPathList = Arrays.asList(ignoredPaths);
        this.context = filterConfig.getServletContext();
        ConfigManager configManager = (ConfigManager) this.context.getAttribute("ConfigManager");
        if (configManager != null) {
            this.noCredentials401 = Boolean.parseBoolean(configManager.get("noCredentials401", "false"));
        }
        String str = (String) filterConfig.getServletContext().getAttribute(HawtioProperty.SERVLET_PATH);
        if (str == null) {
            this.pathIndex = 0;
        } else {
            this.pathIndex = Strings.webContextPath(str, new String[0]).replaceAll("[^/]+", "").length();
        }
        if (System.getProperty(AuthenticationFilter.HAWTIO_NO_CREDENTIALS_401) != null) {
            this.noCredentials401 = Boolean.getBoolean(AuthenticationFilter.HAWTIO_NO_CREDENTIALS_401);
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            process((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void writeOk(HttpServletResponse httpServletResponse) throws IOException, ServletException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write("ok".getBytes());
            outputStream.flush();
        } finally {
            outputStream.close();
        }
    }

    private void updateLastAccess(HttpSession httpSession, long j) {
        httpSession.setAttribute("LastAccess", Long.valueOf(j));
        LOG.debug("Reset LastAccess to: {}", Long.valueOf(j));
    }

    private void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.context == null || this.context.getAttribute("authenticationEnabled") == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        boolean booleanValue = ((Boolean) this.context.getAttribute("authenticationEnabled")).booleanValue();
        RelativeRequestUri relativeRequestUri = new RelativeRequestUri(httpServletRequest, this.pathIndex);
        LOG.debug("Accessing [{}], hawtio path is [{}]", httpServletRequest.getRequestURI(), relativeRequestUri.getUri());
        if (relativeRequestUri.getComponents().length == 0) {
            if (session != null) {
                updateLastAccess(session, System.currentTimeMillis());
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String str = relativeRequestUri.getComponents()[0];
        if (session != null && session.getMaxInactiveInterval() >= 0) {
            int maxInactiveInterval = session.getMaxInactiveInterval();
            long currentTimeMillis = System.currentTimeMillis();
            if (session.getAttribute("LastAccess") != null) {
                long longValue = (currentTimeMillis - ((Long) session.getAttribute("LastAccess")).longValue()) / 1000;
                LOG.debug("Session expiry: {}s, duration since last access: {}s", Integer.valueOf(maxInactiveInterval), Long.valueOf(longValue));
                if (longValue > maxInactiveInterval) {
                    LOG.info("Expiring session due to inactivity");
                    session.invalidate();
                    Helpers.doForbidden(httpServletResponse);
                    return;
                }
            }
            if (str.equals("refresh")) {
                updateLastAccess(session, currentTimeMillis);
                writeOk(httpServletResponse);
                return;
            }
            LOG.debug("SubContext: {}", str);
            if (!this.ignoredPathList.contains(str) || session.getAttribute("LastAccess") == null) {
                updateLastAccess(session, currentTimeMillis);
            } else {
                LOG.debug("Not updating LastAccess");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (str.equals("refresh") && !booleanValue) {
            LOG.debug("Authentication disabled, received refresh response, responding with ok");
            writeOk(httpServletResponse);
            return;
        }
        if (!booleanValue) {
            LOG.debug("Authentication disabled, allowing request");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.noCredentials401 && str.equals("jolokia")) {
            LOG.debug("Authentication enabled, noCredentials401 is true, allowing request for {}", str);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (str.equals("jolokia") || str.equals("proxy") || str.equals("user") || str.equals("exportContext") || str.equals("contextFormatter") || str.equals("upload")) {
            LOG.debug("Authentication enabled, denying request for {}", str);
            Helpers.doForbidden(httpServletResponse);
        } else {
            LOG.debug("Authentication enabled, but allowing request for {}", str);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
