package fr.paris.lutece.plugins.mylutece.web.security;

import fr.paris.lutece.plugins.mylutece.service.security.AuthenticationFilterService;
import fr.paris.lutece.portal.service.message.SiteMessageException;
import fr.paris.lutece.portal.service.message.SiteMessageService;
import fr.paris.lutece.portal.service.security.LuteceUser;
import fr.paris.lutece.portal.service.security.SecurityService;
import fr.paris.lutece.portal.service.security.UserNotSignedException;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.web.PortalJspBean;
import fr.paris.lutece.util.url.UrlItem;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:fr/paris/lutece/plugins/mylutece/web/security/MyluteceAuthFilter.class */
public class MyluteceAuthFilter implements Filter {
    private static final String URL_INTERROGATIVE = "?";
    private static final String URL_AMPERSAND = "&";
    private static final String URL_EQUAL = "=";
    private static final String URL_STAR = "*";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (SecurityService.isAuthenticationEnable() && SecurityService.getInstance().isPortalAuthenticationRequired() && isPrivateUrl(httpServletRequest)) {
            try {
                filterAccess(httpServletRequest);
            } catch (UserNotSignedException e) {
                if (!SecurityService.getInstance().isExternalAuthentication() || SecurityService.getInstance().isMultiAuthenticationSupported()) {
                    httpServletResponse.sendRedirect(PortalJspBean.redirectLogin(httpServletRequest));
                    return;
                }
                try {
                    SiteMessageService.setMessage(httpServletRequest, "portal.users.message.user.not.authenticated", (Object[]) null, "portal.users.message.user.not.authenticated", (String) null, "", 5);
                    return;
                } catch (SiteMessageException e2) {
                    httpServletResponse.sendRedirect(AppPathService.getSiteMessageUrl(httpServletRequest));
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean isPrivateUrl(HttpServletRequest httpServletRequest) {
        return (isInSiteMessageUrl(httpServletRequest) || isInPublicUrlList(httpServletRequest)) ? false : true;
    }

    private static void filterAccess(HttpServletRequest httpServletRequest) throws UserNotSignedException {
        if (SecurityService.getInstance().isExternalAuthentication() && !SecurityService.getInstance().isMultiAuthenticationSupported()) {
            if (SecurityService.getInstance().getRegisteredUser(httpServletRequest) == null && SecurityService.getInstance().getRemoteUser(httpServletRequest) == null && SecurityService.getInstance().isPortalAuthenticationRequired()) {
                throw new UserNotSignedException();
            }
            return;
        }
        LuteceUser registeredUser = SecurityService.getInstance().getRegisteredUser(httpServletRequest);
        if (registeredUser == null) {
            if (SecurityService.getInstance().isMultiAuthenticationSupported()) {
                registeredUser = SecurityService.getInstance().getRemoteUser(httpServletRequest);
            }
            if (registeredUser == null) {
                throw new UserNotSignedException();
            }
        }
    }

    private boolean isInSiteMessageUrl(HttpServletRequest httpServletRequest) {
        return matchUrl(httpServletRequest, AppPathService.getSiteMessageUrl(httpServletRequest));
    }

    private boolean isInPublicUrlList(HttpServletRequest httpServletRequest) {
        Iterator<String> it = AuthenticationFilterService.getInstance().getPublicUrls().iterator();
        while (it.hasNext()) {
            if (matchUrl(httpServletRequest, it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean matchUrl(HttpServletRequest httpServletRequest, String str) {
        boolean z = false;
        if (str != null) {
            UrlItem urlItem = new UrlItem(getResquestedUrl(httpServletRequest));
            if (str.contains(URL_INTERROGATIVE)) {
                for (String str2 : str.substring(str.indexOf(URL_INTERROGATIVE) + 1).split(URL_AMPERSAND)) {
                    String[] split = str2.split(URL_EQUAL);
                    if (split != null && httpServletRequest.getParameter(split[0]) != null) {
                        urlItem.addParameter(split[0], httpServletRequest.getParameter(split[0]));
                    }
                }
            }
            z = str.contains(URL_STAR) ? urlItem.getUrl().startsWith(getAbsoluteUrl(httpServletRequest, str.substring(0, str.indexOf(URL_STAR)))) : urlItem.getUrl().equals(getAbsoluteUrl(httpServletRequest, str));
        }
        return z;
    }

    private String getAbsoluteUrl(HttpServletRequest httpServletRequest, String str) {
        return (str == null || str.startsWith("http://") || str.startsWith("https://")) ? str : AppPathService.getBaseUrl(httpServletRequest) + str;
    }

    private String getResquestedUrl(HttpServletRequest httpServletRequest) {
        return AppPathService.getBaseUrl(httpServletRequest) + httpServletRequest.getServletPath().substring(1);
    }
}
