package hudson.security;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.User;
import hudson.util.Scrambler;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import jenkins.security.BasicApiTokenHelper;
import jenkins.security.SecurityListener;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.329-rc31970.59e0fb_69eeee.jar:hudson/security/BasicAuthenticationFilter.class */
public class BasicAuthenticationFilter implements Filter {
    private ServletContext servletContext;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.servletContext = filterConfig.getServletContext();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        String servletPath = httpServletRequest.getServletPath();
        if (header == null || httpServletRequest.getUserPrincipal() != null || servletPath.startsWith("/secured/") || !Jenkins.get().isUseSecurity()) {
            if (httpServletRequest.getUserPrincipal() != null) {
                SecurityContextHolder.getContext().setAuthentication(new ContainerAuthentication(httpServletRequest));
            }
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } finally {
            }
        }
        String str = null;
        String str2 = null;
        String descramble = Scrambler.descramble(header.substring(6));
        int indexOf = descramble.indexOf(58);
        if (indexOf >= 0) {
            str = descramble.substring(0, indexOf);
            str2 = descramble.substring(indexOf + 1);
        }
        if (str == null) {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Jenkins user\"");
            return;
        }
        User isConnectingUsingApiToken = BasicApiTokenHelper.isConnectingUsingApiToken(str, str2);
        if (isConnectingUsingApiToken != null) {
            UserDetails userDetailsForImpersonation2 = isConnectingUsingApiToken.getUserDetailsForImpersonation2();
            Authentication impersonate = isConnectingUsingApiToken.impersonate(userDetailsForImpersonation2);
            SecurityListener.fireAuthenticated2(userDetailsForImpersonation2);
            SecurityContextHolder.getContext().setAuthentication(impersonate);
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } finally {
            }
        }
        String str3 = httpServletRequest.getContextPath() + "/secured" + servletPath;
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            str3 = str3 + '?' + queryString;
        }
        prepareRedirect(httpServletResponse, str3);
        this.servletContext.getRequestDispatcher("/j_security_check?j_username=" + URLEncoder.encode(str, "UTF-8") + "&j_password=" + URLEncoder.encode(str2, "UTF-8")).include(httpServletRequest, httpServletResponse);
    }

    @SuppressFBWarnings(value = {"UNVALIDATED_REDIRECT"}, justification = "Redirect is validated as processed.")
    private void prepareRedirect(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setStatus(302);
        httpServletResponse.setHeader("Location", str);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
