package com.huawei.bigdata.om.web.security;

import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.web.api.util.APIContextUtil;
import com.huawei.bigdata.om.web.client.SecurityClient;
import com.huawei.bigdata.om.web.controller.SecurityController;
import com.huawei.bigdata.om.web.util.ToolSpring;
import com.huawei.bigdata.om.web.util.WebSecurityUtil;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/huawei/bigdata/om/web/security/CheckFirstLoginFilter.class */
public class CheckFirstLoginFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CheckFirstLoginFilter.class);
    private static final String SESSION_ATTRIBUTE_IS_SECOND_AUTHORIZATION = "is_second_authorization";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    private String getNormalizeRequestServletURI(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (httpServletRequest.getPathInfo() != null) {
            servletPath = servletPath + httpServletRequest.getPathInfo();
        }
        return servletPath;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String normalizeRequestServletURI = getNormalizeRequestServletURI(httpServletRequest);
        HttpSession session = httpServletRequest.getSession();
        String str = null;
        if (session != null) {
            str = (String) session.getAttribute("CHECK_LOGIN");
        }
        String header = httpServletRequest.getHeader("Authorization");
        boolean z = header != null && header.startsWith("Basic ");
        if (z && session != null) {
            LOGGER.debug("Basic Authentication, init client.");
            if (((SecurityClient) session.getAttribute(APIContextUtil.SECURITY_CLIENT)) == null) {
                LOGGER.debug("Basic Authentication, init client.");
                ((SecurityController) ToolSpring.getBean("securityController")).addWebClientToSession(httpServletRequest, session, session.getServletContext(), new SimplePrincipal());
            }
            session.setAttribute("is_second_authorization", false);
        }
        if (!WebSecurityUtil.isNeedSecurityControl() || !isNeedLoginCheck(str, normalizeRequestServletURI, z)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            LOGGER.error("This url {} is without login check", StringHelper.replaceBlank(normalizeRequestServletURI));
            httpServletResponse.sendRedirect("/web/index.html");
        }
    }

    private boolean isNeedLoginCheck(String str, String str2, boolean z) {
        return (!StringUtils.isEmpty(str) || z || str2.contains("cas_security_check.htm") || str2.contains("login_check_gettoken.htm") || str2.contains("login_check.htm") || str2.contains("modify_password.htm") || str2.contains("ssoLogin.htm") || str2.contains("ssoTest.htm") || str2.contains("te.htm") || str2.contains("/access/accounts.do") || str2.contains("/access/passwordpolicy/loginpolicy.do") || str2.contains("/access/isfirstlogin.do") || str2.contains("/api/v2/permission/config/pwd_policy") || str2.contains("/api/v2/session/login_check") || str2.contains("/api/v2/session/logout") || str2.contains("/api/v2/permission/user/is_first_login") || new AntPathMatcher().match("/api/v2/permission/users/*/password", str2)) ? false : true;
    }

    public void destroy() {
    }
}
