package reducing.server.api.web;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import reducing.base.log.Log;
import reducing.base.log.Logger;
import reducing.base.misc.StringHelper;
import reducing.base.security.Role;
import reducing.server.api.Request;
import reducing.server.api.RequestHolder;

/* loaded from: classes.dex */
public class PermissionFilter implements Filter {
    public static final String DELIMITER = ",";
    public static final String PARAM_EXCLUDE = "exclude";
    public static final String PARAM_ROLE = "role";
    private List<Pattern> excludedPatterns;
    private Set<String> excludedURIs;
    private final Logger log = Log.getLogger(toString());
    private Set<Role> rolesRequired;

    private boolean checkIfMatchesExcludedURI(String str) {
        if (this.excludedURIs.contains(str)) {
            return true;
        }
        Iterator<Pattern> it = this.excludedPatterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    private boolean checkIfMatchesRequiredRoles(String str) {
        Request request = RequestHolder.get();
        if (request == null) {
            this.log.warn("ServiceRequest is not initialized yet when client accesses " + str);
            return false;
        }
        if (!request.doILogined()) {
            this.log.warn("Client(" + request + " doesn't login yet when accesses " + str);
            return false;
        }
        if (request.hasRoles(this.rolesRequired)) {
            return true;
        }
        this.log.warn("Client(" + request + " has no required roels(" + this.rolesRequired + ") when accesses " + str);
        return false;
    }

    private static String[] getStringArrayParameter(FilterConfig filterConfig, String str) {
        String initParameter = filterConfig.getInitParameter(str);
        return StringHelper.isBlank(initParameter) ? new String[0] : initParameter.split(DELIMITER);
    }

    private void initExcludedURIs(FilterConfig filterConfig) {
        String[] stringArrayParameter = getStringArrayParameter(filterConfig, "exclude");
        String contextPath = filterConfig.getServletContext().getContextPath();
        this.excludedURIs = new HashSet(stringArrayParameter.length);
        for (String str : stringArrayParameter) {
            this.excludedURIs.add(contextPath + str);
        }
        this.log.info("excluded URI: " + this.excludedURIs);
        this.excludedPatterns = new ArrayList(this.excludedURIs.size());
        for (String str2 : this.excludedURIs) {
            if (str2.contains("*")) {
                this.excludedPatterns.add(Pattern.compile(str2));
            }
        }
        this.log.info("excluded patterns: " + this.excludedPatterns);
    }

    private void initRolesRequired(FilterConfig filterConfig) {
        this.rolesRequired = new HashSet();
        for (String str : getStringArrayParameter(filterConfig, PARAM_ROLE)) {
            this.rolesRequired.add(Role.valueOf(str));
        }
        this.log.info("roles required: " + this.rolesRequired);
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        if (checkIfMatchesExcludedURI(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (checkIfMatchesRequiredRoles(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).sendError(403);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        initExcludedURIs(filterConfig);
        initRolesRequired(filterConfig);
    }
}
