package org.jivesoftware.admin;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;
import org.jivesoftware.util.ConcurrentHashSet;
import org.jivesoftware.util.WebManager;
import org.logicalcobwebs.proxool.ConnectionPoolDefinitionIF;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/admin/AuthCheckFilter.class */
public class AuthCheckFilter implements Filter {
    private static final Logger Log = LoggerFactory.getLogger(AuthCheckFilter.class);
    private static Set<String> excludes = new ConcurrentHashSet();
    private ServletContext context;
    private String defaultLoginPage;

    public static void addExclude(String str) {
        excludes.add(str);
    }

    public static void removeExclude(String str) {
        excludes.remove(str);
    }

    public static boolean testURLPassesExclude(String str, String str2) {
        if (str.contains("@")) {
            str = str.substring(str.indexOf("@"));
        }
        if (str2.endsWith("*")) {
            return (!str.startsWith(str2.substring(0, str2.length() - 1)) || str.contains("..") || str.toLowerCase().contains("%2e")) ? false : true;
        }
        if (str2.contains(LocationInfo.NA)) {
            return str.equals(str2);
        }
        int indexOf = str.indexOf(LocationInfo.NA);
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        return str.equals(str2);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.context = filterConfig.getServletContext();
        this.defaultLoginPage = filterConfig.getInitParameter("defaultLoginPage");
        String initParameter = filterConfig.getInitParameter("excludes");
        if (initParameter != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter, ConnectionPoolDefinitionIF.FATAL_SQL_EXCEPTIONS_DELIMITER);
            while (stringTokenizer.hasMoreTokens()) {
                excludes.add(stringTokenizer.nextToken().trim());
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String str = this.defaultLoginPage;
        if (str == null) {
            str = httpServletRequest.getContextPath() + "/login.jsp";
        }
        String substring = httpServletRequest.getRequestURI().substring(1);
        if (substring.startsWith("plugins/")) {
            substring = substring.substring("plugins/".length());
        }
        boolean z = false;
        Iterator<String> it = excludes.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (testURLPassesExclude(substring, it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            WebManager webManager = new WebManager();
            webManager.init(httpServletRequest, httpServletResponse, httpServletRequest.getSession(), this.context);
            if (webManager.getUser() == null) {
                httpServletResponse.sendRedirect(getRedirectURL(httpServletRequest, str, null));
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    private String getRedirectURL(HttpServletRequest httpServletRequest, String str, String str2) {
        StringBuilder sb = new StringBuilder();
        try {
            sb.append(httpServletRequest.getRequestURI());
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null) {
                sb.append(LocationInfo.NA).append(queryString);
            }
        } catch (Exception e) {
            Log.error(e.getMessage(), (Throwable) e);
        }
        try {
            return str + "?url=" + URLEncoder.encode(sb.toString(), "ISO-8859-1") + (str2 != null ? "&" + str2 : "");
        } catch (Exception e2) {
            Log.error(e2.getMessage(), (Throwable) e2);
            return null;
        }
    }
}
