package com.google.gerrit.httpd.auth.container;

import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.httpd.CanonicalWebUrl;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.LoginUrlToken;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.AuthResult;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gwtexpui.server.CacheHeaders;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.servlet.VelocityServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/auth/container/HttpLoginServlet.class */
class HttpLoginServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger log = LoggerFactory.getLogger(HttpLoginServlet.class);
    private final DynamicItem<WebSession> webSession;
    private final CanonicalWebUrl urlProvider;
    private final AccountManager accountManager;
    private final HttpAuthFilter authFilter;
    private final AuthConfig authConfig;

    @Inject
    HttpLoginServlet(DynamicItem<WebSession> dynamicItem, CanonicalWebUrl canonicalWebUrl, AccountManager accountManager, HttpAuthFilter httpAuthFilter, AuthConfig authConfig) {
        this.webSession = dynamicItem;
        this.urlProvider = canonicalWebUrl;
        this.accountManager = accountManager;
        this.authFilter = httpAuthFilter;
        this.authConfig = authConfig;
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String token = LoginUrlToken.getToken(httpServletRequest);
        CacheHeaders.setNotCacheable(httpServletResponse);
        String remoteUser = this.authFilter.getRemoteUser(httpServletRequest);
        if (remoteUser != null && !"".equals(remoteUser)) {
            AuthRequest forUser = AuthRequest.forUser(remoteUser);
            forUser.setDisplayName(this.authFilter.getRemoteDisplayname(httpServletRequest));
            forUser.setEmailAddress(this.authFilter.getRemoteEmail(httpServletRequest));
            try {
                AuthResult authenticate = this.accountManager.authenticate(forUser);
                String remoteExternalIdToken = this.authFilter.getRemoteExternalIdToken(httpServletRequest);
                if (remoteExternalIdToken != null) {
                    try {
                        log.debug("Associating external identity \"{}\" to user \"{}\"", remoteExternalIdToken, remoteUser);
                        updateRemoteExternalId(authenticate, remoteExternalIdToken);
                    } catch (AccountException | OrmException e) {
                        log.error("Unable to associate external identity \"" + remoteExternalIdToken + "\" to user \"" + remoteUser + "\"", e);
                        httpServletResponse.sendError(403);
                        return;
                    }
                }
                StringBuilder sb = new StringBuilder();
                if (!authenticate.isNew() || this.authConfig.getRegisterPageUrl() == null) {
                    sb.append(this.urlProvider.get(httpServletRequest));
                    if (authenticate.isNew() && !token.startsWith("/register/")) {
                        sb.append("#/register");
                    }
                    sb.append(token);
                } else {
                    sb.append(this.authConfig.getRegisterPageUrl());
                }
                this.webSession.get().login(authenticate, true);
                httpServletResponse.sendRedirect(sb.toString());
                return;
            } catch (AccountException e2) {
                log.error("Unable to authenticate user \"" + remoteUser + "\"", (Throwable) e2);
                httpServletResponse.sendError(403);
                return;
            }
        }
        log.error("Unable to authenticate user by " + this.authFilter.getLoginHeader() + " request header.  Check container or server configuration.");
        Document parseFile = HtmlDomUtil.parseFile(HttpLoginServlet.class, "ConfigurationError.html");
        replace(parseFile, "loginHeader", this.authFilter.getLoginHeader());
        replace(parseFile, "ServerName", httpServletRequest.getServerName());
        replace(parseFile, "ServerPort", ":" + httpServletRequest.getServerPort());
        replace(parseFile, "ContextPath", httpServletRequest.getContextPath());
        byte[] utf8 = HtmlDomUtil.toUTF8(parseFile);
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType(VelocityServlet.DEFAULT_CONTENT_TYPE);
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentLength(utf8.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        Throwable th = null;
        try {
            try {
                outputStream.write(utf8);
                if (outputStream != null) {
                    if (0 == 0) {
                        outputStream.close();
                        return;
                    }
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (outputStream != null) {
                if (th != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th4;
        }
    }

    private void updateRemoteExternalId(AuthResult authResult, String str) throws AccountException, OrmException {
        this.accountManager.updateLink(authResult.getAccountId(), new AuthRequest(new AccountExternalId(authResult.getAccountId(), new AccountExternalId.Key(AccountExternalId.SCHEME_EXTERNAL, str)).getExternalId()));
    }

    private void replace(Document document, String str, String str2) {
        Element find = HtmlDomUtil.find(document, str);
        if (find != null) {
            find.setTextContent(str2);
        } else {
            replaceByClass(document, str, str2);
        }
    }

    private void replaceByClass(Node node, String str, String str2) {
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item instanceof Element) {
                Element element = (Element) item;
                if (str.equals(element.getAttribute("class"))) {
                    element.setTextContent(str2);
                }
            }
            replaceByClass(item, str, str2);
        }
    }
}
