package es.rediris.papi.filter;

import es.rediris.papi.assertion.Assertion;
import es.rediris.papi.config.Config;
import es.rediris.papi.exception.PAPIException;
import es.rediris.papi.message.CheckedResponse;
import es.rediris.papi.message.Message;
import es.rediris.papi.message.MessageBuilder;
import es.rediris.papi.message.Request;
import es.rediris.papi.message.URLMessageBuilder;
import es.rediris.papi.poa.PoACore;
import es.rediris.papi.token.HCookToken;
import es.rediris.papi.token.LCookToken;
import es.rediris.papi.token.format.TokenFormatFactory;
import es.rediris.papi.token.handler.CookieHandler;
import es.rediris.papi.token.handler.TokenHandler;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:es/rediris/papi/filter/PAPIFilter.class */
public class PAPIFilter implements Filter {
    private static Logger log = Logger.getLogger(PAPIFilter.class);
    public static final String PAPIFILTER_CONFIG_FILE = "configfile";
    private FilterConfig filterConfig;
    private TokenHandler tokenHandler;
    private MessageBuilder messageBuilder;
    private PoACore poaCore;
    private Config config;

    public void destroy() {
    }

    private void readAESKeys() throws ServletException {
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(this.config.getProperty(Config.AES_KEY_HCOOK_FILE)));
            if (!this.tokenHandler.getAESCipher().addKey(Config.KEY_HCOOK, bufferedReader.readLine().getBytes())) {
                throw new ServletException("Error reading hkey");
            }
            bufferedReader.close();
            BufferedReader bufferedReader2 = new BufferedReader(new FileReader(this.config.getProperty(Config.AES_KEY_LCOOK_FILE)));
            if (!this.tokenHandler.getAESCipher().addKey(Config.KEY_LCOOK, bufferedReader2.readLine().getBytes())) {
                throw new ServletException("Error reading lkey");
            }
            bufferedReader2.close();
        } catch (IOException e) {
            throw new ServletException(e);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("Initializing the PAPIFilter");
        this.filterConfig = filterConfig;
        try {
            this.config = new Config(this.filterConfig.getInitParameter(PAPIFILTER_CONFIG_FILE));
            this.tokenHandler = new CookieHandler(this.config);
            readAESKeys();
            this.poaCore = new PoACore(this.config);
            this.messageBuilder = new URLMessageBuilder();
        } catch (PAPIException e) {
            log.error("Exception message", e);
            throw new ServletException(e);
        }
    }

    private String getRequestURI(HttpServletRequest httpServletRequest) {
        return String.valueOf(httpServletRequest.getRequestURL().toString()) + (httpServletRequest.getQueryString() != null ? "?" + httpServletRequest.getQueryString() : "");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        log.debug("doFilter <- " + getRequestURI(httpServletRequest));
        if (!containsMessage(httpServletRequest)) {
            checkAccess(httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        log.debug("Received message");
        try {
            Message message = this.messageBuilder.getMessage(new URL(getRequestURI(httpServletRequest)));
            if (message.getParam("ACTION") != null) {
                String obj = message.getParam("ACTION").toString();
                log.debug("Processing message with action '" + obj + "'");
                if (obj.equals(Config.CHECKED_ACTION)) {
                    checkGPoACheckedResponse(httpServletRequest, httpServletResponse, filterChain, new CheckedResponse(message));
                } else {
                    checkAccess(httpServletRequest, httpServletResponse, filterChain);
                }
            }
        } catch (PAPIException e) {
            throw new ServletException(e);
        }
    }

    private void checkGPoACheckedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, CheckedResponse checkedResponse) throws PAPIException, ServletException, IOException {
        log.debug("Checking GPoA Checked response...");
        boolean validCheckedResponse = this.poaCore.validCheckedResponse(checkedResponse);
        log.debug("GPoA Checked response: " + validCheckedResponse);
        if (!validCheckedResponse) {
            forbiddenAccess(httpServletResponse);
            return;
        }
        HCookToken generateHCook = this.poaCore.generateHCook(false, checkedResponse.getGPoACheckedToken().getAssertion());
        this.poaCore.saveHCook(generateHCook, generateHCook.getRandomBlock().hashCode());
        doRequest(httpServletRequest, httpServletResponse, filterChain, generateHCook, this.poaCore.generateLCook(checkedResponse.getGPoACheckedToken().getAssertion()));
    }

    private void checkAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        HCookToken hCookToken = null;
        LCookToken lCookToken = null;
        log.debug("Checking access...");
        String requestURI = getRequestURI(httpServletRequest);
        try {
            Cookie[] cookies = httpServletRequest.getCookies();
            Cookie cookie = getCookie(cookies, this.config.getProperty(Config.COOKIE_HCOOK_NAME));
            if (cookie != null) {
                hCookToken = new HCookToken();
                this.tokenHandler.fillToken(cookie, hCookToken, TokenFormatFactory.getDefaultTokenFormat(this.config), Config.KEY_HCOOK);
            }
            Cookie cookie2 = getCookie(cookies, this.config.getProperty(Config.COOKIE_LCOOK_NAME));
            if (cookie2 != null) {
                lCookToken = new LCookToken();
                this.tokenHandler.fillToken(cookie2, lCookToken, TokenFormatFactory.getDefaultTokenFormat(this.config), Config.KEY_LCOOK);
            }
            if (this.poaCore.checkAccess(requestURI, hCookToken, lCookToken)) {
                log.debug("Access accepted");
                acceptedRequest(httpServletRequest, httpServletResponse, filterChain, hCookToken, lCookToken);
                return;
            }
            log.debug("Access not accepted");
            if (this.poaCore.hasGPoA()) {
                sendCheckRequest(httpServletResponse, requestURI);
            } else {
                forbiddenAccess(httpServletResponse);
            }
        } catch (PAPIException e) {
            throw new ServletException(e);
        }
    }

    private void sendCheckRequest(HttpServletResponse httpServletResponse, String str) throws PAPIException, IOException {
        Request checkRequest = this.poaCore.getCheckRequest(str);
        this.poaCore.saveRequest(checkRequest, checkRequest.getMessage().getParam("DATA").hashCode());
        URL url = (URL) this.messageBuilder.buildMessage(checkRequest.getMessage());
        log.debug("Sending Check request: " + url.toString());
        httpServletResponse.sendRedirect(url.toString());
    }

    private void acceptedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, HCookToken hCookToken, LCookToken lCookToken) throws PAPIException, ServletException, IOException {
        doRequest(httpServletRequest, httpServletResponse, filterChain, hCookToken, lCookToken);
    }

    private void doRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, HCookToken hCookToken, LCookToken lCookToken) throws PAPIException, ServletException, IOException {
        log.debug("Adding cookies hcook and lcook...");
        Cookie cookie = new Cookie(this.config.getProperty(Config.COOKIE_HCOOK_NAME), "");
        cookie.setPath(this.config.getProperty(Config.POA_LOCATION));
        this.tokenHandler.fillTransportObject(cookie, hCookToken, TokenFormatFactory.getDefaultTokenFormat(this.config), Config.KEY_HCOOK);
        Cookie cookie2 = new Cookie(this.config.getProperty(Config.COOKIE_LCOOK_NAME), "");
        cookie2.setPath(this.config.getProperty(Config.POA_LOCATION));
        this.tokenHandler.fillTransportObject(cookie2, lCookToken, TokenFormatFactory.getDefaultTokenFormat(this.config), Config.KEY_LCOOK);
        addAssertionInRequestSession(httpServletRequest, lCookToken.getAssertion());
        addCookiesInResponse(httpServletResponse, new Cookie[]{cookie, cookie2});
        log.debug("Getting the requested URL");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void forbiddenAccess(HttpServletResponse httpServletResponse) throws IOException {
        log.debug("Access forbidden");
        String property = this.config.getProperty(Config.REJECT_MESSAGE);
        if (property == null) {
            httpServletResponse.sendError(403);
        } else {
            httpServletResponse.sendError(403, property);
        }
    }

    private void addAssertionInRequestSession(HttpServletRequest httpServletRequest, Assertion assertion) {
        httpServletRequest.setAttribute(this.config.getProperty(Config.COOKIE_LCOOK_NAME), assertion);
    }

    private void addCookiesInResponse(HttpServletResponse httpServletResponse, Cookie[] cookieArr) {
        for (Cookie cookie : cookieArr) {
            httpServletResponse.addCookie(cookie);
        }
    }

    private Cookie getCookie(Cookie[] cookieArr, String str) {
        if (cookieArr == null) {
            return null;
        }
        for (int i = 0; i < cookieArr.length; i++) {
            if (cookieArr[i].getName().equals(str)) {
                log.debug("Getting cookie '" + str + "'");
                return cookieArr[i];
            }
        }
        return null;
    }

    private boolean containsMessage(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameterMap().containsKey("ACTION");
    }
}
