package com.enginframe.rest;

import com.enginframe.common.authorization.AuthenticationManager;
import com.enginframe.common.context.ContextUtils;
import com.enginframe.common.license.LicenseException;
import com.enginframe.common.license.LicenseManager;
import com.enginframe.common.utils.Utils;
import com.enginframe.server.utils.ServerUtils;
import com.hazelcast.internal.metrics.MetricDescriptorConstants;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/rest/RestFilter.class */
public class RestFilter implements Filter {
    public static final String EFTOKEN = "eftoken";

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        RestUtils.log().debug(MetricDescriptorConstants.EXECUTOR_METRIC_STARTED);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isOpenAPI(httpServletRequest)) {
            RestUtils.log().debug("Continuing OpenAPI request: " + httpServletRequest.getPathInfo());
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!RestUtils.isDownload(httpServletRequest) && !RestUtils.isREST(httpServletRequest)) {
            RestUtils.log().debug(String.format("%s is being managed elsewhere", httpServletRequest.getServletPath()));
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        RestUtils.log().debug(String.format("%s is being managed here", httpServletRequest.getServletPath()));
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isEmpty(header) || !header.startsWith("Bearer ")) {
            if (!RestUtils.isDownload(httpServletRequest)) {
                sendUnauthorized("Trying to use REST API without a Bearer token. Please read the REST API development guide.", httpServletResponse);
                return;
            } else {
                RestUtils.log().debug("Classic download request, moving forward");
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        String trim = header.substring("Bearer ".length()).trim();
        AuthenticationManager authenticationManager = (AuthenticationManager) Utils.locate(AuthenticationManager.class);
        RestHttpServletRequest restHttpServletRequest = new RestHttpServletRequest(httpServletRequest);
        restHttpServletRequest.addParameter("_token", trim);
        restHttpServletRequest.getSession().setAttribute(ServerUtils.AUTHORITY, EFTOKEN);
        if (authenticationManager.isAuthenticated(restHttpServletRequest, EFTOKEN)) {
            RestUtils.log().debug("Token is authenticated");
            doFilter(filterChain, restHttpServletRequest, httpServletResponse);
            return;
        }
        RestUtils.log().debug("Token is not authenticated, running it through the authentication system");
        if (!authenticationManager.authenticate("//com.efportal.rest/login", restHttpServletRequest, httpServletResponse, EFTOKEN).isAuthorized()) {
            sendUnauthorized(String.format("Token %s is not valid or expired", trim), httpServletResponse);
        } else {
            RestUtils.log().debug("Token was authenticated, user added to session");
            doFilter(filterChain, restHttpServletRequest, httpServletResponse);
        }
    }

    private void sendUnauthorized(String str, HttpServletResponse httpServletResponse) throws IOException {
        RestUtils.log().error(str);
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(401);
        httpServletResponse.getWriter().append((CharSequence) RestUtils.asJsonString("Authentication Error", str)).flush();
    }

    private void doFilter(FilterChain filterChain, RestHttpServletRequest restHttpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            try {
                ContextUtils.getContext().setUser(ServerUtils.getUserFrom(restHttpServletRequest));
                ((LicenseManager) Utils.locate(LicenseManager.class)).getToken((HttpServletRequest) restHttpServletRequest);
                filterChain.doFilter(restHttpServletRequest, httpServletResponse);
                logout();
            } catch (LicenseException e) {
                sendUnauthorized(e.getMessage(), httpServletResponse);
                logout();
            }
        } catch (Throwable th) {
            logout();
            throw th;
        }
    }

    private void logout() {
        HttpServletRequest request = ContextUtils.getContext().getRequest();
        request.setAttribute(ServerUtils.LOGOUT_ALREADY_PERFORMED, Boolean.TRUE);
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.setAttribute(ServerUtils.LOGOUT_ALREADY_PERFORMED, Boolean.TRUE);
            session.invalidate();
            RestUtils.log().debug("Session invalidated");
        }
        HttpServletResponse response = ContextUtils.getContext().getResponse();
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                cookie.setMaxAge(0);
                cookie.setPath("/" + Utils.getRootContext());
                response.addCookie(cookie);
            }
        }
    }

    private boolean isOpenAPI(HttpServletRequest httpServletRequest) {
        String format = String.format("%s%s", httpServletRequest.getServletPath(), httpServletRequest.getPathInfo());
        return format.endsWith("/rest/openapi.json") || format.endsWith("/rest/openapi.yaml");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        RestUtils.log().debug("ended");
    }
}
