package com.huawei.dap.blu.common.io;

import com.huawei.dap.blu.common.auth.Krb5AuthHandler;
import com.huawei.dap.blu.common.config.ContainerConfig;
import com.huawei.dap.blu.common.exception.AuthException;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/dap/blu/common/io/RequestFilter.class */
public class RequestFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(RequestFilter.class);
    private static final String SDK_CLIENT = "sdk_client";
    private static final int DEFAULT_VALIDITY = 600;
    private int validity;
    private String localHost;
    private Krb5AuthHandler authHandler;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        LOGGER.debug("\n[RequestFilter] request=" + ((Object) httpServletRequest.getRequestURL()));
        if ((isLocalRequest(servletRequest) && !isServiceRequest(servletRequest)) || isSDKRequest(servletRequest) || Objects.equals(httpServletRequest.getAttribute("blu-authenticated"), true)) {
            LOGGER.debug("[RequestFilter] this is a localRequest or SDK request.");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            this.authHandler.authenticate(httpServletRequest);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AuthException e) {
            LOGGER.warn("[RequestFilter] Authentication exception: " + e.getMessage());
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setHeader(Krb5AuthHandler.WWW_AUTHENTICATE, Krb5AuthHandler.NEGOTIATE);
            httpServletResponse.setStatus(401);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        LOGGER.debug("[RequestFilter] enter init request filter");
        if (!ContainerConfig.getInstance().load()) {
            LOGGER.error("[RequestFilter] load ContainerConfig failed!");
            return;
        }
        this.validity = DEFAULT_VALIDITY;
        this.authHandler = new Krb5AuthHandler();
        this.authHandler.init(this.validity);
        this.localHost = ContainerConfig.getInstance().getStrProp(ContainerConfig.CONTAINER_IP_KEY);
    }

    public void destroy() {
        if (this.authHandler != null) {
            this.authHandler.destroy();
            this.authHandler = null;
        }
    }

    public int getValidity() {
        return this.validity;
    }

    private boolean isLocalRequest(ServletRequest servletRequest) {
        return StringUtils.equals(this.localHost, servletRequest.getRemoteAddr());
    }

    private boolean isSDKRequest(ServletRequest servletRequest) {
        return StringUtils.equals("true", ((HttpServletRequest) servletRequest).getHeader(SDK_CLIENT));
    }

    private boolean isServiceRequest(ServletRequest servletRequest) {
        return StringUtils.equals("/sgp", ((HttpServletRequest) servletRequest).getServletPath());
    }
}
