package com.lunaimaging.insight.web.servlet;

import com.lunaimaging.insight.core.MessageManager;
import com.lunaimaging.insight.core.domain.Authenticable;
import com.lunaimaging.insight.core.domain.IpRange;
import com.lunaimaging.insight.core.domain.MediaCollection;
import com.lunaimaging.insight.core.domain.User;
import com.lunaimaging.insight.core.domain.logic.InsightFacade;
import com.lunaimaging.insight.web.ParameterManager;
import com.lunaimaging.insight.web.SessionManager;
import com.lunaimaging.insight.web.WebMessageManager;
import com.lunaimaging.insight.web.utils.InsightWebUtils;
import com.lunaimaging.security.IpAddressUsernamePasswordToken;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.ListUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.subject.Subject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:com/lunaimaging/insight/web/servlet/AuthenicationInterceptor.class */
public class AuthenicationInterceptor implements HandlerInterceptor {
    protected InsightFacade insight;
    protected String[] loginRequiredUrls;
    protected boolean systemIntialized = false;
    protected Log log = LogFactory.getLog(getClass());

    public void setLoginRequiredUrls(String[] strArr) {
        this.loginRequiredUrls = strArr;
    }

    public void setInsight(InsightFacade insightFacade) {
        this.insight = insightFacade;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        SessionManager.setApplicationContext(httpServletRequest);
        ssoAuthentication(httpServletRequest);
        return authenticateByIp(httpServletRequest, httpServletResponse);
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        SessionManager.setApplicationContext(httpServletRequest);
        authenticateByIp(httpServletRequest, httpServletResponse);
        hasCollections(httpServletRequest, httpServletResponse);
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }

    protected void ssoAuthentication(HttpServletRequest httpServletRequest) {
        User user;
        try {
            Subject subject = SecurityUtils.getSubject();
            IpRange authenticatedEntity = SessionManager.getAuthenticatedEntity(httpServletRequest);
            if (authenticatedEntity instanceof IpRange) {
                subject.getSession().setAttribute("IPRANGE_DEFAULT_CREDENTIAL_ID", Integer.valueOf(authenticatedEntity.getCredentialsId()));
            }
            this.log.debug("(authenticable instanceof User) =  " + (authenticatedEntity instanceof User));
            if (subject.isAuthenticated()) {
                boolean z = false;
                if (authenticatedEntity instanceof User) {
                    User user2 = (User) authenticatedEntity;
                    User user3 = this.insight.getUser(user2.getUsername());
                    ArrayList authorizedCollectionIds = user2.getCredentials().getAuthorizedCollectionIds();
                    ArrayList authorizedCollectionIds2 = user3.getCredentials().getAuthorizedCollectionIds();
                    if (ListUtils.subtract(authorizedCollectionIds, authorizedCollectionIds2).size() != 0 || ListUtils.subtract(authorizedCollectionIds2, authorizedCollectionIds).size() != 0) {
                        z = true;
                    }
                }
                if (!(authenticatedEntity instanceof User) || z) {
                    User aauthenticable = SecurityUtils.getSecurityManager().getCredentialsAuthenticationInfo(new IpAddressUsernamePasswordToken(subject.getPrincipal().toString(), httpServletRequest.getRemoteAddr())).getAauthenticable();
                    this.log.debug("authenticable user = " + (aauthenticable instanceof User));
                    if ((aauthenticable instanceof User) && (user = aauthenticable) != null) {
                        SessionManager.postLogin(httpServletRequest, user, this.insight.getMediaGroup(user.getDefaultGroupId(), user), this.insight.getMediaGroups(user));
                    }
                } else if (authenticatedEntity instanceof User) {
                    User user4 = (User) authenticatedEntity;
                    ArrayList mediaCollections = user4.getMediaCollections();
                    ArrayList arrayList = new ArrayList();
                    if (mediaCollections != null) {
                        Iterator it = mediaCollections.iterator();
                        while (it.hasNext()) {
                            arrayList.add(this.insight.getMediaCollection(((MediaCollection) it.next()).getId()));
                        }
                        user4.setMediaCollections(arrayList);
                    }
                }
            }
        } catch (UnknownAccountException e) {
            this.log.debug(e.getMessage());
        } catch (Exception e2) {
            e2.printStackTrace();
            this.log.debug(e2.getMessage());
        } catch (IncorrectCredentialsException e3) {
            e3.printStackTrace();
            this.log.debug(e3.getMessage());
        }
    }

    protected void authenticateIpRange(HttpServletRequest httpServletRequest) {
        this.log.debug("authenticated entity = " + SessionManager.getAuthenticatedEntity(httpServletRequest));
        this.log.debug("new session = " + httpServletRequest.getSession().isNew());
        if (SessionManager.getAuthenticatedEntity(httpServletRequest) == null || httpServletRequest.getSession().isNew()) {
            if (!this.systemIntialized) {
                System.setProperty("staticResourcePath", httpServletRequest.getSession().getServletContext().getRealPath("/"));
                this.systemIntialized = true;
            }
            IpRange authenticate = this.insight.authenticate(httpServletRequest.getRemoteAddr());
            if (authenticate != null) {
                SessionManager.setAuthenticatedEntity(httpServletRequest, authenticate);
            }
        }
    }

    protected boolean authenticateByIp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        authenticateIpRange(httpServletRequest);
        SessionManager.getCollectionsInContext(httpServletRequest);
        if (this.loginRequiredUrls == null || (SessionManager.getAuthenticatedEntity(httpServletRequest) instanceof User)) {
            return true;
        }
        String str = httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo().toString() : "/";
        for (String str2 : this.loginRequiredUrls) {
            if (str.contains(str2)) {
                login(httpServletRequest, httpServletResponse);
                return false;
            }
        }
        return true;
    }

    protected boolean hasCollections(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo().toString() : "/";
        if (str.contains("/login") || str.contains("/register")) {
            return true;
        }
        Authenticable authenticatedEntity = SessionManager.getAuthenticatedEntity(httpServletRequest);
        if (SessionManager.getCollectionsInContext(httpServletRequest).size() != 0) {
            return true;
        }
        if (authenticatedEntity == null || !getClass().equals(AuthenicationInterceptor.class) || (authenticatedEntity instanceof User)) {
            return false;
        }
        login(httpServletRequest, httpServletResponse);
        return false;
    }

    protected void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setAttribute(ParameterManager.ParamNames.returnUrl.toString(), InsightWebUtils.getRequestUrl(httpServletRequest));
        httpServletRequest.getRequestDispatcher(httpServletRequest.getServletPath() + WebMessageManager.getMessage(MessageManager.MessageKeys.LOGIN_URL, httpServletRequest)).forward(httpServletRequest, httpServletResponse);
    }
}
