package io.jenkins.plugins.twofactor.jenkins;

import hudson.Extension;
import hudson.init.Initializer;
import hudson.model.User;
import hudson.util.PluginServletFilter;
import io.jenkins.plugins.twofactor.constants.MoGlobalConfigConstant;
import io.jenkins.plugins.twofactor.constants.MoPluginUrls;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;

@Extension
/* loaded from: input_file:io/jenkins/plugins/twofactor/jenkins/MoFilter.class */
public class MoFilter implements Filter {
    public static final Map<String, Boolean> userAuthenticationStatus = new ConcurrentHashMap();
    public static final Map<String, Boolean> moPluginSettings = new ConcurrentHashMap();
    private static final Logger LOGGER = Logger.getLogger(MoFilter.class.getName());

    public void init(FilterConfig filterConfig) {
        try {
            moPluginSettings.put(MoGlobalConfigConstant.AdminConfiguration.ENABLE_2FA_FOR_ALL_USERS.getKey(), MoGlobalConfig.get().getEnableTfa());
        } catch (Exception e) {
            LOGGER.fine("Exception while initializing filter for global TFA authentication, error is " + e.getMessage());
        }
    }

    @Initializer
    public static void setUpFilter() throws ServletException {
        LOGGER.fine("Setting up the filter for the two-factor plugin");
        PluginServletFilter.addFilter(new MoFilter());
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0094 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00c6 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x001a A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String getRedirectUrlForTfaAuthentication(hudson.model.User r4) {
        /*
            Method dump skipped, instructions count: 353
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.jenkins.plugins.twofactor.jenkins.MoFilter.getRedirectUrlForTfaAuthentication(hudson.model.User):java.lang.String");
    }

    private String sanitizeRequestURI(String str) {
        String trim = str.trim();
        return trim.substring(0, Math.min(trim.length(), 60));
    }

    private boolean urlsToAvoidRedirect(String str, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean JenkinsUrlsToAvoidRedirect(String str) {
        return urlsToAvoidRedirect(str, Arrays.asList("/logout", "/login", "/adjuncts", "/static", "PopupContent", "/ajaxBuildQueue", "/ajaxExecutors", "/descriptorByName", "/checkPluginUrl", "/log"));
    }

    private boolean tfaPluginUrlsToAvoidRedirect(String str) {
        return urlsToAvoidRedirect(str, Arrays.asList(MoPluginUrls.Urls.MO_USER_CONFIG.getUrl() + "/", MoPluginUrls.Urls.MO_SECURITY_QUESTION_CONFIG.getUrl(), "/miniorange-two-factor", MoPluginUrls.Urls.MO_OTP_OVER_EMAIL_CONFIG.getUrl(), MoPluginUrls.Urls.MO_USER_AUTH.getUrl() + "/"));
    }

    private static boolean enableTfaForAllUsers() {
        return moPluginSettings.getOrDefault(MoGlobalConfigConstant.AdminConfiguration.ENABLE_2FA_FOR_ALL_USERS.getKey(), false).booleanValue();
    }

    static boolean isTfaEnabled() {
        return !enableTfaForAllUsers();
    }

    private boolean isTfaVerifiedSession(HttpSession httpSession, User user) {
        try {
            Object attribute = httpSession.getAttribute(user.getId() + MoGlobalConfigConstant.UtilityGlobalConstants.SESSION_2FA_VERIFICATION.getKey());
            if (attribute == null) {
                userAuthenticationStatus.put(user.getId(), false);
                return false;
            }
            boolean parseBoolean = Boolean.parseBoolean(attribute.toString());
            userAuthenticationStatus.put(user.getId(), Boolean.valueOf(parseBoolean));
            return parseBoolean;
        } catch (Exception e) {
            LOGGER.fine("An error occurred while fetching session: " + e.getMessage());
            return false;
        }
    }

    private boolean byPass2FA(User user, String str, HttpSession httpSession) {
        return user == null || isTfaVerifiedSession(httpSession, user) || isTfaEnabled() || tfaPluginUrlsToAvoidRedirect(str) || JenkinsUrlsToAvoidRedirect(str);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            User current = User.current();
            HttpSession session = httpServletRequest.getSession();
            if (byPass2FA(current, httpServletRequest.getPathInfo(), session)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String redirectUrlForTfaAuthentication = getRedirectUrlForTfaAuthentication(current);
            if (redirectUrlForTfaAuthentication.equals("SKIP_FILTER")) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String requestURI = httpServletRequest.getRequestURI();
            if (session.getAttribute("tfaRelayState") == null) {
                session.setAttribute("tfaRelayState", sanitizeRequestURI(requestURI));
            }
            LOGGER.fine(httpServletRequest.getRequestURI() + " is being redirecting for 2FA, saved relay state is " + requestURI);
            httpServletResponse.sendRedirect(Jenkins.get().getRootUrl() + redirectUrlForTfaAuthentication);
        } catch (Exception e) {
            filterChain.doFilter(servletRequest, servletResponse);
            LOGGER.fine("Error in filter processing " + e.getMessage());
        }
    }

    public void destroy() {
    }
}
