package org.kuali.rice.krad.web.filter;

import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.kuali.rice.core.api.config.property.ConfigContext;
import org.kuali.rice.kim.api.identity.IdentityService;
import org.kuali.rice.kim.api.identity.principal.Principal;
import org.kuali.rice.kim.api.services.KimApiServiceLocator;
import org.kuali.rice.krad.UserSession;
import org.kuali.rice.krad.exception.AuthenticationException;
import org.kuali.rice.krad.uif.UifConstants;
import org.kuali.rice.krad.util.KRADConstants;
import org.kuali.rice.krad.util.KRADUtils;

/* loaded from: input_file:WEB-INF/lib/rice-krad-web-framework-2412.0002.jar:org/kuali/rice/krad/web/filter/DummyLoginFilter.class */
public class DummyLoginFilter implements Filter {
    private String loginPath;
    private boolean showPassword = false;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.loginPath = ConfigContext.getCurrentContextConfig().getProperty("loginPath");
        this.showPassword = Boolean.valueOf(ConfigContext.getCurrentContextConfig().getProperty("showPassword")).booleanValue();
        if (this.loginPath == null) {
            this.loginPath = "/kr-login/login?viewId=DummyLoginView";
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        final UserSession userSessionFromRequest = KRADUtils.getUserSessionFromRequest(httpServletRequest);
        if (userSessionFromRequest == null) {
            loginRequired(httpServletRequest, httpServletResponse, filterChain);
        } else {
            filterChain.doFilter(new HttpServletRequestWrapper(this, httpServletRequest) { // from class: org.kuali.rice.krad.web.filter.DummyLoginFilter.1
                public String getRemoteUser() {
                    return userSessionFromRequest.getPrincipalName();
                }
            }, httpServletResponse);
        }
    }

    private void loginRequired(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (StringUtils.isNotBlank(httpServletRequest.getParameter(UifConstants.UrlParams.LOGIN_USER))) {
            performLoginAttempt(httpServletRequest, httpServletResponse);
        } else {
            if (StringUtils.equals(httpServletRequest.getPathInfo(), "/listener")) {
                return;
            }
            if (StringUtils.equals(httpServletRequest.getPathInfo(), "/login")) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.sendRedirect(getLoginRedirectUrl(httpServletRequest));
            }
        }
    }

    private void performLoginAttempt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        IdentityService identityService = KimApiServiceLocator.getIdentityService();
        final String parameter = httpServletRequest.getParameter(UifConstants.UrlParams.LOGIN_USER);
        String parameter2 = httpServletRequest.getParameter("__login_pw");
        if (this.showPassword && StringUtils.isBlank(parameter2)) {
            handleInvalidLogin(httpServletRequest, httpServletResponse);
            return;
        }
        Principal principalByPrincipalNameAndPassword = this.showPassword ? identityService.getPrincipalByPrincipalNameAndPassword(parameter, parameter2) : identityService.getPrincipalByPrincipalName(parameter);
        if (principalByPrincipalNameAndPassword == null || !principalByPrincipalNameAndPassword.isActive()) {
            handleInvalidLogin(httpServletRequest, httpServletResponse);
            return;
        }
        UserSession userSession = new UserSession(parameter);
        if (userSession.getPerson() == null) {
            throw new AuthenticationException("Invalid User: " + parameter);
        }
        httpServletRequest.getSession().setAttribute(KRADConstants.USER_SESSION_KEY, userSession);
        httpServletResponse.sendRedirect(ConfigContext.getCurrentContextConfig().getProperty("application.url") + findTargetUrl(new HttpServletRequestWrapper(this, httpServletRequest) { // from class: org.kuali.rice.krad.web.filter.DummyLoginFilter.2
            public String getRemoteUser() {
                return parameter;
            }
        }));
    }

    private void handleInvalidLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.sendRedirect(getLoginRedirectUrl(httpServletRequest) + "&login_message=Invalid Login");
    }

    public void destroy() {
        this.loginPath = null;
    }

    private String getLoginRedirectUrl(HttpServletRequest httpServletRequest) {
        return ConfigContext.getCurrentContextConfig().getProperty("application.url") + this.loginPath + "&returnLocation=" + URLEncoder.encode(findTargetUrl(httpServletRequest), StandardCharsets.UTF_8);
    }

    private String findTargetUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append(httpServletRequest.getServletPath());
        if (StringUtils.isNotBlank(httpServletRequest.getPathInfo())) {
            sb.append(httpServletRequest.getPathInfo());
        }
        if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
            sb.append("?");
            for (String str : httpServletRequest.getQueryString().split("&")) {
                if (isValidProperty(str).booleanValue()) {
                    sb.append("&").append(str);
                }
            }
        }
        return sb.toString().replace("&&", "&").replace("?&", "?");
    }

    private Boolean isValidProperty(String str) {
        int indexOf = str.indexOf("=");
        if (indexOf < 0) {
            return Boolean.FALSE;
        }
        String substring = str.substring(0, indexOf);
        return (substring.equals("__login_pw") || substring.equals(UifConstants.UrlParams.LOGIN_USER) || substring.equals("login_message")) ? Boolean.FALSE : Boolean.TRUE;
    }
}
