package se.wfh.libs.common.web.application;

import java.util.Collection;
import java.util.HashSet;
import java.util.Objects;
import javax.faces.application.FacesMessage;
import javax.faces.application.NavigationHandler;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.wfh.libs.common.web.exceptions.AccessDeniedException;
import se.wfh.libs.common.web.util.ApplicationHelper;
import se.wfh.libs.common.web.util.FacesTools;

/* loaded from: input_file:se/wfh/libs/common/web/application/AuthorizationListener.class */
public class AuthorizationListener implements PhaseListener {
    private static final long serialVersionUID = 1;
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationListener.class);
    private static final Collection<String> AUTH_DENIED = new HashSet();
    private static final Collection<String> ADMIN_PREFIX = new HashSet();
    private static final Collection<String> AUTH_PREFIX = new HashSet();
    private HttpSession session = null;
    private String ip = null;

    public static void addAuthDenied(String str) {
        AUTH_DENIED.add(str);
    }

    public static void addAdminPrefix(String str) {
        ADMIN_PREFIX.add(str);
    }

    public static void addAuthPrefix(String str) {
        AUTH_PREFIX.add(str);
    }

    public void afterPhase(PhaseEvent phaseEvent) {
        FacesContext facesContext = phaseEvent.getFacesContext();
        String viewId = facesContext.getViewRoot().getViewId();
        NavigationHandler navigationHandler = facesContext.getApplication().getNavigationHandler();
        HttpServletRequest httpServletRequest = (HttpServletRequest) facesContext.getExternalContext().getRequest();
        this.session = ApplicationHelper.getSession(httpServletRequest);
        this.ip = ApplicationHelper.getIp(httpServletRequest);
        boolean booleanValue = FacesTools.isLoggedIn().booleanValue();
        boolean booleanValue2 = FacesTools.isAdmin().booleanValue();
        if (Objects.equals(viewId, "/logout.xhtml")) {
            LOGGER.warn("Logging out: IP:{}, UserID:{}", this.ip, ApplicationHelper.getUserId(this.session));
            this.session.invalidate();
            navigationHandler.handleNavigation(facesContext, (String) null, "/index.jsf?faces-redirect=true");
            return;
        }
        if (!isAnnonAllowed(viewId) && !booleanValue) {
            LOGGER.warn("Access denied: IP:{}, Page:{}", this.ip, viewId);
            facesContext.addMessage((String) null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Bitte melden Sie sich an, um diese Seite zu sehen.", (String) null));
            navigationHandler.handleNavigation(facesContext, (String) null, "/login.jsf");
        }
        if (isAuthenticatedDisallowed(viewId) && booleanValue && !booleanValue2) {
            LOGGER.warn("Access denied: IP:{}, Page:{}", this.ip, viewId);
            facesContext.addMessage((String) null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Zugriff verweigert.", (String) null));
            navigationHandler.handleNavigation(facesContext, (String) null, "/auth/index.jsf");
        }
    }

    public void beforePhase(PhaseEvent phaseEvent) {
    }

    public PhaseId getPhaseId() {
        return PhaseId.RESTORE_VIEW;
    }

    private boolean isAnnonAllowed(String str) {
        return (AUTH_PREFIX.stream().anyMatch(str2 -> {
            return str.startsWith(str2);
        }) || ADMIN_PREFIX.stream().anyMatch(str3 -> {
            return str.startsWith(str3);
        })) ? false : true;
    }

    private boolean isAuthenticatedDisallowed(String str) {
        String replaceAll = str.replaceAll("\\.(xhtml|jsf)$", "");
        return AUTH_DENIED.contains(replaceAll) || ADMIN_PREFIX.stream().anyMatch(str2 -> {
            return replaceAll.startsWith(str2);
        });
    }

    public static void checkUserAccess(HttpServletRequest httpServletRequest, boolean z, String str) throws AccessDeniedException {
        if (!z || FacesTools.isLoggedIn().booleanValue()) {
            return;
        }
        LOGGER.error("IP {}  tried to invoke the user-only action {}.", ApplicationHelper.getIp(httpServletRequest), str);
        throw new AccessDeniedException("Du darfst die gewählte Aktion nicht ausführen!");
    }

    public static void checkAdminAccess(HttpServletRequest httpServletRequest, boolean z, String str) throws AccessDeniedException {
        if (!z || FacesTools.isAdmin().booleanValue()) {
            return;
        }
        LOGGER.error("IP {}  tried to invoke the admin-only action {}.", ApplicationHelper.getIp(httpServletRequest), str);
        throw new AccessDeniedException("Du darfst die gewählte Aktion nicht ausführen!");
    }
}
