package org.mycore.frontend.filter;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.frontend.MCRFrontendUtil;
import org.mycore.frontend.support.MCRSecureTokenV2;

/* loaded from: input_file:org/mycore/frontend/filter/MCRSecureTokenV2Filter.class */
public class MCRSecureTokenV2Filter implements Filter {
    private static final Logger LOGGER = LogManager.getLogger();
    private boolean filterEnabled = true;
    private String hashParameter;
    private String sharedSecret;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterEnabled = MCRSecureTokenV2FilterConfig.isFilterEnabled();
        this.hashParameter = MCRSecureTokenV2FilterConfig.getHashParameterName();
        this.sharedSecret = MCRSecureTokenV2FilterConfig.getSharedSecret();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest;
        String pathInfo;
        if (!this.filterEnabled || (pathInfo = (httpServletRequest = (HttpServletRequest) servletRequest).getPathInfo()) == null || !MCRSecureTokenV2FilterConfig.requireHash(pathInfo) || validateSecureToken(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).sendError(403);
            LOGGER.warn("Access to {} forbidden by secure token check.", pathInfo);
        }
    }

    private boolean validateSecureToken(HttpServletRequest httpServletRequest) throws ServletException {
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            LOGGER.warn("Request contains no parameters {}.", httpServletRequest.getRequestURL());
        }
        String parameter = httpServletRequest.getParameter(this.hashParameter);
        if (parameter == null) {
            LOGGER.warn("Could not find parameter '{}' in request {}.", this.hashParameter, httpServletRequest.getRequestURL().append('?').append(queryString));
            return false;
        }
        String[] split = Pattern.compile("&").split(queryString);
        String[] strArr = new String[split.length - 1];
        for (int length = split.length - 1; length > -1; length--) {
            if (split[length].startsWith(this.hashParameter + "=")) {
                removeElement(split, strArr, length);
            }
        }
        MCRSecureTokenV2 mCRSecureTokenV2 = new MCRSecureTokenV2(httpServletRequest.getPathInfo().substring(1), MCRFrontendUtil.getRemoteAddr(httpServletRequest), this.sharedSecret, strArr);
        try {
            LOGGER.info(mCRSecureTokenV2.toURI(MCRFrontendUtil.getBaseURL() + "servlets/MCRFileNodeServlet/", this.hashParameter));
            return parameter.equals(mCRSecureTokenV2.getHash());
        } catch (URISyntaxException e) {
            throw new ServletException(e);
        }
    }

    private static void removeElement(String[] strArr, String[] strArr2, int i) {
        if (i == 0) {
            return;
        }
        System.arraycopy(strArr, 0, strArr2, 0, i - 1);
        if (i < strArr.length - 1) {
            System.arraycopy(strArr, i + 1, strArr2, i, (strArr.length - 1) - i);
        }
    }

    public void destroy() {
    }
}
