package com.softmotions.ncms.security;

import com.softmotions.ncms.NcmsEnvironment;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/softmotions/ncms/security/NcmsGuardFilter.class */
public class NcmsGuardFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(NcmsGuardFilter.class);
    private URL adminOnUrl;
    private String adminRoot;
    private boolean redirect;

    public NcmsGuardFilter(NcmsEnvironment ncmsEnvironment) {
        this.adminRoot = ncmsEnvironment.getNcmsAdminRoot();
        String text = ncmsEnvironment.xcfg().text("admin-zone-on");
        this.redirect = ncmsEnvironment.xcfg().boolXPath("admin-zone-on/@redirect", false);
        if (StringUtils.isEmpty(text)) {
            return;
        }
        try {
            this.adminOnUrl = new URL(text);
        } catch (MalformedURLException e) {
            log.error("", e);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.adminOnUrl == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            pathInfo = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        }
        boolean startsWith = pathInfo.startsWith(this.adminRoot);
        if (!startsWith && pathInfo.startsWith("/rs/adm/")) {
            startsWith = true;
        }
        if (!startsWith) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getServerName().equals(this.adminOnUrl.getHost())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!this.redirect || !"GET".equals(httpServletRequest.getMethod())) {
            log.warn("Access the admin zone is prohibited, since it does not match '/admin-zone-on' config url: {}. Requested url: {}", this.adminOnUrl, httpServletRequest.getRequestURL());
            httpServletResponse.sendError(403);
            return;
        }
        String str = this.adminOnUrl.toString() + pathInfo;
        if (httpServletRequest.getQueryString() != null) {
            str = str + "?" + httpServletRequest.getQueryString();
        }
        log.info("Redirecting to the admin zone: {}", str);
        httpServletResponse.sendRedirect(str);
    }

    public void destroy() {
    }
}
