package de.itsvs.cwtrpc.security;

import com.google.gwt.user.server.rpc.RPC;
import com.google.gwt.user.server.rpc.RPCRequest;
import de.itsvs.cwtrpc.core.CwtRpcException;
import de.itsvs.cwtrpc.core.CwtRpcUtils;
import de.itsvs.cwtrpc.core.ExtendedSerializationPolicyProvider;
import de.itsvs.cwtrpc.core.ExtendedSerializationPolicyProviderDelegate;
import java.io.IOException;
import java.lang.reflect.Method;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:de/itsvs/cwtrpc/security/AbstractRpcProcessingFilter.class */
public abstract class AbstractRpcProcessingFilter extends GenericFilterBean implements BeanFactoryAware {
    public static final String GWT_RPC_REQUEST_ATTR_NAME = AbstractRpcProcessingFilter.class.getName().concat(".gwtRpcRequest");
    private static final String POST_METHOD = "POST";
    private BeanFactory beanFactory;
    private String filterProcessesUrl;
    private Class<?> serviceInterface;
    private String methodName;
    private ExtendedSerializationPolicyProvider serializationPolicyProvider;
    private final Log log = LogFactory.getLog(AbstractRpcProcessingFilter.class);
    private boolean postOnly = true;

    public BeanFactory getBeanFactory() {
        return this.beanFactory;
    }

    public void setBeanFactory(BeanFactory beanFactory) {
        this.beanFactory = beanFactory;
    }

    public String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }

    public void setFilterProcessesUrl(String str) {
        Assert.hasText(str, "'filterProcessesUrl' must not be null");
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), str + " is not a valid URL");
        this.filterProcessesUrl = str;
    }

    public boolean isPostOnly() {
        return this.postOnly;
    }

    public void setPostOnly(boolean z) {
        this.postOnly = z;
    }

    public Class<?> getServiceInterface() {
        return this.serviceInterface;
    }

    public void setServiceInterface(Class<?> cls) {
        Assert.notNull(cls, "'serviceInterface' must not be null");
        this.serviceInterface = cls;
    }

    public String getMethodName() {
        return this.methodName;
    }

    public void setMethodName(String str) {
        Assert.hasText(str, "'methodName' must not be empty");
        this.methodName = str;
    }

    public ExtendedSerializationPolicyProvider getSerializationPolicyProvider() {
        return this.serializationPolicyProvider;
    }

    public void setSerializationPolicyProvider(ExtendedSerializationPolicyProvider extendedSerializationPolicyProvider) {
        Assert.notNull(extendedSerializationPolicyProvider, "'serializationPolicyProvider' must not be null");
        this.serializationPolicyProvider = extendedSerializationPolicyProvider;
    }

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(getFilterProcessesUrl(), "'filterProcessesUrl' must be specified");
        Assert.notNull(getServiceInterface(), "'serviceInterface' must be specified");
        Assert.isTrue(getServiceInterface().isInterface(), "'serviceInterface' " + getServiceInterface().getName() + " must be an interface");
        Assert.notNull(getMethodName(), "'methodName' must be specified");
        boolean z = false;
        Method[] methods = getServiceInterface().getMethods();
        int length = methods.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (methods[i].getName().equals(getMethodName())) {
                z = true;
                break;
            }
            i++;
        }
        Assert.isTrue(z, "'serviceInterface' " + getServiceInterface().getName() + " does not include method '" + getMethodName() + "'");
        if (getSerializationPolicyProvider() == null) {
            if (!getBeanFactory().containsBean("serializationPolicyProvider")) {
                throw new CwtRpcException("Either 'serializationPolicyProvider' must be specified or bean 'serializationPolicyProvider' must be available (controller or serialization policy provider must be declared before this bean)");
            }
            if (this.log.isInfoEnabled()) {
                this.log.info("Using serialization policy provided with bean name 'serializationPolicyProvider'");
            }
            setSerializationPolicyProvider((ExtendedSerializationPolicyProvider) getBeanFactory().getBean("serializationPolicyProvider", ExtendedSerializationPolicyProvider.class));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (filterProcesses((HttpServletRequest) servletRequest)) {
            process((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected boolean filterProcesses(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        return matchesFilterProcessesUrl(httpServletRequest) && matchesMethodName(httpServletRequest);
    }

    protected boolean matchesFilterProcessesUrl(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        String contextPath = httpServletRequest.getContextPath();
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI());
        if (contextPath.length() > 0 && sb.indexOf(contextPath) == 0) {
            sb.delete(0, contextPath.length());
        }
        if (sb.length() == 0 || sb.charAt(0) != '/') {
            sb.insert(0, '/');
        }
        String sb2 = sb.toString();
        if (this.log.isDebugEnabled()) {
            this.log.debug("Checking received URI '" + sb2 + "' against configured URI '" + getFilterProcessesUrl() + "'");
        }
        return getFilterProcessesUrl().equals(sb2);
    }

    protected boolean matchesMethodName(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        RPCRequest readRpcRequest = readRpcRequest(httpServletRequest);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Checking received method name '" + readRpcRequest.getMethod().getName() + "' against configured method name '" + getMethodName() + "'");
        }
        return getMethodName().equals(readRpcRequest.getMethod().getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void invalidateSession(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Invalidating session " + session.getId());
            }
            session.invalidate();
        }
    }

    protected abstract void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException;

    /* JADX INFO: Access modifiers changed from: protected */
    public RPCRequest readRpcRequest(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        RPCRequest rpcRequest = getRpcRequest(httpServletRequest);
        if (rpcRequest == null) {
            if (isPostOnly() && !POST_METHOD.equals(httpServletRequest.getMethod())) {
                throw new org.springframework.security.authentication.AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
            }
            rpcRequest = RPC.decodeRequest(readContent(httpServletRequest), getServiceInterface(), new ExtendedSerializationPolicyProviderDelegate(getSerializationPolicyProvider(), httpServletRequest));
            httpServletRequest.setAttribute(GWT_RPC_REQUEST_ATTR_NAME, rpcRequest);
        }
        return rpcRequest;
    }

    protected String readContent(HttpServletRequest httpServletRequest) throws ServletException, IOException, SecurityException {
        return CwtRpcUtils.readContent(httpServletRequest);
    }

    public static RPCRequest getRpcRequest(HttpServletRequest httpServletRequest) {
        return (RPCRequest) httpServletRequest.getAttribute(GWT_RPC_REQUEST_ATTR_NAME);
    }
}
