package com.greenhat.server.container.server.rest;

import com.google.common.collect.ImmutableSet;
import com.greenhat.server.container.server.ApplicationContextProvider;
import com.greenhat.server.container.server.context.ContextService;
import com.greenhat.server.container.server.context.RestContext;
import com.greenhat.server.container.server.nls.LocaleUtils;
import com.greenhat.server.container.server.nls.NLSResources;
import com.greenhat.server.container.server.security.AuthenticationResponse;
import com.greenhat.server.container.server.security.AuthenticationService;
import com.greenhat.server.container.server.util.StringUtils;
import com.greenhat.server.container.shared.datamodel.SecurityToken;
import com.greenhat.server.container.shared.datamodel.User;
import com.greenhat.vie.comms.i18n.LocaleThreadLocal;
import com.greenhat.vie.comms.version.ProtocolVersion;
import etm.core.configuration.EtmManager;
import etm.core.monitor.EtmMonitor;
import etm.core.monitor.EtmPoint;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Set;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:com/greenhat/server/container/server/rest/ApiFilter.class */
public class ApiFilter implements Filter {
    private static final EtmMonitor etmMonitor = EtmManager.getEtmMonitor();
    private static final RestUrlToEtmPointNameFunction etmPointNameFunction = new RestUrlToEtmPointNameFunction();
    private static final Logger logger = Logger.getLogger(ApiFilter.class.getName());
    protected static final String FORM_CONTENT_TYPE = "application/x-www-form-urlencoded";
    protected static final String CONTENT_TYPE_OVERRIDE = "application/data";
    private ContextService contextService;
    private AuthenticationService authService;
    private Collection<String> excludedPaths = new ArrayList();
    private Set<String> xsrfMethods = ImmutableSet.of("POST", "PUT", "DELETE", "PATCH");

    /* loaded from: input_file:com/greenhat/server/container/server/rest/ApiFilter$ContentTypeFixingWrapper.class */
    private class ContentTypeFixingWrapper extends HttpServletRequestWrapper {
        private ContentTypeFixingWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public String getContentType() {
            return ApiFilter.CONTENT_TYPE_OVERRIDE;
        }

        public String getHeader(String str) {
            return StringUtils.equalsIgnoreCase(HttpHeaders.CONTENT_TYPE, str, Locale.ROOT) ? ApiFilter.CONTENT_TYPE_OVERRIDE : super.getHeader(str);
        }

        public Enumeration getHeaders(String str) {
            return StringUtils.equalsIgnoreCase(HttpHeaders.CONTENT_TYPE, str, Locale.ROOT) ? Collections.enumeration(Collections.singletonList(ApiFilter.CONTENT_TYPE_OVERRIDE)) : super.getHeaders(str);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header;
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            EtmPoint createEtmPoint = createEtmPoint(httpServletRequest);
            try {
                LocaleThreadLocal.set(LocaleUtils.getLocaleAndFixMalformedTags(httpServletRequest));
                if (httpServletRequest.getContentType() != null && httpServletRequest.getContentType().equals(FORM_CONTENT_TYPE)) {
                    httpServletRequest = new ContentTypeFixingWrapper(httpServletRequest);
                }
                this.contextService.setUpCommandContext(User.getDefaultUser(), null);
                if (matchesExcludePatterns(httpServletRequest.getPathInfo())) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    if (createEtmPoint != null) {
                        createEtmPoint.collect();
                        return;
                    }
                    return;
                }
                boolean z = false;
                if (this.authService.isUserSecurityEnabled()) {
                    String header2 = httpServletRequest.getHeader("Authorization");
                    if (header2 == null || !header2.startsWith("X-Jazz-Session")) {
                        String findSessionCookie = findSessionCookie(httpServletRequest.getCookies());
                        if (findSessionCookie != null) {
                            SecurityToken securityToken = new SecurityToken(findSessionCookie.trim());
                            AuthenticationResponse isAuthenticated = this.authService.isAuthenticated(securityToken, false);
                            if (!isAuthenticated.isAuthenticated()) {
                                logger.warning("Failed to authenticate session id " + findSessionCookie + " from " + servletRequest.getRemoteAddr());
                                sendTextResponse(servletResponse, HttpStatus.UNAUTHORIZED.value(), NLSResources.getInstance().get("unauthorized", new Object[0]));
                                if (createEtmPoint != null) {
                                    createEtmPoint.collect();
                                    return;
                                }
                                return;
                            }
                            String header3 = httpServletRequest.getHeader("X-XSRF-TOKEN");
                            if (this.xsrfMethods.contains(((HttpServletRequest) servletRequest).getMethod())) {
                                if (header3 == null) {
                                    logger.warning("CSRF check failed. X-XSRF header was missing");
                                    sendTextResponse(servletResponse, HttpStatus.UNAUTHORIZED.value(), "CSRF check failed. X-XSRF header was missing");
                                    if (createEtmPoint != null) {
                                        createEtmPoint.collect();
                                        return;
                                    }
                                    return;
                                }
                                if (!findSessionCookie.contentEquals(header3)) {
                                    logger.warning("CSRF check failed. X-XSRF header does not match session");
                                    sendTextResponse(servletResponse, HttpStatus.UNAUTHORIZED.value(), "CSRF check failed. X-XSRF header does not match session");
                                    if (createEtmPoint != null) {
                                        createEtmPoint.collect();
                                        return;
                                    }
                                    return;
                                }
                            }
                            this.contextService.setUpCommandContext(isAuthenticated.getUser(), securityToken);
                            z = true;
                        }
                    } else {
                        String trim = header2.substring("X-Jazz-Session".length() + 1).trim();
                        if (trim.isEmpty()) {
                            logger.warning("Security is enabled but an empty security token was supplied from " + servletRequest.getRemoteAddr());
                        }
                        SecurityToken securityToken2 = new SecurityToken(trim);
                        AuthenticationResponse isAuthenticated2 = this.authService.isAuthenticated(securityToken2, false);
                        if (!isAuthenticated2.isAuthenticated()) {
                            logger.warning("Failed to authenticate security token: " + trim + " from " + servletRequest.getRemoteAddr());
                            sendTextResponse(servletResponse, HttpStatus.UNAUTHORIZED.value(), NLSResources.getInstance().get("unauthorized", new Object[0]));
                            if (createEtmPoint != null) {
                                createEtmPoint.collect();
                                return;
                            }
                            return;
                        }
                        this.contextService.setUpCommandContext(isAuthenticated2.getUser(), securityToken2);
                        z = true;
                    }
                }
                if (!z && (header = httpServletRequest.getHeader("X-User")) != null) {
                    String decode = URLDecoder.decode(header, "utf-8");
                    if (!StringUtils.isBlank(decode)) {
                        this.contextService.setUpCommandContext(new User(decode, Collections.emptySet()), null);
                    }
                }
                ProtocolVersion protocolVersion = getProtocolVersion(httpServletRequest);
                String clientVersion = getClientVersion(httpServletRequest);
                if (protocolVersion == null) {
                    sendTextResponse(servletResponse, 400, "The server version is not compatible");
                } else {
                    this.contextService.setRestContext(new RestContext(protocolVersion, clientVersion));
                    filterChain.doFilter(httpServletRequest, servletResponse);
                }
            } finally {
                if (createEtmPoint != null) {
                    createEtmPoint.collect();
                }
            }
        }
    }

    private String findSessionCookie(Cookie[] cookieArr) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if ("ghsessionid".equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private EtmPoint createEtmPoint(HttpServletRequest httpServletRequest) {
        if (etmMonitor.isStarted()) {
            return etmMonitor.createPoint(createEtmPointName(httpServletRequest));
        }
        return null;
    }

    private boolean matchesExcludePatterns(String str) {
        if (str == null) {
            return false;
        }
        for (String str2 : this.excludedPaths) {
            if (!StringUtils.isBlank(str2)) {
                if (str2.endsWith("*")) {
                    if (str.startsWith(str2.substring(0, str2.length() - 1))) {
                        return true;
                    }
                } else if (str2.equals(str)) {
                    return true;
                }
            }
        }
        return false;
    }

    private String createEtmPointName(HttpServletRequest httpServletRequest) {
        return "HTTP " + httpServletRequest.getMethod() + " request " + etmPointNameFunction.apply(httpServletRequest.getContextPath(), httpServletRequest.getRequestURI());
    }

    private ProtocolVersion getProtocolVersion(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-ProtocolVersion");
        return (header == null || header.equals("")) ? ProtocolVersion.VERSION_1 : ProtocolVersion.fromString(header);
    }

    private String getClientVersion(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-ClientVersion");
        return (header == null || header.equals("")) ? "5.4.0" : header;
    }

    private void sendTextResponse(ServletResponse servletResponse, int i, String str) throws IOException {
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setStatus(i);
            httpServletResponse.setContentType("text/plain");
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpServletResponse.getOutputStream());
            outputStreamWriter.write(str);
            outputStreamWriter.flush();
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        ApplicationContext applicationContext = ApplicationContextProvider.getProvider().getApplicationContext();
        this.contextService = (ContextService) applicationContext.getBean("contextService", ContextService.class);
        this.authService = (AuthenticationService) applicationContext.getBean("authenticationService", AuthenticationService.class);
        String initParameter = filterConfig.getInitParameter("excludedPaths");
        if (initParameter != null) {
            this.excludedPaths.addAll(Arrays.asList(initParameter.trim().replaceAll("\\s+", " ").split(" ")));
        }
    }

    public void destroy() {
    }
}
