package org.eclnt.jsfserver.util;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import org.eclnt.jsfserver.configuration.CCConfigurationObject;
import org.eclnt.jsfserver.util.security.StringHider;
import org.eclnt.util.log.CLog;
import org.eclnt.util.valuemgmt.UniqueIdCreator;

/* loaded from: input_file:org/eclnt/jsfserver/util/SecurityFilter.class */
public class SecurityFilter extends CCFilterBase implements Filter, ICCServerConstants {
    static final String CCSESSIONCHECKID = "ccsessioncheckid";
    static final String CCSESSIONCHECKID_CLIENTTYPE = "ccsessioncheckid_clienttype";
    static final String CCSESSIONCHECKID_TREATED = "ccsessioncheckid_treated";
    static boolean s_initialized = false;
    static CCConfigurationObject<IExtension> s_extension = new CCConfigurationObject<>(null);
    static Object SYNCHER = new Object();

    /* loaded from: input_file:org/eclnt/jsfserver/util/SecurityFilter$IExtension.class */
    public interface IExtension {
        boolean checkIfToExecuteCheck(ServletRequest servletRequest);
    }

    @Override // org.eclnt.jsfserver.util.CCFilterBase
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // org.eclnt.jsfserver.util.CCFilterBase
    public void doFilterExecute(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        initExtension();
        boolean z = true;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || TypeOfSessionMgmt.getSessionMgmtViaCookie(session)) {
            z = false;
        } else if (s_extension != null && s_extension.instance() != null) {
            z = s_extension.instance().checkIfToExecuteCheck(servletRequest);
        }
        if (z && !HttpSessionAccess.checkIfCurrentClientTypeIsRisc(httpServletRequest) && (httpServletRequest.getRequestURI().contains("/ccupload/") || httpServletRequest.getRequestURI().contains(".ccupload"))) {
            z = false;
        }
        if (z && (servletRequest instanceof HttpServletRequest)) {
            ThreadingFilter.checkRequestForNoData(httpServletRequest);
            HttpSession session2 = httpServletRequest.getSession();
            String currentClientType = HttpSessionAccess.getCurrentClientType(httpServletRequest);
            String currentCCSessionId = getCurrentCCSessionId(session2);
            String readCCSessionCheckIdFromRequest = readCCSessionCheckIdFromRequest(httpServletRequest, currentClientType);
            boolean z2 = false;
            try {
                z2 = ((Boolean) session2.getAttribute(CCSESSIONCHECKID_TREATED)).booleanValue();
            } catch (Throwable th) {
            }
            if (!z2) {
                currentCCSessionId = null;
                readCCSessionCheckIdFromRequest = null;
            }
            if (readCCSessionCheckIdFromRequest == null) {
                if (currentCCSessionId != null) {
                    SessionCheckError sessionCheckError = new SessionCheckError();
                    CLog.L.log(CLog.LL_ERR, "A request without ccsessioncheckid tried to connect into a session with ccsessioncheckid", (Throwable) sessionCheckError);
                    throw sessionCheckError;
                }
                String createRandomId = UniqueIdCreator.createRandomId();
                setCurrentCCSessionId(session2, createRandomId);
                session2.setAttribute(CCSESSIONCHECKID_CLIENTTYPE, currentClientType);
                writeCCSessionCheckIdIntoResponse(httpServletResponse, currentClientType, createRandomId);
            } else {
                if (currentCCSessionId == null) {
                    SessionCheckError sessionCheckError2 = new SessionCheckError();
                    CLog.L.log(CLog.LL_ERR, "A request with ccsessioncheckid tried to connect into a session without ccsessioncheckid", (Throwable) sessionCheckError2);
                    throw sessionCheckError2;
                }
                String str = (String) session2.getAttribute(CCSESSIONCHECKID_CLIENTTYPE);
                if (str != null && !str.equals(currentClientType)) {
                    SessionCheckError sessionCheckError3 = new SessionCheckError();
                    CLog.L.log(CLog.LL_ERR, "A request with ccsessioncheckid tried to connect into a session with ccsessioncheckid. The client type of the session does not correspond to the client type of the request.", (Throwable) sessionCheckError3);
                    throw sessionCheckError3;
                }
                if (!readCCSessionCheckIdFromRequest.equals(currentCCSessionId)) {
                    SessionCheckError sessionCheckError4 = new SessionCheckError();
                    CLog.L.log(CLog.LL_ERR, "A request was processed having a ccsessioncheckid that does not match the server sessions's ccsessioncheckid", (Throwable) sessionCheckError4);
                    throw sessionCheckError4;
                }
                writeCCSessionCheckIdIntoResponse(httpServletResponse, currentClientType, currentCCSessionId);
            }
            session2.setAttribute(CCSESSIONCHECKID_TREATED, true);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public static String getCurrentCCSessionId(HttpSession httpSession) {
        StringHider stringHider = (StringHider) httpSession.getAttribute(CCSESSIONCHECKID);
        if (stringHider == null) {
            return null;
        }
        return stringHider.getValue();
    }

    public static void setCurrentCCSessionId(HttpSession httpSession, String str) {
        httpSession.setAttribute(CCSESSIONCHECKID, new StringHider(str));
    }

    public void destroy() {
    }

    private String readCCSessionCheckIdFromRequest(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies;
        if (ICCServerConstants.CLIENTTYPE_APPLET.equals(str) || ICCServerConstants.CLIENTTYPE_WEBSTART.equals(str) || ICCServerConstants.CLIENTTYPE_APPLICATION.equals(str) || ICCServerConstants.CLIENTTYPE_UI5.equals(str) || ICCServerConstants.CLIENTTYPE_RISC.equals(str)) {
            return httpServletRequest.getParameter(CCSESSIONCHECKID);
        }
        if (!ICCServerConstants.CLIENTTYPE_BROWSER.equals(str) || (cookies = httpServletRequest.getCookies()) == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(CCSESSIONCHECKID)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private void writeCCSessionCheckIdIntoResponse(HttpServletResponse httpServletResponse, String str, String str2) {
        if (ICCServerConstants.CLIENTTYPE_APPLET.equals(str) || ICCServerConstants.CLIENTTYPE_WEBSTART.equals(str) || ICCServerConstants.CLIENTTYPE_APPLICATION.equals(str) || ICCServerConstants.CLIENTTYPE_UI5.equals(str) || ICCServerConstants.CLIENTTYPE_RISC.equals(str)) {
            ServletUtil.setResponseHeader(httpServletResponse, CCSESSIONCHECKID, str2);
        } else if (ICCServerConstants.CLIENTTYPE_BROWSER.equals(str)) {
            Cookie cookie = new Cookie(CCSESSIONCHECKID, ServletUtil.sanitizeCookieValue(str2));
            cookie.setSecure(true);
            httpServletResponse.addCookie(cookie);
        }
    }

    private void initExtension() {
        if (s_initialized) {
            return;
        }
        synchronized (SYNCHER) {
            if (!s_initialized) {
                try {
                    String securityfilterextensionclassname = SystemXml.getSecurityfilterextensionclassname();
                    if (securityfilterextensionclassname != null) {
                        s_extension = new CCConfigurationObject<>(securityfilterextensionclassname, null);
                    }
                } catch (Throwable th) {
                    CLog.L.log(CLog.LL_ERR, "Problem initializing the security filter extension", th);
                }
                s_initialized = true;
            }
        }
    }
}
