package jenkins.security;

import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.AcegiSecurityException;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationTrustResolver;
import org.acegisecurity.AuthenticationTrustResolverImpl;
import org.acegisecurity.InsufficientAuthenticationException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.ui.AbstractProcessingFilter;
import org.acegisecurity.ui.AccessDeniedHandler;
import org.acegisecurity.ui.AccessDeniedHandlerImpl;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.savedrequest.SavedRequest;
import org.acegisecurity.util.PortResolver;
import org.acegisecurity.util.PortResolverImpl;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.175-rc28256.c5c803711387.jar:jenkins/security/ExceptionTranslationFilter.class */
public class ExceptionTranslationFilter implements Filter, InitializingBean {
    private static final Logger LOGGER = Logger.getLogger(ExceptionTranslationFilter.class.getName());
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
    private PortResolver portResolver = new PortResolverImpl();
    private boolean createSessionAllowed = true;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
        Assert.notNull(this.portResolver, "portResolver must be specified");
        Assert.notNull(this.authenticationTrustResolver, "authenticationTrustResolver must be specified");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("HttpServletRequest required");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("HttpServletResponse required");
        }
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            LOGGER.finer("Chain processed normally");
        } catch (IOException e) {
            throw e;
        } catch (ServletException e2) {
            if (!(e2.getRootCause() instanceof AuthenticationException) && !(e2.getRootCause() instanceof AccessDeniedException)) {
                throw e2;
            }
            handleException(servletRequest, servletResponse, filterChain, (AcegiSecurityException) e2.getRootCause());
        } catch (AccessDeniedException | AuthenticationException e3) {
            handleException(servletRequest, servletResponse, filterChain, e3);
        }
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    public AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    public PortResolver getPortResolver() {
        return this.portResolver;
    }

    private void handleException(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, AcegiSecurityException acegiSecurityException) throws IOException, ServletException {
        if (acegiSecurityException instanceof AuthenticationException) {
            LOGGER.log(Level.FINER, "Authentication exception occurred; redirecting to authentication entry point", (Throwable) acegiSecurityException);
            sendStartAuthentication(servletRequest, servletResponse, filterChain, (AuthenticationException) acegiSecurityException);
        } else if (acegiSecurityException instanceof AccessDeniedException) {
            if (this.authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
                LOGGER.log(Level.FINER, "Access is denied (user is anonymous); redirecting to authentication entry point", (Throwable) acegiSecurityException);
                sendStartAuthentication(servletRequest, servletResponse, filterChain, new InsufficientAuthenticationException("Full authentication is required to access this resource", acegiSecurityException));
            } else {
                LOGGER.log(Level.FINER, "Access is denied (user is not anonymous); delegating to AccessDeniedHandler", (Throwable) acegiSecurityException);
                this.accessDeniedHandler.handle(servletRequest, servletResponse, (AccessDeniedException) acegiSecurityException);
            }
        }
    }

    public boolean isCreateSessionAllowed() {
        return this.createSessionAllowed;
    }

    protected void sendStartAuthentication(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, AuthenticationException authenticationException) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        SavedRequest savedRequest = new SavedRequest(httpServletRequest, this.portResolver);
        LOGGER.finer("Authentication entry point being called; SavedRequest added to Session: " + savedRequest);
        if (this.createSessionAllowed) {
            httpServletRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
        }
        SecurityContextHolder.getContext().setAuthentication(null);
        this.authenticationEntryPoint.commence(httpServletRequest, servletResponse, authenticationException);
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public void setCreateSessionAllowed(boolean z) {
        this.createSessionAllowed = z;
    }

    public void setPortResolver(PortResolver portResolver) {
        this.portResolver = portResolver;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
