package com.iona.soa.web.repository.security.filters;

import com.iona.soa.security.AuthenticationException;
import com.iona.soa.security.SecurityService;
import com.iona.soa.web.repository.security.servlets.SessionServlet;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/iona/soa/web/repository/security/filters/LoginFilter.class */
public class LoginFilter implements Filter {
    private static final String[] EXCLUDES = {"/css", "/images"};
    private FilterConfig filterConfig;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Cookie findCookie = SessionServlet.findCookie(httpServletRequest, "DEPOT_AUTH_TOKEN");
        if (requestAllowed(httpServletRequest.getRequestURI()) || isValidSession(findCookie)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (findCookie != null) {
            findCookie.setMaxAge(0);
            httpServletResponse.addCookie(findCookie);
        }
        this.filterConfig.getServletContext().getRequestDispatcher("/Session").forward(servletRequest, servletResponse);
    }

    private boolean isValidSession(Cookie cookie) {
        if (cookie == null) {
            return false;
        }
        SecurityService securityService = RepositoryProtectorFactory.getInstance().getSecurityService();
        if (securityService == null) {
            return true;
        }
        try {
            return securityService.authenticate("DEPOT_AUTH_TOKEN " + cookie.getValue()).getSSOToken().equals(cookie.getValue());
        } catch (AuthenticationException e) {
            return false;
        }
    }

    private boolean requestAllowed(String str) {
        for (String str2 : EXCLUDES) {
            if (str.indexOf(str2) > -1) {
                return true;
            }
        }
        return false;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }
}
