package org.eclipse.orion.server.servlets;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.Status;
import org.eclipse.orion.internal.server.servlets.Activator;
import org.eclipse.orion.internal.server.servlets.workspace.authorization.AuthorizationService;
import org.eclipse.orion.server.authentication.IAuthenticationService;
import org.eclipse.orion.server.core.EncodingUtils;
import org.eclipse.orion.server.core.LogHelper;
import org.eclipse.orion.server.core.ServerStatus;
import org.json.JSONException;
import org.osgi.framework.Version;

/* loaded from: input_file:org/eclipse/orion/server/servlets/AuthorizedUserFilter.class */
public class AuthorizedUserFilter implements Filter {
    private IAuthenticationService authenticationService;

    public void init(FilterConfig filterConfig) throws ServletException {
        while (Activator.getDefault() == null) {
            LogHelper.log(new Status(2, Activator.PI_SERVER_SERVLETS, "Authentication service is not active. AuthorizedUserFilter is waiting.", (Throwable) null));
            try {
                Thread.sleep(500L);
            } catch (InterruptedException unused) {
            }
        }
        while (Activator.getDefault().getAuthService() == null) {
            LogHelper.log(new Status(2, Activator.PI_SERVER_SERVLETS, "Authentication service is not active. AuthorizedUserFilter is waiting. The server configuration must specify an authentication scheme, or use \"None\" to indicate no authentication", (Throwable) null));
            try {
                Thread.sleep(500L);
            } catch (InterruptedException unused2) {
            }
        }
        this.authenticationService = Activator.getDefault().getAuthService();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String remoteUser = httpServletRequest.getRemoteUser();
        String str = remoteUser;
        if (str == null) {
            str = this.authenticationService.getAuthenticatedUser(httpServletRequest, httpServletResponse);
            if (str == null) {
                str = "anonymous";
            }
        }
        try {
            String str2 = String.valueOf(httpServletRequest.getServletPath()) + (httpServletRequest.getPathInfo() == null ? "" : httpServletRequest.getPathInfo());
            if (!AuthorizationService.checkRights(str, str2, httpServletRequest.getMethod())) {
                if (!"anonymous".equals(str)) {
                    setNotAuthorized(httpServletRequest, httpServletResponse, str2);
                    return;
                } else {
                    str = this.authenticationService.authenticateUser(httpServletRequest, httpServletResponse);
                    if (str == null) {
                        return;
                    }
                }
            }
            String header = httpServletRequest.getHeader("X-Create-Options");
            if (header != null) {
                String str3 = null;
                try {
                    String str4 = header.contains("move") ? "POST" : "GET";
                    str3 = OrionServlet.readJSONRequest(httpServletRequest).getString("Location");
                    String path = new URI(str3).normalize().getPath();
                    String substring = path.startsWith(httpServletRequest.getContextPath()) ? path.substring(httpServletRequest.getContextPath().length()) : null;
                    if (substring == null || !AuthorizationService.checkRights(str, substring, str4)) {
                        setNotAuthorized(httpServletRequest, httpServletResponse, str3);
                        return;
                    }
                } catch (URISyntaxException unused) {
                    setNotAuthorized(httpServletRequest, httpServletResponse, str3);
                    return;
                } catch (JSONException unused2) {
                }
            }
            if (remoteUser == null && !"anonymous".equals(str)) {
                servletRequest.setAttribute("org.osgi.service.http.authentication.remote.user", str);
                servletRequest.setAttribute("org.osgi.service.http.authentication.type", this.authenticationService.getAuthType());
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (CoreException unused3) {
            httpServletResponse.sendError(500);
        }
    }

    private void setNotAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        String header = httpServletRequest.getHeader("Orion-Version");
        Version version = header == null ? null : new Version(header);
        String header2 = httpServletRequest.getHeader("X-Requested-With");
        String str2 = "You are not authorized to access " + str;
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        if (version == null && !"XMLHttpRequest".equals(header2)) {
            httpServletResponse.sendError(403, str2);
            return;
        }
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        ServerStatus serverStatus = new ServerStatus(4, 403, EncodingUtils.encodeForHTML(str2), (Throwable) null);
        httpServletResponse.setStatus(403);
        httpServletResponse.getWriter().print(serverStatus.toJSON().toString());
    }

    public void destroy() {
    }
}
