package com.appiancorp.security.web;

import com.appiancorp.rdbms.config.DataConfiguration;
import com.appiancorp.security.SecurityConfiguration;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.google.common.base.Charsets;
import com.google.common.net.UrlEscapers;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.log4j.helpers.FileWatchdog;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.tuckey.web.filters.urlrewrite.Conf;
import org.tuckey.web.filters.urlrewrite.UrlRewriter;
import org.tuckey.web.filters.urlrewrite.utils.WildcardPattern;

/* loaded from: input_file:com/appiancorp/security/web/AppsPortalVisibilityFilter.class */
public class AppsPortalVisibilityFilter implements Filter {
    private static final String ERROR_PAGE_PATH = "/framework/error/genericerror.jsp";
    private static final String WILDCARD_PREFIX = "wildcard:";
    private static final String REGEX_PREFIX = "regex:";
    private SecurityConfiguration securityConfiguration;
    private ServletContext context;
    private String allowedUrlsPath;
    private String designerAllowedUrlsPath;
    private UrlRewriter urlRewriter;
    private static final Logger LOG = Logger.getLogger(AppsPortalVisibilityFilter.class);
    private static final Pattern NEWLINES = Pattern.compile("[\r\n]");
    private static final List<Pattern> allowedRegexPatterns = new ArrayList();
    private static final List<WildcardPattern> allowedWildcardPatterns = new ArrayList();
    private static final List<Pattern> designerAllowedRegexPatterns = new ArrayList();
    private static final List<WildcardPattern> designerAllowedWildcardPatterns = new ArrayList();

    public void init(FilterConfig filterConfig) throws ServletException {
        this.securityConfiguration = (SecurityConfiguration) ConfigurationFactory.getConfiguration(SecurityConfiguration.class);
        this.allowedUrlsPath = filterConfig.getInitParameter("allowedUrlsPath");
        this.designerAllowedUrlsPath = filterConfig.getInitParameter("designerAllowedUrlsPath");
        this.context = filterConfig.getServletContext();
        Conf conf = new Conf();
        conf.initialise();
        this.urlRewriter = new UrlRewriter(conf);
        loadFilterPatterns(this.allowedUrlsPath, allowedRegexPatterns, allowedWildcardPatterns);
        startWatchingForChange(this.allowedUrlsPath, allowedRegexPatterns, allowedWildcardPatterns);
        loadFilterPatterns(this.designerAllowedUrlsPath, designerAllowedRegexPatterns, designerAllowedWildcardPatterns);
        startWatchingForChange(this.designerAllowedUrlsPath, designerAllowedRegexPatterns, designerAllowedWildcardPatterns);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.securityConfiguration.isAppsPortalVisible()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String pathWithinApplication = this.urlRewriter.getPathWithinApplication(httpServletRequest);
        if (isUrlAllowed(httpServletRequest, pathWithinApplication, this.securityConfiguration)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("url '%s' is FORBIDDEN", stripNewlines(pathWithinApplication)));
        }
        ((HttpServletResponse) servletResponse).setStatus(403);
        servletRequest.getRequestDispatcher(ERROR_PAGE_PATH).forward(servletRequest, servletResponse);
    }

    public static boolean isUrlAllowed(HttpServletRequest httpServletRequest, String str, SecurityConfiguration securityConfiguration) {
        if (securityConfiguration.isAppsPortalVisible()) {
            return true;
        }
        try {
            String path = new URI(UrlEscapers.urlFragmentEscaper().escape(str)).getPath();
            return urlMatchesDesignerAllowList(path) ? isUserDesignerOrAdmin(httpServletRequest) : urlMatchesAllUsersAllowList(path);
        } catch (URISyntaxException e) {
            LOG.error(String.format("background url '%s' is malformed", stripNewlines(str)));
            return false;
        }
    }

    public static boolean isUserDesignerOrAdmin(HttpSession httpSession) {
        if (httpSession == null) {
            return false;
        }
        SecurityContext securityContext = (SecurityContext) httpSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        return SpringSecurityContextHelper.isUserSystemAdmin(securityContext) || SpringSecurityContextHelper.isUserDesigner(securityContext);
    }

    private static String stripNewlines(String str) {
        return NEWLINES.matcher(str).replaceAll("");
    }

    private static boolean urlMatchesAllUsersAllowList(String str) {
        return allowedWildcardPatterns.stream().anyMatch(wildcardPattern -> {
            return wildcardPattern.matcher(str).find();
        }) || allowedRegexPatterns.stream().anyMatch(pattern -> {
            return pattern.matcher(str).find();
        });
    }

    private static boolean urlMatchesDesignerAllowList(String str) {
        return designerAllowedWildcardPatterns.stream().anyMatch(wildcardPattern -> {
            return wildcardPattern.matcher(str).find();
        }) || designerAllowedRegexPatterns.stream().anyMatch(pattern -> {
            return pattern.matcher(str).find();
        });
    }

    private static boolean isUserDesignerOrAdmin(HttpServletRequest httpServletRequest) {
        return isUserDesignerOrAdmin(httpServletRequest.getSession(false));
    }

    public void destroy() {
    }

    private void startWatchingForChange(final String str, final List<Pattern> list, final List<WildcardPattern> list2) {
        FileWatchdog fileWatchdog = new FileWatchdog(this.context.getRealPath(str)) { // from class: com.appiancorp.security.web.AppsPortalVisibilityFilter.1
            protected void doOnChange() {
                AppsPortalVisibilityFilter.this.loadFilterPatterns(str, list, list2);
            }
        };
        fileWatchdog.setDelay(DataConfiguration.CONNECTION_TIMEOUT_MS_DEFAULT);
        fileWatchdog.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadFilterPatterns(String str, List<Pattern> list, List<WildcardPattern> list2) {
        try {
            List<String> readUrlListFile = readUrlListFile(str);
            list.clear();
            list.addAll((Collection) readUrlListFile.stream().filter(str2 -> {
                return str2.startsWith(REGEX_PREFIX);
            }).map(str3 -> {
                return str3.substring(REGEX_PREFIX.length());
            }).map(Pattern::compile).collect(Collectors.toList()));
            list2.clear();
            list2.addAll((Collection) readUrlListFile.stream().filter(str4 -> {
                return str4.startsWith(WILDCARD_PREFIX);
            }).map(str5 -> {
                return str5.substring(WILDCARD_PREFIX.length());
            }).map(WildcardPattern::new).collect(Collectors.toList()));
        } catch (IOException e) {
            LOG.error("Exception loading urls list from file '" + str + "'", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0138: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:77:0x0138 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x013d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:79:0x013d */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.io.InputStreamReader] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    private List<String> readUrlListFile(String str) throws IOException {
        ?? r11;
        ?? r12;
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("Reading portal urls from file '%s'", str));
        }
        InputStream resourceAsStream = this.context.getResourceAsStream(str);
        Throwable th = null;
        try {
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(resourceAsStream, Charsets.UTF_8);
                Throwable th2 = null;
                BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                Throwable th3 = null;
                try {
                    try {
                        ArrayList arrayList = new ArrayList();
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            arrayList.add(readLine);
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug(String.format("Read %d urls from portal urls from file '%s'", Integer.valueOf(arrayList.size()), str));
                        }
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                        return arrayList;
                    } finally {
                    }
                } catch (Throwable th6) {
                    if (bufferedReader != null) {
                        if (th3 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th7) {
                                th3.addSuppressed(th7);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                if (r11 != 0) {
                    if (r12 != 0) {
                        try {
                            r11.close();
                        } catch (Throwable th9) {
                            r12.addSuppressed(th9);
                        }
                    } else {
                        r11.close();
                    }
                }
                throw th8;
            }
        } finally {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
        }
    }
}
