package pl.edu.icm.yadda.aas.client;

import java.io.IOException;
import java.util.ResourceBundle;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import pl.edu.icm.yadda.aas.utils.AuditEventUtil;
import pl.edu.icm.yadda.repo.utils.SpringBeans;
import pl.edu.icm.yadda.service2.usersession.ISessionService;
import pl.edu.icm.yadda.spring.http.ServletContextPropertySource;
import pl.edu.icm.yadda.ui.view.SystemConfiguration;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.4.4.jar:pl/edu/icm/yadda/aas/client/AasSessionFilter.class */
public class AasSessionFilter implements Filter {
    public static final String LOGOUT_JSP = "/logout.jsf";
    public static final boolean CHAIN_ON_LOGOUT_JSP = true;
    public static final String ELSEVIER_IP = "213.135.37.13";
    private static final Log log = LogFactory.getLog(AasSessionFilter.class);

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ResourceBundle.getBundle("pl/edu/icm/yadda/config/ui/features");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(true);
        WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(session.getServletContext());
        IAssertionHolder iAssertionHolder = (IAssertionHolder) webApplicationContext.getBean(SpringBeans.BEAN_ASSERTION_HOLDER);
        ISessionService iSessionService = (ISessionService) webApplicationContext.getBean(SpringBeans.BEAN_AAS_SESSION_SERVICE);
        String property = ((ServletContextPropertySource) webApplicationContext.getBean("propertySource")).getProperty(SystemConfiguration.FEATURES_AAS_DISABLED);
        AuditEventUtil.initAuditFacade(webApplicationContext);
        try {
            iSessionService.connect(session.getId());
            if (Boolean.parseBoolean(property)) {
                iSessionService.bind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME, new SecuritySessionImpl(session.getId(), httpServletRequest.getRemoteAddr()));
            } else {
                if (httpServletRequest.getServletPath().endsWith(LOGOUT_JSP)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    iSessionService.disconnect();
                    return;
                }
                AuditEventUtil auditEventUtil = new AuditEventUtil(AuditEventUtil.AuditEventType.HTTP_SESSION);
                ISecuritySession iSecuritySession = (ISecuritySession) iSessionService.get(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
                if (iSecuritySession != null && iSecuritySession.isInvalidated()) {
                    log.info("Invalidating HttpSession becouse of AasSession has been invalidated!");
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + LOGOUT_JSP);
                    auditEventUtil.closeEvent(AuditEventUtil.AuditEventCode.INVALID, "http session is invalidated");
                    iSessionService.disconnect();
                    return;
                }
                auditEventUtil.closeEvent(AuditEventUtil.AuditEventCode.OK, "http session is intact");
                AuditEventUtil auditEventUtil2 = new AuditEventUtil(AuditEventUtil.AuditEventType.SESSION_CREATE);
                if (iSecuritySession == null || iSecuritySession.getHttpSessionId() == null) {
                    iSecuritySession = new SecuritySessionImpl(session.getId(), httpServletRequest.getRemoteAddr());
                    iSessionService.bind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME, iSecuritySession);
                    LoginResult login = ((IClientSecurityService) webApplicationContext.getBean(SpringBeans.BEAN_CLIENT_SECURITY_SERVICE)).login(httpServletRequest.getRemoteAddr());
                    log.info("LoginResult: decition=" + login.getDecition() + ", errors.size()=" + login.getErrors().size());
                    auditEventUtil2.closeEvent("logging result=" + login.getDecition().toString());
                }
                auditEventUtil2.closeEvent(AuditEventUtil.AuditEventCode.ACTIVE);
                AuditEventUtil auditEventUtil3 = new AuditEventUtil(AuditEventUtil.AuditEventType.SESSION_CREATE, "assertion/session lost check");
                if (iSecuritySession.getSecuritySessionId() != null && !iAssertionHolder.containsAssertion(iSecuritySession.getSecuritySessionId())) {
                    if (!iSecuritySession.isInvalidated()) {
                        iSecuritySession.invalidate();
                        auditEventUtil3.addComment("invalidating aasSession");
                    }
                    iSessionService.unbind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + LOGOUT_JSP);
                    auditEventUtil3.closeEvent(AuditEventUtil.AuditEventCode.CLOSED, "sessionServie set to null");
                    iSessionService.disconnect();
                    return;
                }
                if (iSecuritySession.invalidateOnTimeout()) {
                    iAssertionHolder.remove(iSecuritySession.getSecuritySessionId());
                    iSessionService.unbind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME);
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + LOGOUT_JSP);
                    auditEventUtil3.closeEvent(AuditEventUtil.AuditEventCode.INVALID, "session was invalidated, redirect to logout view");
                    iSessionService.disconnect();
                    return;
                }
                iSessionService.bind(ISecuritySession.SECURITY_SESSION_ATTRIBUTE_NAME, iSecuritySession);
                iSecuritySession.touch();
                auditEventUtil3.closeEvent(AuditEventUtil.AuditEventCode.ACTIVE, "assertion/session is available");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            iSessionService.disconnect();
        } catch (Throwable th) {
            iSessionService.disconnect();
            throw th;
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
