package com.google.gerrit.httpd.auth.container;

import com.google.common.base.Objects;
import com.google.common.base.Strings;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gwtexpui.server.CacheHeaders;
import com.google.gwtjsonrpc.server.RPCServletUtils;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.FileNotFoundException;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.servlet.VelocityServlet;
import org.eclipse.jgit.util.Base64;
import org.eclipse.jgit.util.HttpSupport;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/auth/container/HttpAuthFilter.class */
class HttpAuthFilter implements Filter {
    private final Provider<WebSession> sessionProvider;
    private final byte[] signInRaw;
    private final byte[] signInGzip;
    private final String loginHeader;
    private final String displaynameHeader;
    private final String emailHeader;

    @Inject
    HttpAuthFilter(Provider<WebSession> provider, AuthConfig authConfig) throws IOException {
        this.sessionProvider = provider;
        String readFile = HtmlDomUtil.readFile(getClass(), "LoginRedirect.html");
        if (readFile == null) {
            throw new FileNotFoundException("No LoginRedirect.html in webapp");
        }
        this.signInRaw = readFile.getBytes("UTF-8");
        this.signInGzip = HtmlDomUtil.compress(this.signInRaw);
        this.loginHeader = (String) Objects.firstNonNull(Strings.emptyToNull(authConfig.getLoginHttpHeader()), "Authorization");
        this.displaynameHeader = Strings.emptyToNull(authConfig.getHttpDisplaynameHeader());
        this.emailHeader = Strings.emptyToNull(authConfig.getHttpEmailHeader());
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        byte[] bArr;
        if (isSessionValid((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (RPCServletUtils.acceptsGzipEncoding((HttpServletRequest) servletRequest)) {
            httpServletResponse.setHeader("Content-Encoding", HttpSupport.ENCODING_GZIP);
            bArr = this.signInGzip;
        } else {
            bArr = this.signInRaw;
        }
        CacheHeaders.setNotCacheable(httpServletResponse);
        httpServletResponse.setContentType(VelocityServlet.DEFAULT_CONTENT_TYPE);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentLength(bArr.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write(bArr);
            outputStream.close();
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    private boolean isSessionValid(HttpServletRequest httpServletRequest) {
        WebSession webSession = this.sessionProvider.get();
        if (!webSession.isSignedIn()) {
            return false;
        }
        String remoteUser = getRemoteUser(httpServletRequest);
        return remoteUser == null || correctUser(remoteUser, webSession);
    }

    private static boolean correctUser(String str, WebSession webSession) {
        AccountExternalId.Key lastLoginExternalId = webSession.getLastLoginExternalId();
        return lastLoginExternalId != null && lastLoginExternalId.equals(new AccountExternalId.Key(AccountExternalId.SCHEME_GERRIT, str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        int indexOf;
        String substring;
        int indexOf2;
        if (!"Authorization".equals(this.loginHeader)) {
            return Strings.emptyToNull(httpServletRequest.getHeader(this.loginHeader));
        }
        String emptyToNull = Strings.emptyToNull(httpServletRequest.getRemoteUser());
        if (emptyToNull != null) {
            return emptyToNull;
        }
        String emptyToNull2 = Strings.emptyToNull(httpServletRequest.getHeader("Authorization"));
        if (emptyToNull2 == null) {
            return null;
        }
        if (emptyToNull2.startsWith("Basic ")) {
            String str = new String(Base64.decode(emptyToNull2.substring("Basic ".length())));
            int indexOf3 = str.indexOf(58);
            if (indexOf3 > 0) {
                return str.substring(0, indexOf3);
            }
            return null;
        }
        if (!emptyToNull2.startsWith("Digest ") || (indexOf = emptyToNull2.indexOf("username=\"")) <= 0 || (indexOf2 = (substring = emptyToNull2.substring(indexOf + 10)).indexOf(34)) <= 0) {
            return null;
        }
        return substring.substring(0, indexOf2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteDisplayname(HttpServletRequest httpServletRequest) {
        if (this.displaynameHeader != null) {
            return Strings.emptyToNull(httpServletRequest.getHeader(this.displaynameHeader));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteEmail(HttpServletRequest httpServletRequest) {
        if (this.emailHeader != null) {
            return Strings.emptyToNull(httpServletRequest.getHeader(this.emailHeader));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLoginHeader() {
        return this.loginHeader;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
