package org.eclipse.dirigible.oauth.filters;

import java.io.IOException;
import java.util.Iterator;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.dirigible.api.v3.security.UserFacade;
import org.eclipse.dirigible.commons.api.context.ContextException;
import org.eclipse.dirigible.commons.api.context.ThreadContextFacade;
import org.eclipse.dirigible.core.security.api.AccessException;
import org.eclipse.dirigible.core.security.api.ISecurityCoreService;
import org.eclipse.dirigible.core.security.definition.AccessDefinition;
import org.eclipse.dirigible.core.security.service.SecurityCoreService;
import org.eclipse.dirigible.core.security.verifier.AccessVerifier;
import org.eclipse.dirigible.oauth.utils.JwtUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebFilter(urlPatterns = {"/services/v3/*", "/public/v3/*", "/websockets/v3/*", "/services/v4/*", "/public/v4/*", "/websockets/v4/*", "/odata/v2/*"}, filterName = "XSUAA Security Filter", description = "Check all URIs for the permissions")
/* loaded from: input_file:WEB-INF/lib/dirigible-security-oauth-7.2.0.jar:org/eclipse/dirigible/oauth/filters/OAuthFilter.class */
public class OAuthFilter extends AbstractOAuthFilter {
    private static final String PUBLIC = "public";
    private static final String SERVICES_V3_PUBLIC = "/services/v3/public";
    private static final String SERVICES_V4_PUBLIC = "/services/v4/public";
    private static final String SERVICES_V4_OAUTH = "/services/v4/oauth";
    private static final String SERVICES_V4_WEB_RESOURCES = "/services/v4/web/resources";
    private static final String SERVICES_V4_HEALTHCHECK = "/services/v4/healthcheck";
    private static final String SERVICES_V4_JS_RESOURCES_CORE = "/services/v4/js/resources-core/services/loader.js";
    private static final String UNAUTHORIZED_MESSAGE = "No logged in user";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OAuthFilter.class);
    private static ISecurityCoreService securityCoreService = new SecurityCoreService();

    @Override // org.eclipse.dirigible.oauth.filters.AbstractOAuthFilter
    protected void filter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = null;
        if (!isPublicEnabledAccess(servletRequest) && !isOAuth(servletRequest) && !isPublicResource(servletRequest)) {
            str = JwtUtils.getJwt(servletRequest);
            if (str == null || (str != null && str.equals(""))) {
                authenticate(servletRequest, servletResponse);
                return;
            }
            if (!JwtUtils.isValidJwt(servletRequest, str)) {
                if (JwtUtils.isExpiredJwt(servletRequest, str)) {
                    authenticate(servletRequest, servletResponse);
                    return;
                } else {
                    unauthorized(servletRequest, servletResponse, "No logged in user");
                    return;
                }
            }
            if (JwtUtils.isExpiredJwt(servletRequest, str)) {
                authenticate(servletRequest, servletResponse);
                return;
            }
        }
        try {
            try {
                ThreadContextFacade.setUp();
                ThreadContextFacade.set(HttpServletRequest.class.getCanonicalName(), servletRequest);
                ThreadContextFacade.set(HttpServletResponse.class.getCanonicalName(), servletResponse);
                if (str != null) {
                    UserFacade.setName(JwtUtils.getClaim(str).getUserName());
                }
                filterChain.doFilter(servletRequest, servletResponse);
                ThreadContextFacade.tearDown();
            } catch (Throwable th) {
                ThreadContextFacade.tearDown();
                throw th;
            }
        } catch (ContextException e) {
            if (logger.isInfoEnabled()) {
                logger.info("Error while setting userName from XSUAA Filter.", (Throwable) e);
            }
        }
    }

    private boolean isPublicEnabledAccess(ServletRequest servletRequest) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.startsWith(SERVICES_V3_PUBLIC) && !requestURI.startsWith(SERVICES_V4_PUBLIC)) {
            return false;
        }
        try {
            Iterator<AccessDefinition> it = AccessVerifier.getMatchingAccessDefinitions(securityCoreService, "HTTP", requestURI.substring(requestURI.indexOf("public") + "public".length()), httpServletRequest.getMethod()).iterator();
            while (it.hasNext()) {
                if (it.next().getRole().equalsIgnoreCase(ISecurityCoreService.ROLE_PUBLIC)) {
                    return true;
                }
            }
            return false;
        } catch (ServletException | AccessException e) {
            if (!logger.isErrorEnabled()) {
                return false;
            }
            logger.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    private boolean isOAuth(ServletRequest servletRequest) {
        return ((HttpServletRequest) servletRequest).getRequestURI().startsWith(SERVICES_V4_OAUTH);
    }

    private boolean isPublicResource(ServletRequest servletRequest) {
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        return requestURI.startsWith(SERVICES_V4_WEB_RESOURCES) || requestURI.startsWith(SERVICES_V4_HEALTHCHECK) || requestURI.startsWith(SERVICES_V4_JS_RESOURCES_CORE);
    }

    @Override // org.eclipse.dirigible.oauth.filters.AbstractOAuthFilter
    protected Logger getLogger() {
        return logger;
    }
}
