package jenkins.security;

import hudson.security.ACL;
import hudson.util.Scrambler;
import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.acegisecurity.ui.rememberme.NullRememberMeServices;
import org.acegisecurity.ui.rememberme.RememberMeServices;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.199-rc28813.188ca140eec0.jar:jenkins/security/BasicHeaderProcessor.class */
public class BasicHeaderProcessor implements Filter {
    private AuthenticationEntryPoint authenticationEntryPoint;
    private RememberMeServices rememberMeServices = new NullRememberMeServices();
    private static final Logger LOGGER = Logger.getLogger(BasicHeaderProcessor.class.getName());

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setRememberMeServices(RememberMeServices rememberMeServices) {
        this.rememberMeServices = rememberMeServices;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        if (!StringUtils.startsWithIgnoreCase(header, "Basic ")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String descramble = Scrambler.descramble(header.substring(6));
        int indexOf = descramble.indexOf(58);
        if (indexOf < 0) {
            fail(httpServletRequest, httpServletResponse, new BadCredentialsException("Malformed HTTP basic Authorization header"));
            return;
        }
        String substring = descramble.substring(0, indexOf);
        String substring2 = descramble.substring(indexOf + 1);
        if (!authenticationIsRequired(substring)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        for (BasicHeaderAuthenticator basicHeaderAuthenticator : all()) {
            LOGGER.log(Level.FINER, "Attempting to authenticate with {0}", basicHeaderAuthenticator);
            Authentication authenticate = basicHeaderAuthenticator.authenticate(httpServletRequest, httpServletResponse, substring, substring2);
            if (authenticate != null) {
                LOGGER.log(Level.FINE, "Request authenticated as {0} by {1}", new Object[]{authenticate, basicHeaderAuthenticator});
                success(httpServletRequest, httpServletResponse, filterChain, authenticate);
                return;
            }
        }
        fail(httpServletRequest, httpServletResponse, new BadCredentialsException("Invalid password/token for user: " + substring));
    }

    protected boolean authenticationIsRequired(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return true;
        }
        return ((authentication instanceof UsernamePasswordAuthenticationToken) && !authentication.getName().equals(str)) || (authentication instanceof AnonymousAuthenticationToken);
    }

    protected void success(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        this.rememberMeServices.loginSuccess(httpServletRequest, httpServletResponse, authentication);
        SecurityContext impersonate = ACL.impersonate(authentication);
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            SecurityContextHolder.setContext(impersonate);
        } catch (Throwable th) {
            SecurityContextHolder.setContext(impersonate);
            throw th;
        }
    }

    protected void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BadCredentialsException badCredentialsException) throws IOException, ServletException {
        LOGGER.log(Level.FINE, "Authentication of BASIC header failed");
        this.rememberMeServices.loginFail(httpServletRequest, httpServletResponse);
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, badCredentialsException);
    }

    protected List<? extends BasicHeaderAuthenticator> all() {
        return BasicHeaderAuthenticator.all();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
