package com.github.farmgeek4life.jenkins.negotiatesso;

import hudson.model.User;
import hudson.security.ACL;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import jenkins.security.seed.UserSeedProperty;
import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import waffle.servlet.NegotiateRequestWrapper;
import waffle.servlet.WindowsPrincipal;

/* loaded from: input_file:com/github/farmgeek4life/jenkins/negotiatesso/NegSecUserSeedFilter.class */
public class NegSecUserSeedFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof NegotiateRequestWrapper) {
            NegotiateRequestWrapper negotiateRequestWrapper = (NegotiateRequestWrapper) servletRequest;
            authenticateJenkins((WindowsPrincipal) negotiateRequestWrapper.getUserPrincipal(), negotiateRequestWrapper);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void authenticateJenkins(WindowsPrincipal windowsPrincipal, HttpServletRequest httpServletRequest) {
        String name = windowsPrincipal.getName();
        if (name.contains("@")) {
            name = name.substring(0, name.indexOf("@"));
        }
        if (name.contains("\\")) {
            name = name.substring(name.indexOf("\\") + 1);
        }
        UserDetails loadUserByUsername2 = Jenkins.get().getSecurityRealm().loadUserByUsername2(name);
        ACL.as2(new UsernamePasswordAuthenticationToken(loadUserByUsername2.getUsername(), loadUserByUsername2.getPassword(), loadUserByUsername2.getAuthorities()));
        populateUserSeed(httpServletRequest, loadUserByUsername2.getUsername());
        SecurityListener.fireLoggedIn(loadUserByUsername2.getUsername());
    }

    @SuppressRestrictedWarnings({UserSeedProperty.class})
    private void populateUserSeed(HttpServletRequest httpServletRequest, String str) {
        if (UserSeedProperty.DISABLE_USER_SEED) {
            return;
        }
        httpServletRequest.getSession().setAttribute("_JENKINS_SESSION_SEED", User.getById(str, true).getProperty(UserSeedProperty.class).getSeed());
    }

    public void destroy() {
    }
}
