package org.rhq.enterprise.gui.legacy;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.rhq.core.domain.auth.Subject;
import org.rhq.enterprise.gui.legacy.util.SessionUtils;
import org.rhq.enterprise.server.auth.SessionManager;
import org.rhq.enterprise.server.auth.SessionNotFoundException;
import org.rhq.enterprise.server.auth.SessionTimeoutException;
import org.rhq.enterprise.server.license.License;
import org.rhq.enterprise.server.system.LicenseException;
import org.rhq.enterprise.server.util.LookupUtil;

/* loaded from: input_file:WEB-INF/classes/org/rhq/enterprise/gui/legacy/AuthenticationFilter.class */
public final class AuthenticationFilter extends BaseFilter {
    private static Log log = LogFactory.getLog(AuthenticationFilter.class);

    @Override // org.rhq.enterprise.gui.legacy.BaseFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        WebUser webUser = SessionUtils.getWebUser(session);
        if (webUser != null) {
            try {
                Subject subject = webUser.getSubject();
                if (subject == null) {
                    throw new SessionNotFoundException("Web user not associated with a subject");
                }
                SessionManager.getInstance().getSubject(subject.getSessionId().intValue());
            } catch (SessionNotFoundException e) {
                session.removeAttribute("u");
                SessionUtils.setWebUser(session, null);
                webUser = null;
            } catch (SessionTimeoutException e2) {
                session.removeAttribute("u");
                SessionUtils.setWebUser(session, null);
                webUser = null;
            }
        }
        if (webUser != null) {
            if (httpServletRequest.getRequestURI().indexOf("/admin/license") < 0) {
                License license = null;
                try {
                    license = LookupUtil.getSystemManager().getLicense();
                } catch (LicenseException e3) {
                }
                if (license == null || license.getLicenseExpiration() < System.currentTimeMillis()) {
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/admin/license/LicenseAdmin.do?mode=view");
                }
            }
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (IOException e4) {
                log.warn("Caught IO Exception from client " + httpServletRequest.getRemoteAddr() + ": " + e4.getMessage());
                return;
            }
        }
        String servletPath = httpServletRequest.getServletPath();
        if ("/Login.do".equals(servletPath) || "/j_security_check.do".equals(servletPath)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Map parameterMap = httpServletRequest.getParameterMap();
        if (!parameterMap.isEmpty()) {
            HashMap hashMap = new HashMap();
            for (String str : parameterMap.keySet()) {
                hashMap.put(str, httpServletRequest.getParameter(str));
            }
            session.setAttribute(ParamConstants.LOGON_URL_PARAMETERS, hashMap);
        }
        session.setAttribute(KeyConstants.LOGON_URL_KEY, servletPath);
        httpServletResponse.setStatus(401);
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/Login.do");
    }
}
