package hudson.security;

import com.google.common.net.HttpHeaders;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Functions;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.404-rc33661.2cff5b_87b_52f.jar:hudson/security/HudsonAuthenticationEntryPoint.class */
public class HudsonAuthenticationEntryPoint implements AuthenticationEntryPoint {
    private final String loginFormUrl;

    public HudsonAuthenticationEntryPoint(String str) {
        this.loginFormUrl = str;
    }

    @Override // org.springframework.security.web.AuthenticationEntryPoint
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        PrintWriter writer;
        if ("XMLHttpRequest".equals(httpServletRequest.getHeader(HttpHeaders.X_REQUESTED_WITH))) {
            httpServletResponse.sendError(403);
            return;
        }
        String requestURI = httpServletRequest.getRequestURI();
        if (httpServletRequest.getQueryString() != null && !httpServletRequest.getQueryString().isEmpty()) {
            requestURI = requestURI + "?" + httpServletRequest.getQueryString();
        }
        String format = MessageFormat.format(httpServletRequest.getContextPath() + this.loginFormUrl, URLEncoder.encode(requestURI, StandardCharsets.UTF_8));
        httpServletRequest.setAttribute("loginForm", format);
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        Functions.advertiseHeaders(httpServletResponse);
        AccessDeniedException3 accessDeniedException3 = null;
        if ((authenticationException instanceof InsufficientAuthenticationException) && (authenticationException.getCause() instanceof AccessDeniedException3)) {
            accessDeniedException3 = (AccessDeniedException3) authenticationException.getCause();
            accessDeniedException3.reportAsHeaders(httpServletResponse);
        }
        try {
            writer = new PrintWriter(new OutputStreamWriter(httpServletResponse.getOutputStream(), StandardCharsets.UTF_8));
        } catch (IllegalStateException e) {
            writer = httpServletResponse.getWriter();
        }
        printResponse(format, writer);
        if (accessDeniedException3 != null) {
            accessDeniedException3.report(writer);
        }
        writer.printf("-->%n%n</body></html>", new Object[0]);
        for (int i = 0; i < 10; i++) {
            writer.print("                              ");
        }
        writer.close();
    }

    @SuppressFBWarnings(value = {"XSS_SERVLET"}, justification = "Intermediate step for redirecting users to login page.")
    private void printResponse(String str, PrintWriter printWriter) {
        printWriter.printf("<html><head><meta http-equiv='refresh' content='1;url=%1$s'/><script>window.location.replace('%1$s');</script></head><body style='background-color:white; color:white;'>%n%n%nAuthentication required%n<!--%n", str);
    }
}
