package hudson.plugins.collabnet.auth;

import com.collabnet.ce.webservices.CollabNetApp;
import hudson.model.Hudson;
import hudson.plugins.collabnet.util.CommonUtil;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.net.URLEncoder;
import java.rmi.RemoteException;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.apache.axis.transport.http.HTTPConstants;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.spi.LocationInfo;

/* loaded from: input_file:WEB-INF/classes/hudson/plugins/collabnet/auth/CNFilter.class */
public class CNFilter implements Filter {
    private static Logger log = Logger.getLogger("CNFilter");

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (Hudson.getInstance().isUseSecurity()) {
            SecurityRealm securityRealm = Hudson.getInstance().getSecurityRealm();
            if (securityRealm instanceof CollabNetSecurityRealm) {
                CollabNetSecurityRealm collabNetSecurityRealm = (CollabNetSecurityRealm) securityRealm;
                boolean enableSSOAuthFromCTF = collabNetSecurityRealm.getEnableSSOAuthFromCTF();
                boolean enableSSOAuthToCTF = collabNetSecurityRealm.getEnableSSOAuthToCTF();
                Authentication authentication = Hudson.getAuthentication();
                if (enableSSOAuthFromCTF) {
                    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                    String parameter = servletRequest.getParameter("sfUsername");
                    if (parameter != null && !parameter.equals(authentication.getName())) {
                        authentication.setAuthenticated(false);
                    }
                    if (!authentication.isAuthenticated() || authentication.getPrincipal().equals("anonymous")) {
                        loginHudsonUsingCTFSSO((CollabNetSecurityRealm) securityRealm, httpServletRequest);
                    }
                }
                if (enableSSOAuthToCTF && (authentication instanceof CNAuthentication)) {
                    CNAuthentication cNAuthentication = (CNAuthentication) authentication;
                    if (!cNAuthentication.isCNAuthed()) {
                        loginToCTF(cNAuthentication, (CollabNetSecurityRealm) securityRealm, (HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
                        return;
                    }
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void loginHudsonUsingCTFSSO(CollabNetSecurityRealm collabNetSecurityRealm, HttpServletRequest httpServletRequest) {
        String collabNetUrl = collabNetSecurityRealm.getCollabNetUrl();
        String parameter = httpServletRequest.getParameter("sfUsername");
        String parameter2 = httpServletRequest.getParameter("sfLoginToken");
        CNAuthentication cNAuthentication = null;
        boolean z = false;
        if (parameter == null || parameter2 == null) {
            z = true;
        } else {
            CollabNetApp collabNetApp = new CollabNetApp(collabNetUrl, parameter);
            try {
                collabNetApp.loginWithToken(parameter2);
                cNAuthentication = new CNAuthentication(parameter, collabNetApp);
            } catch (RemoteException e) {
                log.severe("Login failed with RemoteException: " + e.getMessage());
                z = true;
            }
        }
        if (z) {
            cNAuthentication = new AnonymousAuthenticationToken("anonymous", "anonymous", new GrantedAuthority[]{new GrantedAuthorityImpl("anonymous")});
        }
        httpServletRequest.getSession(true);
        SecurityContextHolder.getContext().setAuthentication(cNAuthentication);
    }

    private void loginToCTF(CNAuthentication cNAuthentication, CollabNetSecurityRealm collabNetSecurityRealm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        cNAuthentication.setCNAuthed(true);
        String currentUrl = getCurrentUrl(httpServletRequest);
        String str = collabNetSecurityRealm.getCollabNetUrl() + "/sf/sfmain/do/soapredirect?id=" + URLEncoder.encode(cNAuthentication.getSessionId(), "UTF-8") + "&user=" + URLEncoder.encode(cNAuthentication.m233getPrincipal(), "UTF-8");
        if (collabNetSecurityRealm.getEnableSSORedirect()) {
            str = str + "&redirectUrl=" + URLEncoder.encode(currentUrl, "UTF-8");
        }
        httpServletResponse.setStatus(HttpStatus.SC_MOVED_TEMPORARILY);
        httpServletResponse.setHeader(HTTPConstants.HEADER_LOCATION, str);
    }

    public static String getCurrentBaseUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        String rootUrl = Hudson.getInstance().getRootUrl();
        if (rootUrl != null) {
            sb.append(rootUrl);
        } else {
            sb.append(httpServletRequest.getScheme());
            sb.append("://");
            sb.append(httpServletRequest.getServerName());
            if (httpServletRequest.getServerPort() != 80) {
                sb.append(':').append(httpServletRequest.getServerPort());
            }
            sb.append(httpServletRequest.getContextPath());
        }
        return sb.toString();
    }

    public static String getCurrentUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(StringUtils.removeEnd(CommonUtil.stripSlashes(getCurrentBaseUrl(httpServletRequest)), httpServletRequest.getContextPath()));
        if (httpServletRequest.getRequestURI() != null) {
            sb.append(httpServletRequest.getRequestURI());
        }
        if (httpServletRequest.getQueryString() != null) {
            sb.append(LocationInfo.NA + httpServletRequest.getQueryString());
        }
        return sb.toString();
    }

    public void destroy() {
    }
}
