package com.ibm.rpm.servlets;

import com.ibm.rpm.RPMUtilityBean;
import com.ibm.rpm.WebUIConstants;
import com.ibm.rpm.framework.ArrayResult;
import com.ibm.rpm.framework.RPMObject;
import com.ibm.rpm.framework.util.ToStringUtil;
import com.ibm.rpm.i18n.LabelExtractor;
import com.ibm.rpm.resource.containers.Resource;
import com.ibm.rpm.resource.containers.ResourceSecurityRights;
import com.ibm.rpm.resource.scope.ResourceScope;
import com.ibm.rpm.security.scope.SecurityGroupScope;
import com.ibm.rpm.util.RPMDataUtil;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.StringTokenizer;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/classes/com/ibm/rpm/servlets/AuthorizationFilter.class */
public class AuthorizationFilter implements Filter, WebUIConstants {
    protected FilterConfig filterConfig;
    protected String _columnName = null;
    protected DataSource _dataSource = null;
    protected String _serverDisplayName = null;
    private static Log log;
    static Class class$com$ibm$rpm$servlets$AuthorizationFilter;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        try {
            InitialContext initialContext = new InitialContext();
            this._dataSource = (DataSource) initialContext.lookup("java:comp/env/jdbc/RPMDATASOURCE");
            this._columnName = (String) initialContext.lookup("java:comp/env/dbColumnName");
        } catch (NamingException e) {
        }
    }

    private String getColumnName() {
        return (this._columnName == null || this._columnName.trim().length() == 0) ? WebUIConstants.UserName : this._columnName;
    }

    private String getServerDisplayName() {
        return this._serverDisplayName == null ? "" : this._serverDisplayName;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        log.info(new StringBuffer().append("HttpSessionID=").append(session.getId()).toString());
        log.info(new StringBuffer().append("HttpSession LastAccessedTime=").append(session.getLastAccessedTime()).toString());
        if (session.getAttribute("RESOURCE_ID") == null) {
            if (httpServletRequest.getUserPrincipal() != null && httpServletRequest.getUserPrincipal().getName() != null && httpServletRequest.getUserPrincipal().getName().trim().length() != 0) {
                String rPMSessionID = getRPMSessionID(httpServletRequest, getColumnName(), httpServletRequest.getUserPrincipal().getName());
                if (((String) session.getAttribute(WebUIConstants.UserName)) == null) {
                    httpServletRequest.setAttribute("username", "");
                    httpServletRequest.setAttribute(WebUIConstants.ERROR_CODE_ATT, "0");
                    httpServletRequest.setAttribute("message", LabelExtractor.get("dojo_login_unknownUser", RPMUtilityBean.getLocale(httpServletRequest)));
                    session.invalidate();
                    httpServletRequest.getRequestDispatcher("/loginError.jsp").forward(httpServletRequest, servletResponse);
                    return;
                }
                log.debug("Getting Resource Security Rights(129)");
                setRoles(session, getSecurityRights((String) session.getAttribute(WebUIConstants.UserName), rPMSessionID));
            } else {
                if (session.getAttribute(WebUIConstants.RPMSessionID) == null || session.getAttribute(WebUIConstants.RPMSessionID).toString().trim().length() == 0) {
                    servletRequest.setAttribute("message", httpServletRequest.getParameter("message"));
                    servletRequest.setAttribute("username", httpServletRequest.getParameter("username"));
                    servletRequest.setAttribute(WebUIConstants.LOGIN_MODE_WORD, WebUIConstants.LOGIN_MODE_LEGACY);
                    servletRequest.getRequestDispatcher(WebUIConstants.LOGIN_PAGE_NAME).forward(servletRequest, servletResponse);
                    return;
                }
                String obj = session.getAttribute(WebUIConstants.RPMSessionID).toString();
                String str = (String) session.getAttribute(WebUIConstants.UserName);
                if (str == null) {
                    servletRequest.setAttribute(WebUIConstants.LOGIN_MODE_WORD, WebUIConstants.LOGIN_MODE_LEGACY);
                    servletRequest.getRequestDispatcher(WebUIConstants.LOGIN_PAGE_NAME).forward(httpServletRequest, servletResponse);
                    return;
                } else {
                    getUserInfos(httpServletRequest, str);
                    log.debug("Getting Resource Security Rights (172)");
                    setRoles(session, getSecurityRights((String) session.getAttribute(WebUIConstants.UserName), obj));
                }
            }
        }
        filterChain.doFilter(httpServletRequest, servletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.filterConfig = null;
    }

    private void setRoles(HttpSession httpSession, ResourceSecurityRights resourceSecurityRights) {
        String str = "";
        StringTokenizer stringTokenizer = new StringTokenizer(ToStringUtil.getText(resourceSecurityRights), IOUtils.LINE_SEPARATOR_UNIX, false);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.toLowerCase().indexOf(Boolean.TRUE.toString()) > 0 && nextToken.toLowerCase().indexOf(" can") > 0) {
                str = new StringBuffer().append(str).append(",").append(nextToken.substring(0, nextToken.indexOf(61)).trim()).toString();
                httpSession.setAttribute(nextToken.substring(0, nextToken.indexOf(61)).trim(), nextToken.substring(0, nextToken.indexOf(61)).trim());
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:101:0x0195 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:105:0x0184 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:109:0x0173 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x01a9  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01ec  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x014c A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:73:0x013b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:77:0x012a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String getRPMSessionID(javax.servlet.http.HttpServletRequest r8, java.lang.String r9, java.lang.String r10) {
        /*
            Method dump skipped, instructions count: 505
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.rpm.servlets.AuthorizationFilter.getRPMSessionID(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String):java.lang.String");
    }

    /* JADX WARN: Removed duplicated region for block: B:59:0x014d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:63:0x013d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:67:0x012c A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:90:0x0108 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:95:0x00f8 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:99:0x00e7 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void getUserInfos(javax.servlet.http.HttpServletRequest r5, java.lang.String r6) {
        /*
            Method dump skipped, instructions count: 348
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.rpm.servlets.AuthorizationFilter.getUserInfos(javax.servlet.http.HttpServletRequest, java.lang.String):void");
    }

    private ResourceSecurityRights getSecurityRights(String str, String str2) {
        ResourceScope resourceScope = new ResourceScope();
        resourceScope.setSecurityGroup(new SecurityGroupScope());
        ArrayResult loadFromXpath = RPMDataUtil.loadFromXpath(str2, new StringBuffer().append("/Resource[@userName='").append(str).append("']").toString(), resourceScope);
        RPMObject[] rpmObjectList = loadFromXpath.getRpmObjectList();
        if (!loadFromXpath.isSuccessful() || rpmObjectList == null) {
            return null;
        }
        return ((Resource) rpmObjectList[0]).getResourceSecurityRights();
    }

    private void saveUserInfos(HttpServletRequest httpServletRequest, ResultSet resultSet) throws SQLException {
        String string = resultSet.getString(WebUIConstants.UserName);
        String string2 = resultSet.getString("FIRST_NAME");
        String string3 = resultSet.getString("LAST_NAME");
        String string4 = resultSet.getString("FULL_NAME");
        String string5 = resultSet.getString("MIDDLE_NAME");
        String string6 = resultSet.getString(WebUIConstants.NickName);
        String string7 = resultSet.getString("RESOURCE_ID");
        String string8 = resultSet.getString(WebUIConstants.EmailAddress);
        String string9 = resultSet.getString(WebUIConstants.EmployeeCode);
        String string10 = resultSet.getString(WebUIConstants.ExternalID);
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute(WebUIConstants.UserName, string);
        session.setAttribute("FIRST_NAME", string2);
        session.setAttribute("LAST_NAME", string3);
        session.setAttribute("FULL_NAME", string4);
        session.setAttribute("MIDDLE_NAME", string5);
        session.setAttribute(WebUIConstants.NickName, string6);
        session.setAttribute("RESOURCE_ID", string7);
        session.setAttribute(WebUIConstants.EmailAddress, string8);
        session.setAttribute(WebUIConstants.EmployeeCode, string9);
        session.setAttribute(WebUIConstants.ExternalID, string10);
        session.setAttribute("serverDisplayName", getServerDisplayName());
        String str = "";
        if (string4 != null) {
            str = string4;
        } else if (string2 != null && string3 != null) {
            MessageFormat.format(LabelExtractor.get("dojo_common_loggedUserDisplayName", RPMUtilityBean.getLocale(httpServletRequest)), string2, string3);
        }
        session.setAttribute(WebUIConstants.DISPLAY_NAME, str);
    }

    private String getColumnName(String str) {
        String str2 = null;
        if (str != null) {
            try {
                if (!"".equals(str)) {
                    str2 = (String) getClass().getField(str).get(this);
                }
            } catch (IllegalAccessException e) {
                log.warn(e);
            } catch (IllegalArgumentException e2) {
                log.warn(e2);
            } catch (NoSuchFieldException e3) {
                log.warn(e3);
            } catch (SecurityException e4) {
                log.warn(e4);
            }
        }
        return str2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$rpm$servlets$AuthorizationFilter == null) {
            cls = class$("com.ibm.rpm.servlets.AuthorizationFilter");
            class$com$ibm$rpm$servlets$AuthorizationFilter = cls;
        } else {
            cls = class$com$ibm$rpm$servlets$AuthorizationFilter;
        }
        log = LogFactory.getLog(cls);
    }
}
