package fr.paris.lutece.portal.web.user;

import fr.paris.lutece.portal.service.admin.AccessDeniedException;
import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
import fr.paris.lutece.portal.service.message.AdminMessageService;
import fr.paris.lutece.portal.service.security.UserNotSignedException;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.portal.web.constants.Messages;
import fr.paris.lutece.portal.web.constants.Parameters;
import fr.paris.lutece.util.url.UrlItem;
import java.io.IOException;
import java.util.Enumeration;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:fr/paris/lutece/portal/web/user/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final String PROPERTY_URL_PREFIX = "path.jsp.admin.public.";
    private static final String PROPERTY_URL_SUFFIX_LIST = "list";
    private static final String CONSTANT_LIST_SEPARATOR = ",";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String messageUrl;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        AppLogService.debug("lutece.authentication", "Accessing url : " + getResquestedUrl(httpServletRequest));
        if (isPrivateUrl(httpServletRequest)) {
            try {
                filterAccess(httpServletRequest);
            } catch (AccessDeniedException e) {
                AppLogService.debug("lutece.authentication", "Access NOT granted to url : " + getResquestedUrl(httpServletRequest));
                httpServletResponse.sendRedirect(getAbsoluteUrl(httpServletRequest, AdminMessageService.getMessageUrl(httpServletRequest, Messages.MESSAGE_AUTH_FAILURE, getRedirectUrl(httpServletRequest), 2)));
            } catch (UserNotSignedException e2) {
                if (AdminAuthenticationService.getInstance().isExternalAuthentication()) {
                    AppLogService.debug("lutece.authentication", "New session behind external authentication : " + getResquestedUrl(httpServletRequest));
                    messageUrl = AdminMessageService.getMessageUrl(httpServletRequest, Messages.MESSAGE_USER_NEW_SESSION, AppPathService.getAdminMenuUrl(), 0);
                } else {
                    AppLogService.debug("lutece.authentication", "Access NOT granted to url : " + getResquestedUrl(httpServletRequest));
                    messageUrl = AdminMessageService.getMessageUrl(httpServletRequest, Messages.MESSAGE_USER_NOT_AUTHENTICATED, getRedirectUrl(httpServletRequest), 3);
                }
                httpServletResponse.sendRedirect(getAbsoluteUrl(httpServletRequest, messageUrl));
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private String getRedirectUrl(HttpServletRequest httpServletRequest) {
        UrlItem urlItem = new UrlItem(getLoginUrl(httpServletRequest));
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!str.equals(Parameters.ACCESS_CODE) && !str.equals(Parameters.PASSWORD)) {
                urlItem.addParameter(str, httpServletRequest.getParameter(str));
            }
        }
        return urlItem.getUrl();
    }

    private String getLoginUrl(HttpServletRequest httpServletRequest) {
        return getAbsoluteUrl(httpServletRequest, AdminAuthenticationService.getInstance().getLoginPageUrl());
    }

    private boolean isPrivateUrl(HttpServletRequest httpServletRequest) {
        boolean z = true;
        String resquestedUrl = getResquestedUrl(httpServletRequest);
        if (resquestedUrl.equals(getLoginUrl(httpServletRequest))) {
            z = false;
        } else if (isInPublicUrlList(httpServletRequest, resquestedUrl)) {
            z = false;
        }
        return z;
    }

    private static void filterAccess(HttpServletRequest httpServletRequest) throws UserNotSignedException, AccessDeniedException {
        if (AdminAuthenticationService.getInstance().isExternalAuthentication()) {
            AdminAuthenticationService.getInstance().getRemoteUser(httpServletRequest);
        } else if (AdminAuthenticationService.getInstance().getRegisteredUser(httpServletRequest) == null) {
            throw new UserNotSignedException();
        }
    }

    private boolean isInPublicUrlList(HttpServletRequest httpServletRequest, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(AppPropertiesService.getProperty("path.jsp.admin.public.list"), CONSTANT_LIST_SEPARATOR);
        while (stringTokenizer.hasMoreTokens()) {
            if (str.equals(getAbsoluteUrl(httpServletRequest, AppPropertiesService.getProperty(PROPERTY_URL_PREFIX + stringTokenizer.nextToken())))) {
                return true;
            }
        }
        return false;
    }

    private String getAbsoluteUrl(HttpServletRequest httpServletRequest, String str) {
        return (str == null || str.startsWith("http://") || str.startsWith("https://")) ? str : AppPathService.getBaseUrl(httpServletRequest) + str;
    }

    private String getResquestedUrl(HttpServletRequest httpServletRequest) {
        return AppPathService.getBaseUrl(httpServletRequest) + httpServletRequest.getServletPath().substring(1);
    }
}
