package com.plusmpm.filter;

import com.suncode.pwfl.license.LicenseAccessor;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.enhydra.shark.Shark;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:com/plusmpm/filter/ActiveSessionFilter.class */
public class ActiveSessionFilter implements Filter {
    private static Logger log = Logger.getLogger(ActiveSessionFilter.class);
    private static String[] excludes = {"/com.plusmpm.servlet.authorization.GetDomainListServlet.customServlet", "/com.plusmpm.servlet.authorization.UserAuthorizationServlet.customServlet", "/api/authentication", "/sso/login", "/sso/perform"};
    private static String[] licenseExcludes = {"/License.do", "/com.suncode.pwfl.servlet.LicenseLoad.customServlet", "/com.suncode.pwfl.servlet.LicensePreview.customServlet", "/com.suncode.pwfl.servlet.LicenseRestrictions.customServlet", "/Login.do", "/LoginManual.do", "/Logout.do", "/com.plusmpm.struts.action.LogoutAction"};
    private UrlPathHelper pathHelper = new UrlPathHelper();

    public void init(FilterConfig filterConfig) throws ServletException {
        String property = Shark.getInstance().getProperties().getProperty("AuthorizeUserForFile");
        if (!(property == null || property.equalsIgnoreCase("true"))) {
            excludes = (String[]) ArrayUtils.addAll(excludes, new String[]{"/Goto.do", "/ShowDocumentFromArchive.do", "/com.plusmpm.servlet.ShowFileServlet.customServlet", "/ShowFile.do", "/com.plusmpm.servlet.DocumentInformationServlet.customServlet"});
        }
        String initParameter = filterConfig.getInitParameter("excludes");
        if (initParameter != null) {
            excludes = (String[]) ArrayUtils.addAll(excludes, initParameter.split(","));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        log.debug("method: " + httpServletRequest.getMethod());
        if (httpServletRequest.getMethod().equals("OPTIONS")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        log.debug(httpServletRequest.getParameter("typ"));
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        log.debug("sessionId: " + session.getId());
        String pathWithinApplication = this.pathHelper.getPathWithinApplication(httpServletRequest);
        log.debug("Wywołano request: " + pathWithinApplication);
        if (isExcluded(pathWithinApplication)) {
            log.info("Url żądania znajduje się na liście adresów wykluczonych.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str = (String) session.getAttribute("username");
        log.debug("Zalogowany użytkownik: " + str);
        if (StringUtils.isEmpty(str)) {
            log.info("Użytkownik w sesji: " + session.getId() + " nie jest zalogowany!");
            log.debug(httpServletRequest.getServletPath());
            if (isXHR(httpServletRequest) || httpServletRequest.getServletPath().contains("/api")) {
                log.debug("Żądanie wywołane przy pomocy XHR. Zwracam kod 401.");
                httpServletResponse.setStatus(401);
                httpServletResponse.getWriter().write("User is not logged in!");
                return;
            } else {
                httpServletRequest.setAttribute("redirectUrl", pathWithinApplication + getUrlFromParameterMap(httpServletRequest.getParameterMap()));
                httpServletRequest.getRequestDispatcher("/Login.do").forward(servletRequest, servletResponse);
                return;
            }
        }
        boolean isLicenseExcluded = isLicenseExcluded(pathWithinApplication);
        if (LicenseAccessor.getInstance().isAllBlocked()) {
            if (isXHR(httpServletRequest) || httpServletRequest.getServletPath().contains("/api")) {
                if (!isLicenseExcluded) {
                    log.debug("Żądanie wywołane przy pomocy XHR. Zwracam kod 405.");
                    httpServletResponse.setStatus(405);
                    httpServletResponse.getWriter().write("Invalid license in system!");
                    return;
                }
            } else if (!str.equals("admin")) {
                httpServletRequest.getRequestDispatcher("Logout.do").forward(servletRequest, servletResponse);
                return;
            } else if (!isLicenseExcluded) {
                httpServletRequest.getRequestDispatcher("License.do").forward(servletRequest, servletResponse);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private String getUrlFromParameterMap(Map<String, String[]> map) {
        log.debug("Zamieniam mape parametrow na ciąg znaków");
        StringBuilder sb = new StringBuilder("?");
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            sb.append(entry.getKey()).append("=").append(entry.getValue()[0].toString()).append("&");
        }
        String substring = sb.substring(0, sb.length() - 1);
        log.debug("Zamieniono: " + substring);
        return substring;
    }

    private boolean isXHR(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Requested-With");
        return header != null && "XMLHttpRequest".equals(header);
    }

    private boolean isExcluded(String str) {
        for (String str2 : excludes) {
            if (str.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    private boolean isLicenseExcluded(String str) {
        for (String str2 : licenseExcludes) {
            if (str.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }
}
