package org.eclnt.jsfserver.util;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import org.eclnt.jsfserver.configuration.CCConfigurationObjectLoader;
import org.eclnt.jsfserver.util.SystemXml;
import org.eclnt.jsfserver.util.security.StringHider;
import org.eclnt.util.log.CLog;
import org.eclnt.util.valuemgmt.UniqueIdCreator;
import org.eclnt.util.valuemgmt.ValueManager;

/* loaded from: input_file:org/eclnt/jsfserver/util/SecurityFilterGeneral.class */
public class SecurityFilterGeneral extends CCFilterBase implements Filter, ICCServerConstants {
    static final String COOKIE_CCSESSIONCHECKID_GENERAL = "ccclientcheckidgeneral";
    static final String SESSIONATT_CCSESSIONCHECKID_REQUIRED = "ccclientcheckidgeneralNotRequired";
    static boolean s_initialized = false;
    static IExtension s_extension = null;
    static Set<IExtension> s_extensions = new HashSet();
    static Object SYNCHER = new Object();

    /* loaded from: input_file:org/eclnt/jsfserver/util/SecurityFilterGeneral$IExtension.class */
    public interface IExtension {
        boolean checkIfToExecuteCheck(ServletRequest servletRequest);
    }

    @Override // org.eclnt.jsfserver.util.CCFilterBase
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // org.eclnt.jsfserver.util.CCFilterBase
    public void doFilterExecute(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            try {
                initExtension();
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                HttpSession session = httpServletRequest.getSession(false);
                boolean z = true;
                boolean z2 = false;
                if (httpServletRequest.getRequestURI().contains("/faces/") && httpServletRequest.getRequestURI().contains(ICCServerConstants.LAYOUTEXTENSION_JSP)) {
                    z2 = true;
                }
                if (HttpSessionAccess.checkIfCurrentClientTypeIsRisc(httpServletRequest)) {
                    TypeOfSessionMgmt.associateRISCClientWithCurrentThread(this);
                } else {
                    z = false;
                    TypeOfSessionMgmt.associateNORISCClientWithCurrentThread(this);
                }
                if (session != null) {
                    StringHider stringHider = (StringHider) session.getAttribute(SESSIONATT_CCSESSIONCHECKID_REQUIRED);
                    if (stringHider == null) {
                        z = false;
                    } else if ("false".equals(stringHider.getValue())) {
                        z = false;
                    }
                }
                if (z && z2) {
                    String str = null;
                    if (session == null) {
                        z = false;
                    }
                    if (z) {
                        str = readCCSessionCheckIdGeneralFromSession(session);
                        if (str == null) {
                            z = false;
                        }
                    }
                    if (z && readCCSessionCheckIdGeneralFromRequest(httpServletRequest) == null && str == null) {
                        z = false;
                    }
                }
                if (z && s_extension != null) {
                    z = s_extension.checkIfToExecuteCheck(servletRequest);
                }
                for (IExtension iExtension : s_extensions) {
                    if (z) {
                        z = iExtension.checkIfToExecuteCheck(servletRequest);
                    }
                }
                if (z) {
                    if (session == null) {
                        CLog.L.log(CLog.LL_ERR, "Session for checking security id is not available anymore. Aborting security check with error. " + httpServletRequest.getRequestURI());
                        throw new Error("Session for checking security id is not available anymore: " + httpServletRequest.getRequestURI());
                    }
                    performCheck_ccSessionCheckIdSession(session, httpServletRequest);
                }
                filterChain.doFilter(servletRequest, servletResponse);
                TypeOfSessionMgmt.clearCurrentThread(this);
            } catch (Throwable th) {
                if (th instanceof Error) {
                    throw ((Error) th);
                }
                if (th instanceof RuntimeException) {
                    throw ((RuntimeException) th);
                }
                if (th instanceof IOException) {
                    throw ((IOException) th);
                }
                if (!(th instanceof ServletException)) {
                    throw new Error((Throwable) th);
                }
                throw th;
            }
        } catch (Throwable th2) {
            TypeOfSessionMgmt.clearCurrentThread(this);
            throw th2;
        }
    }

    private void performCheck_ccSessionCheckIdSession(HttpSession httpSession, HttpServletRequest httpServletRequest) {
        String readCCSessionCheckIdGeneralFromSession = readCCSessionCheckIdGeneralFromSession(httpSession);
        if (readCCSessionCheckIdGeneralFromSession == null) {
            CLog.L.log(CLog.LL_ERR, "General security id is not available in session. Aborting security check with error. " + httpServletRequest.getRequestURI());
            throw new Error("General security id is not available in session: " + httpServletRequest.getRequestURI());
        }
        if (ValueManager.checkIfStringsAreEqual(readCCSessionCheckIdGeneralFromSession, readCCSessionCheckIdGeneralFromRequest(httpServletRequest))) {
            return;
        }
        CLog.L.log(CLog.LL_ERR, "Client does not send valid general security id. Request is cancelled. Aborting security check with error. " + httpServletRequest.getRequestURI());
        throw new Error("Client does not send valid security id. Request is cancelled: " + httpServletRequest.getRequestURI());
    }

    private String readCCSessionCheckIdGeneralFromSession(HttpSession httpSession) {
        StringHider stringHider;
        if (httpSession == null || (stringHider = (StringHider) httpSession.getAttribute(COOKIE_CCSESSIONCHECKID_GENERAL)) == null) {
            return null;
        }
        return stringHider.getValue();
    }

    public void destroy() {
    }

    @Deprecated
    public static void setSecurityFilterExtension(IExtension iExtension) {
        s_extension = iExtension;
    }

    @Deprecated
    public static IExtension getSecurityFilterExtension() {
        return s_extension;
    }

    public static synchronized void addSecurityFilterExtension(IExtension iExtension) {
        s_extensions.add(iExtension);
    }

    public static synchronized void removeSecurityFilterExtension(IExtension iExtension) {
        s_extensions.remove(iExtension);
    }

    public static void manageSecurityFilterDownloadCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
        if (HttpSessionAccess.checkIfCurrentClientTypeIsRisc(httpServletRequest) && checkIfFilterIsActive()) {
            String isolateOriginalProtocol = ServletUtil.isolateOriginalProtocol(httpServletRequest, true);
            String isolateOriginalServer = ServletUtil.isolateOriginalServer(httpServletRequest, true);
            if (!"https".equals(isolateOriginalProtocol) && !"localhost".equals(isolateOriginalServer)) {
                httpSession.setAttribute(SESSIONATT_CCSESSIONCHECKID_REQUIRED, new StringHider("false"));
                return;
            }
            httpSession.setAttribute(SESSIONATT_CCSESSIONCHECKID_REQUIRED, new StringHider("true"));
            String readCCSessionCheckIdGeneralFromRequest = readCCSessionCheckIdGeneralFromRequest(httpServletRequest);
            if (readCCSessionCheckIdGeneralFromRequest == null) {
                readCCSessionCheckIdGeneralFromRequest = UniqueIdCreator.createRandomId();
            }
            httpSession.setAttribute(COOKIE_CCSESSIONCHECKID_GENERAL, new StringHider(readCCSessionCheckIdGeneralFromRequest));
            boolean z = true;
            if (!"https".equals(isolateOriginalProtocol)) {
                z = false;
            }
            writeCCSessionCheckIdIntoResponse(httpServletRequest, httpServletResponse, readCCSessionCheckIdGeneralFromRequest, z);
        }
    }

    private static boolean checkIfFilterIsActive() {
        SystemXml.FilterConfiguration filterConfiguration = SystemXml.getFilterConfiguration(SecurityFilterGeneral.class);
        return filterConfiguration == null || filterConfiguration.isActive();
    }

    private static String readCCSessionCheckIdGeneralFromRequest(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(COOKIE_CCSESSIONCHECKID_GENERAL)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private static void writeCCSessionCheckIdIntoResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) {
        String findWebappCookiePath = ServletUtil.findWebappCookiePath(httpServletRequest);
        String str2 = null;
        if (z) {
            str2 = "None";
        }
        ServletUtil.writeCookie(httpServletResponse, COOKIE_CCSESSIONCHECKID_GENERAL, findWebappCookiePath, str, true, str2, z);
    }

    private void initExtension() {
        if (s_initialized) {
            return;
        }
        synchronized (SYNCHER) {
            if (!s_initialized) {
                try {
                    String securityfilterextensionclassnameGeneral = SystemXml.getSecurityfilterextensionclassnameGeneral();
                    if (securityfilterextensionclassnameGeneral != null) {
                        s_extension = (IExtension) CCConfigurationObjectLoader.instance().loadInstance(securityfilterextensionclassnameGeneral, true);
                    }
                } catch (Throwable th) {
                    CLog.L.log(CLog.LL_ERR, "Problem initializing the security filter extension", th);
                }
                s_initialized = true;
            }
        }
    }
}
