package io.hawt.web;

import io.hawt.system.Helpers;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.http.MimeTypes;
import org.elasticsearch.threadpool.ThreadPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-283-10.zip:standalone/deployments/hawtio-wildfly-1.4.0.redhat-630283-10.war:WEB-INF/lib/hawtio-system-1.4.0.redhat-630283-10.jar:io/hawt/web/SessionExpiryFilter.class */
public class SessionExpiryFilter implements Filter {
    private static final transient Logger LOG = LoggerFactory.getLogger(SessionExpiryFilter.class);
    private static final String[] ignoredPaths = {"jolokia", "proxy"};
    private List<String> ignoredPathList;
    private ServletContext context;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.ignoredPathList = Arrays.asList(ignoredPaths);
        this.context = filterConfig.getServletContext();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            process((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void writeOk(HttpServletResponse httpServletResponse) throws IOException, ServletException {
        httpServletResponse.setContentType(MimeTypes.TEXT_HTML_UTF_8);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write("ok".getBytes());
            outputStream.flush();
            outputStream.close();
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    private void updateLastAccess(HttpSession httpSession, long j) {
        httpSession.setAttribute("LastAccess", Long.valueOf(j));
        LOG.debug("Reset LastAccess to: ", httpSession.getAttribute("LastAccess"));
    }

    private void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.context == null || this.context.getAttribute("authenticationEnabled") == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        boolean booleanValue = ((Boolean) this.context.getAttribute("authenticationEnabled")).booleanValue();
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.startsWith("/")) {
            requestURI = requestURI.substring(1);
        }
        if (requestURI.endsWith("/")) {
            requestURI = requestURI.substring(0, requestURI.length() - 1);
        }
        String[] split = Pattern.compile("/").split(requestURI);
        if (split.length == 1) {
            if (session != null) {
                updateLastAccess(session, System.currentTimeMillis());
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String str = split[0];
        String str2 = split[1];
        if (session != null && session.getMaxInactiveInterval() >= 0) {
            int maxInactiveInterval = session.getMaxInactiveInterval();
            long currentTimeMillis = System.currentTimeMillis();
            if (session.getAttribute("LastAccess") != null) {
                long longValue = (currentTimeMillis - ((Long) session.getAttribute("LastAccess")).longValue()) / 1000;
                LOG.debug("Session expiry: {}, duration since last access: {}", Integer.valueOf(maxInactiveInterval), Long.valueOf(longValue));
                if (longValue > maxInactiveInterval) {
                    LOG.info("Expiring session due to inactivity");
                    session.invalidate();
                    Helpers.doForbidden(httpServletResponse);
                    return;
                }
            }
            if (str2.equals(ThreadPool.Names.REFRESH)) {
                updateLastAccess(session, currentTimeMillis);
                writeOk(httpServletResponse);
                return;
            }
            LOG.debug("Top level context: {} subContext: {}", str, str2);
            if (!this.ignoredPathList.contains(str2) || session.getAttribute("LastAccess") == null) {
                updateLastAccess(session, currentTimeMillis);
            } else {
                LOG.debug("Not updating LastAccess");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (str2.equals(ThreadPool.Names.REFRESH) && !booleanValue) {
            LOG.debug("Authentication disabled, received refresh response, responding with ok");
            writeOk(httpServletResponse);
            return;
        }
        if (!booleanValue) {
            LOG.debug("Authentication disabled, allowing request");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getHeader("Authorization") != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (str2.equals("jolokia") || str2.equals("proxy") || str2.equals("user") || str2.equals("exportContext") || str2.equals("contextFormatter") || str2.equals("upload")) {
            LOG.debug("Authentication enabled, denying request for {}", str2);
            Helpers.doForbidden(httpServletResponse);
        } else {
            LOG.debug("Authentication enabled, but allowing request for {}", str2);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
