package org.wso2.carbon.ui;

import java.io.IOException;
import java.util.HashMap;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceReference;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.ui.deployment.beans.CarbonUIDefinitions;
import org.wso2.carbon.ui.deployment.beans.Context;

/* loaded from: input_file:org/wso2/carbon/ui/CarbonSecuredHttpContext.class */
public class CarbonSecuredHttpContext extends SecuredComponentEntryHttpContext {
    public static final String LOGGED_USER = "logged-user";
    public static final String CARBON_AUTHNETICATOR = "CarbonAuthenticator";
    private static final Log log = LogFactory.getLog(CarbonSecuredHttpContext.class);
    private Bundle bundle;
    private HashMap<String, String> httpUrlsToBeByPassed;
    private HashMap<String, String> urlsToBeByPassed;
    private String defaultHomePage;
    private Context defaultContext;

    public CarbonSecuredHttpContext(Bundle bundle, String str, UIResourceRegistry uIResourceRegistry, Registry registry) {
        super(bundle, str, uIResourceRegistry);
        this.bundle = null;
        this.httpUrlsToBeByPassed = new HashMap<>();
        this.urlsToBeByPassed = new HashMap<>();
        this.registry = registry;
        this.bundle = bundle;
    }

    public boolean handleSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletRequest.getRequestURI();
        CarbonUIAuthenticator authenticator = CarbonUILoginUtil.getAuthenticator(httpServletRequest);
        CarbonSSOSessionManager carbonSSOSessionManager = CarbonSSOSessionManager.getInstance();
        String requestedUrl = carbonSSOSessionManager.getRequestedUrl(httpServletRequest, authenticator);
        boolean z = false;
        try {
            HttpSession session = httpServletRequest.getSession();
            String id = session.getId();
            Boolean bool = (Boolean) session.getAttribute("authenticated");
            if (bool != null) {
                z = bool.booleanValue();
                if (log.isDebugEnabled()) {
                    log.debug("Is authenticated " + z);
                }
            }
            String contextPath = httpServletRequest.getContextPath();
            if ("/".equals(contextPath)) {
                contextPath = "";
            }
            if (CarbonUILoginUtil.getTenantEnabledUriPattern().matcher(requestedUrl).matches()) {
                log.debug("Tenant webapp request " + requestedUrl);
                return CarbonUILoginUtil.escapeTenantWebAppRequests(z, httpServletResponse, requestedUrl, contextPath);
            }
            if (requestedUrl.indexOf("//") == 0) {
                requestedUrl = requestedUrl.substring(1);
            }
            if (this.httpUrlsToBeByPassed.isEmpty()) {
                populatehttpUrlsToBeByPassed();
            }
            if (requestedUrl.equals(contextPath) || requestedUrl.equals(contextPath + "/")) {
                return handleRequestOnContext(httpServletRequest, httpServletResponse);
            }
            String str = requestedUrl;
            CarbonUILoginUtil.addNewContext(requestedUrl);
            int allowNonSecuredContent = allowNonSecuredContent(requestedUrl, httpServletRequest, httpServletResponse, z, authenticator);
            if (allowNonSecuredContent != 2) {
                if (allowNonSecuredContent == 1) {
                    log.debug("Skipping security check for non secured content. " + requestedUrl);
                    return true;
                }
                log.debug("Security check failed for the resource " + requestedUrl);
                return false;
            }
            String replaceFirst = requestedUrl.replaceFirst("/carbon/", "../");
            if (log.isDebugEnabled()) {
                log.debug("CarbonSecuredHttpContext -> handleSecurity() requestURI:" + requestedUrl + " id:" + id + " resourceURI:" + replaceFirst);
            }
            if (this.urlsToBeByPassed.isEmpty()) {
                populateUrlsToBeBypassed();
            }
            if (isCurrentUrlToBePassed(httpServletRequest, session, replaceFirst)) {
                return true;
            }
            String updateIndexPageWithHomePage = updateIndexPageWithHomePage(CarbonUILoginUtil.getCustomIndexPage(httpServletRequest, CarbonUILoginUtil.getIndexPageUrlFromCookie(requestedUrl, CarbonUIUtil.getIndexPageURL(session.getServletContext(), httpServletRequest.getSession()), httpServletRequest)));
            int handleLoginPageRequest = CarbonUILoginUtil.handleLoginPageRequest(requestedUrl, httpServletRequest, httpServletResponse, z, contextPath, updateIndexPageWithHomePage);
            if (handleLoginPageRequest != 2) {
                return handleLoginPageRequest == 1;
            }
            if (carbonSSOSessionManager.skipAuthentication(httpServletRequest)) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("Skipping security checks for authenticator defined URL " + requestedUrl);
                return true;
            }
            String forcedSignOutRequestedURI = CarbonUILoginUtil.getForcedSignOutRequestedURI(requestedUrl, httpServletRequest);
            String contextPath2 = (httpServletRequest.getContextPath().equals("") || httpServletRequest.getContextPath().equals("/")) ? "" : httpServletRequest.getContextPath();
            String str2 = (String) session.getAttribute("tenantDomain");
            if (str2 != null && !str2.equals("carbon.super")) {
                contextPath2 = contextPath2 + "/t/" + str2;
            }
            String parameter = httpServletRequest.getParameter("gsHttpRequest");
            boolean z2 = false;
            if (authenticator != null && authenticator.skipLoginPage() && forcedSignOutRequestedURI.indexOf("login_action.jsp") < 0 && (forcedSignOutRequestedURI.endsWith("/carbon/") || (forcedSignOutRequestedURI.indexOf("/registry/atom") == -1 && forcedSignOutRequestedURI.endsWith("/carbon")))) {
                httpServletRequest.getSession().setAttribute("skipLoginPage", "true");
            }
            if (httpServletRequest.getSession().getAttribute("skipLoginPage") != null && "true".equals((String) httpServletRequest.getSession().getAttribute("skipLoginPage"))) {
                z2 = true;
            }
            if (forcedSignOutRequestedURI.indexOf("login_action.jsp") > -1 && authenticator != null) {
                return CarbonUILoginUtil.handleLogin(authenticator, httpServletRequest, httpServletResponse, session, z, contextPath2, updateIndexPageWithHomePage, parameter);
            }
            if (forcedSignOutRequestedURI.indexOf("logout_action.jsp") > 1) {
                return CarbonUILoginUtil.handleLogout(authenticator, httpServletRequest, httpServletResponse, session, z, contextPath2, updateIndexPageWithHomePage, parameter);
            }
            if (forcedSignOutRequestedURI.endsWith("/carbon/")) {
                if (z2) {
                    httpServletResponse.sendRedirect(contextPath2 + updateIndexPageWithHomePage + "?skipLoginPage=true");
                    return false;
                }
                httpServletResponse.sendRedirect(contextPath2 + updateIndexPageWithHomePage);
                return false;
            }
            if (forcedSignOutRequestedURI.indexOf("/registry/atom") == -1 && forcedSignOutRequestedURI.endsWith("/carbon")) {
                if (z2) {
                    httpServletResponse.sendRedirect(contextPath2 + updateIndexPageWithHomePage + "?skipLoginPage=true");
                    return false;
                }
                httpServletResponse.sendRedirect(contextPath2 + updateIndexPageWithHomePage);
                return false;
            }
            if (CarbonUILoginUtil.letRequestedUrlIn(forcedSignOutRequestedURI, str)) {
                return true;
            }
            if (forcedSignOutRequestedURI.endsWith(".jsp") && z) {
                return true;
            }
            if (!z) {
                if (forcedSignOutRequestedURI.endsWith("ajaxprocessor.jsp")) {
                    return true;
                }
                return CarbonUILoginUtil.saveOriginalUrl(authenticator, httpServletRequest, httpServletResponse, session, z2, contextPath2, updateIndexPageWithHomePage, forcedSignOutRequestedURI);
            }
            if (!httpServletRequest.getSession().isNew()) {
                return true;
            }
            if (z2) {
                httpServletResponse.sendRedirect(contextPath2 + "/carbon/admin/login_action.jsp");
                return false;
            }
            httpServletResponse.sendRedirect(contextPath2 + "/carbon/admin/login.jsp");
            return false;
        } catch (Exception e) {
            log.debug("No session exits");
            return false;
        }
    }

    private String updateIndexPageWithHomePage(String str) {
        if (this.defaultHomePage == null) {
            this.defaultHomePage = (String) CarbonUIUtil.getProductParam("WSO2CarbondefaultHomePage");
        }
        if (this.defaultHomePage != null && this.defaultHomePage.trim().length() > 0 && str.contains("/carbon/admin/index.jsp")) {
            str = this.defaultHomePage;
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
        }
        return str;
    }

    private boolean isCurrentUrlToBePassed(HttpServletRequest httpServletRequest, HttpSession httpSession, String str) {
        if (this.urlsToBeByPassed.isEmpty() || !this.urlsToBeByPassed.containsKey(str)) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("By passing authentication check for URI : " + str);
        }
        String contextPath = httpServletRequest.getContextPath();
        String parameter = httpServletRequest.getParameter("backendURL");
        if (parameter == null) {
            parameter = CarbonUIUtil.getServerURL(httpSession.getServletContext(), httpServletRequest.getSession());
        }
        if ("/".equals(contextPath)) {
            contextPath = "";
        }
        httpSession.setAttribute("ServerURL", parameter.replace("${carbon.context}", contextPath));
        return true;
    }

    private void populateUrlsToBeBypassed() {
        ServiceReference serviceReference;
        CarbonUIDefinitions carbonUIDefinitions;
        if (this.bundle == null || !this.urlsToBeByPassed.isEmpty() || (serviceReference = this.bundle.getBundleContext().getServiceReference(CarbonUIDefinitions.class.getName())) == null || (carbonUIDefinitions = (CarbonUIDefinitions) this.bundle.getBundleContext().getService(serviceReference)) == null) {
            return;
        }
        this.urlsToBeByPassed = carbonUIDefinitions.getUnauthenticatedUrls();
    }

    private int allowNonSecuredContent(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, CarbonUIAuthenticator carbonUIAuthenticator) throws IOException {
        if (httpServletRequest.isSecure() || str.endsWith(".html")) {
            return 2;
        }
        if (str.endsWith(".css") || str.endsWith(".gif") || str.endsWith(".GIF") || str.endsWith(".jpg") || str.endsWith(".JPG") || str.endsWith(".png") || str.endsWith(".PNG") || str.endsWith(".xsl") || str.endsWith(".xslt") || str.endsWith(".js") || str.endsWith(".ico") || str.endsWith("/filedownload") || str.endsWith("/fileupload") || str.contains("/fileupload/") || str.contains("admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp") || str.contains("registry/atom") || str.contains("registry/tags") || str.contains("gadgets/") || str.contains("registry/resource")) {
            return 1;
        }
        if (!this.httpUrlsToBeByPassed.containsKey(str.replaceFirst("/carbon/", "../"))) {
            String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
            if (adminConsoleURL == null) {
                return 2;
            }
            if (log.isTraceEnabled()) {
                log.trace("Request came to admin console via http.Forwarding to : " + adminConsoleURL);
            }
            httpServletResponse.sendRedirect(adminConsoleURL);
            return 0;
        }
        if (z) {
            return 1;
        }
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals("wso2.carbon.rememberme") && carbonUIAuthenticator != null) {
                        try {
                            carbonUIAuthenticator.authenticateWithCookie(httpServletRequest);
                        } catch (AuthenticationException e) {
                            if (log.isDebugEnabled()) {
                                log.debug(e);
                            }
                        }
                    }
                }
            }
            return 1;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new IOException(e2.getMessage(), e2);
        }
    }

    private boolean handleRequestOnContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        log.debug("Handling request on context");
        if (this.defaultContext == null || "".equals(this.defaultContext.getContextName()) || "null".equals(this.defaultContext.getContextName())) {
            httpServletResponse.sendRedirect("carbon");
            return false;
        }
        String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
        httpServletResponse.sendRedirect(adminConsoleURL.substring(0, adminConsoleURL.lastIndexOf("carbon")) + this.defaultContext.getContextName() + "/");
        return false;
    }

    private void populatehttpUrlsToBeByPassed() {
        ServiceReference serviceReference;
        CarbonUIDefinitions carbonUIDefinitions;
        if (this.bundle == null || !this.httpUrlsToBeByPassed.isEmpty() || this.defaultContext != null || (serviceReference = this.bundle.getBundleContext().getServiceReference(CarbonUIDefinitions.class.getName())) == null || (carbonUIDefinitions = (CarbonUIDefinitions) this.bundle.getBundleContext().getService(serviceReference)) == null) {
            return;
        }
        this.httpUrlsToBeByPassed = carbonUIDefinitions.getHttpUrls();
        if (carbonUIDefinitions.getContexts().containsKey("default-context")) {
            this.defaultContext = carbonUIDefinitions.getContexts().get("default-context");
        }
    }
}
