package jenkins.security;

import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.util.Scrambler;
import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.435-rc34418.3c8d90569b_c4.jar:jenkins/security/BasicHeaderProcessor.class */
public class BasicHeaderProcessor implements Filter {
    private AuthenticationEntryPoint authenticationEntryPoint;
    private RememberMeServices rememberMeServices = new NullRememberMeServices();
    private static final Logger LOGGER = Logger.getLogger(BasicHeaderProcessor.class.getName());

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setRememberMeServices(RememberMeServices rememberMeServices) {
        this.rememberMeServices = rememberMeServices;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        if (!StringUtils.startsWithIgnoreCase(header, ServerHttpBasicAuthenticationConverter.BASIC)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String descramble = Scrambler.descramble(header.substring(6));
        int indexOf = descramble.indexOf(58);
        if (indexOf < 0) {
            fail(httpServletRequest, httpServletResponse, new BadCredentialsException("Malformed HTTP basic Authorization header"));
            return;
        }
        String substring = descramble.substring(0, indexOf);
        String substring2 = descramble.substring(indexOf + 1);
        if (!authenticationIsRequired(substring)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        for (BasicHeaderAuthenticator basicHeaderAuthenticator : all()) {
            LOGGER.log(Level.FINER, "Attempting to authenticate with {0}", basicHeaderAuthenticator);
            Authentication authenticate2 = basicHeaderAuthenticator.authenticate2(httpServletRequest, httpServletResponse, substring, substring2);
            if (authenticate2 != null) {
                LOGGER.log(Level.FINE, "Request authenticated as {0} by {1}", new Object[]{authenticate2, basicHeaderAuthenticator});
                success(httpServletRequest, httpServletResponse, filterChain, authenticate2);
                return;
            }
        }
        fail(httpServletRequest, httpServletResponse, new BadCredentialsException("Invalid password/token for user: " + substring));
    }

    protected boolean authenticationIsRequired(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return true;
        }
        if (!(authentication instanceof UsernamePasswordAuthenticationToken) || authentication.getName().equals(str)) {
            return authentication instanceof AnonymousAuthenticationToken;
        }
        return true;
    }

    protected void success(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        this.rememberMeServices.loginSuccess(httpServletRequest, httpServletResponse, authentication);
        ACLContext as2 = ACL.as2(authentication);
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (as2 != null) {
                as2.close();
            }
        } catch (Throwable th) {
            if (as2 != null) {
                try {
                    as2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BadCredentialsException badCredentialsException) throws IOException, ServletException {
        LOGGER.log(Level.FINE, "Authentication of BASIC header failed");
        this.rememberMeServices.loginFail(httpServletRequest, httpServletResponse);
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, badCredentialsException);
    }

    protected List<? extends BasicHeaderAuthenticator> all() {
        return BasicHeaderAuthenticator.all();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
