package org.wso2.carbon.ui;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceReference;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.ui.deployment.beans.CarbonUIDefinitions;

/* loaded from: input_file:org/wso2/carbon/ui/CarbonSecuredHttpContext.class */
public class CarbonSecuredHttpContext extends SecuredComponentEntryHttpContext {
    public static String LOGGED_USER = "logged-user";
    private static Log log = LogFactory.getLog(CarbonSecuredHttpContext.class);
    private Bundle bundle;

    public CarbonSecuredHttpContext(Bundle bundle, String str, Registry registry) {
        super(bundle, str);
        this.bundle = null;
        this.registry = registry;
        this.bundle = bundle;
    }

    public boolean handleSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String replaceFirst;
        int indexOf;
        boolean authenticate;
        ServiceReference serviceReference;
        CarbonUIDefinitions carbonUIDefinitions;
        String requestURI = httpServletRequest.getRequestURI();
        boolean z = false;
        try {
            HttpSession session = httpServletRequest.getSession();
            String id = session.getId();
            Boolean bool = (Boolean) session.getAttribute("authenticated");
            if (bool != null) {
                z = bool.booleanValue();
            }
            if (requestURI.equals("/")) {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println("<html>");
                writer.println("<body>");
                writer.println("<b>Available contexts</b>");
                writer.println("<li><a href=\"./carbon\">carbon</a></li>");
                writer.println("</body>");
                writer.println("</html>");
                writer.flush();
                return false;
            }
            String str = "";
            if (requestURI.startsWith("/carbon") && !requestURI.startsWith("/carbon/carbon/")) {
                requestURI = requestURI;
            } else if (requestURI.indexOf("filedownload") == -1 && requestURI.indexOf("fileupload") == -1 && (indexOf = (replaceFirst = requestURI.replaceFirst("/", "")).indexOf("/")) > -1) {
                str = replaceFirst.substring(0, indexOf);
                requestURI = str.equals("registry") ? requestURI : requestURI.substring(indexOf + 1);
            }
            if (!httpServletRequest.isSecure() && !requestURI.endsWith(".html")) {
                if (requestURI.endsWith(".css") || requestURI.endsWith(".gif") || requestURI.endsWith(".GIF") || requestURI.endsWith(".jpg") || requestURI.endsWith(".JPG") || requestURI.endsWith(".png") || requestURI.endsWith(".PNG") || requestURI.endsWith(".xsl") || requestURI.endsWith(".xslt") || requestURI.endsWith(".js") || requestURI.endsWith(".ico") || requestURI.endsWith("/filedownload") || requestURI.endsWith("/fileupload") || requestURI.indexOf("/fileupload/") > -1 || requestURI.indexOf("admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp") > -1 || requestURI.indexOf("registry/atom") > -1 || requestURI.indexOf("registry/resource") > -1) {
                    return true;
                }
                session.getServletContext();
                String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
                if (adminConsoleURL != null) {
                    if (log.isTraceEnabled()) {
                        log.trace("Request came to admin console via http.Forwarding to : " + adminConsoleURL);
                    }
                    httpServletResponse.sendRedirect(adminConsoleURL);
                    return false;
                }
            }
            String replaceFirst2 = requestURI.replaceFirst("/carbon/", "../");
            if (log.isDebugEnabled()) {
                log.debug("CarbonSecuredHttpContext -> handleSecurity() requestURI:" + requestURI + " id:" + id + " resourceURI:" + replaceFirst2);
            }
            HashMap<String, String> hashMap = new HashMap<>();
            if (this.bundle != null && (serviceReference = this.bundle.getBundleContext().getServiceReference(CarbonUIDefinitions.class.getName())) != null && (carbonUIDefinitions = (CarbonUIDefinitions) this.bundle.getBundleContext().getService(serviceReference)) != null) {
                hashMap = carbonUIDefinitions.getUnauthenticatedUrls();
            }
            if (!hashMap.isEmpty() && hashMap.containsKey(replaceFirst2)) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("By passing authentication check for URI : " + replaceFirst2);
                return true;
            }
            if (requestURI.indexOf("login.jsp") > -1 || requestURI.indexOf("admin/layout/template.jsp") > -1 || requestURI.endsWith("/filedownload") || requestURI.endsWith("/fileupload") || requestURI.indexOf("/fileupload/") > -1 || requestURI.indexOf("admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp") > -1) {
                if (requestURI.indexOf("login.jsp") <= -1 || !z) {
                    return true;
                }
                httpServletResponse.sendRedirect("/carbon/admin/index.jsp");
                return true;
            }
            if (requestURI.indexOf("login_action.jsp") > -1) {
                String parameter = httpServletRequest.getParameter("username");
                String parameter2 = httpServletRequest.getParameter("password");
                String parameter3 = httpServletRequest.getParameter("ssoSessionId");
                try {
                    if (parameter3 == null || parameter2 != null) {
                        authenticate = authenticate(parameter, parameter2, httpServletRequest);
                    } else {
                        HttpSession session2 = httpServletRequest.getSession(false);
                        String str2 = (String) session.getAttribute(LOGGED_USER);
                        if (session2 != null && str2 != null) {
                            session2.removeAttribute(MenuAdminClient.USER_MENU_ITEMS);
                        }
                        authenticate = authenticate(parameter, parameter3, httpServletRequest);
                    }
                    if (authenticate) {
                        session.setAttribute("authenticated", Boolean.valueOf(authenticate));
                        httpServletResponse.sendRedirect("../../carbon/admin/index.jsp?loginStatus=true");
                        session.setAttribute(LOGGED_USER, parameter);
                    } else {
                        httpServletResponse.sendRedirect("../../carbon/admin/login.jsp?loginStatus=false");
                    }
                    return false;
                } catch (Exception e) {
                    log.error("error occurred while login", e);
                    httpServletResponse.sendRedirect("../../carbon/admin/login.jsp?loginStatus=failed");
                    return false;
                }
            }
            if (requestURI.indexOf("logout_action.jsp") > 1) {
                unauthenticate(httpServletRequest);
                if (httpServletRequest.getSession(false) != null) {
                    session.removeAttribute(LOGGED_USER);
                    try {
                        session.invalidate();
                    } catch (Exception e2) {
                    }
                }
                httpServletResponse.sendRedirect("../../carbon/admin/index.jsp");
                return false;
            }
            if (requestURI.endsWith("/carbon/")) {
                httpServletResponse.sendRedirect("./admin/index.jsp");
                return false;
            }
            if (requestURI.indexOf("/registry/atom") == -1 && requestURI.endsWith("/carbon")) {
                String str3 = "/carbon/admin/index.jsp";
                if (str != "" && str.trim().length() > 0) {
                    str3 = "/" + str + str3;
                }
                httpServletResponse.sendRedirect(str3);
                return false;
            }
            if (requestURI.endsWith(".css") || requestURI.endsWith(".gif") || requestURI.endsWith(".GIF") || requestURI.endsWith(".jpg") || requestURI.endsWith(".JPG") || requestURI.endsWith(".png") || requestURI.endsWith(".PNG") || requestURI.endsWith(".xsl") || requestURI.endsWith(".xslt") || requestURI.endsWith(".js") || requestURI.startsWith("/registry") || requestURI.endsWith(".html") || requestURI.endsWith(".ico")) {
                return true;
            }
            if (requestURI.endsWith(".jsp") && z) {
                return true;
            }
            if (z) {
                if (!httpServletRequest.getSession().isNew()) {
                    return true;
                }
                httpServletResponse.sendRedirect("../admin/login.jsp");
                return false;
            }
            if (requestURI.endsWith("ajaxprocessor.jsp")) {
                return true;
            }
            if (!requestURI.endsWith("admin/error.jsp")) {
                String queryString = httpServletRequest.getQueryString();
                httpServletRequest.getSession(false).setAttribute("requestedUri", "../.." + (queryString != null ? requestURI + "?" + queryString : requestURI));
            }
            httpServletResponse.sendRedirect("../admin/login.jsp");
            return false;
        } catch (Exception e3) {
            return false;
        }
    }
}
