package com.huawei.ranger.security.filter;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.cas.web.CasAuthenticationFilter;

/* loaded from: input_file:com/huawei/ranger/security/filter/CasAuthenticationFilterWrapper.class */
public class CasAuthenticationFilterWrapper extends CasAuthenticationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CasAuthenticationFilterWrapper.class);
    private static final String HEADER_USER_AGENT = "User-Agent";
    private static final String BROWSER_AGENT_PREFIX = "Mozilla";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String LOGIN_CAS_URL = "/login/cas";
    private static final String PARAMETER_TICKET = "ticket";

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!StringUtils.startsWith(httpServletRequest.getHeader("User-Agent"), BROWSER_AGENT_PREFIX) && httpServletRequest.getHeader(HEADER_AUTHORIZATION) != null) {
            LOGGER.info("Request comes from API call, skip cas filter.");
            return false;
        }
        if (needSendRedirect(httpServletRequest, httpServletResponse)) {
            return false;
        }
        LOGGER.debug("Request comes from Mozilla, do cas filter.");
        return super.requiresAuthentication(httpServletRequest, httpServletResponse);
    }

    private boolean needSendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            if (httpServletRequest.getRequestURI() == null || !httpServletRequest.getRequestURI().equals(LOGIN_CAS_URL) || httpServletRequest.getParameter(PARAMETER_TICKET) != null) {
                return false;
            }
            LOGGER.debug("Request comes without ticket, try redirect to origin URL.");
            httpServletResponse.sendRedirect(httpServletRequest.getRequestURL().toString().replace(LOGIN_CAS_URL, ""));
            return true;
        } catch (IOException e) {
            LOGGER.debug("Redirect to origin URL failed, skip.");
            return false;
        }
    }
}
