package com.google.gerrit.httpd.auth.container;

import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.RemoteUserUtil;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gwtexpui.server.CacheHeaders;
import com.google.gwtjsonrpc.server.RPCServletUtils;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Locale;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jgit.util.HttpSupport;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/auth/container/HttpAuthFilter.class */
class HttpAuthFilter implements Filter {
    private final DynamicItem<WebSession> sessionProvider;
    private final byte[] signInRaw;
    private final byte[] signInGzip;
    private final String loginHeader;
    private final String displaynameHeader;
    private final String emailHeader;
    private final String externalIdHeader;
    private final boolean userNameToLowerCase;

    @Inject
    HttpAuthFilter(DynamicItem<WebSession> dynamicItem, AuthConfig authConfig) throws IOException {
        this.sessionProvider = dynamicItem;
        String readFile = HtmlDomUtil.readFile(getClass(), "LoginRedirect.html");
        if (readFile == null) {
            throw new FileNotFoundException("No LoginRedirect.html in webapp");
        }
        this.signInRaw = readFile.getBytes(HtmlDomUtil.ENC);
        this.signInGzip = HtmlDomUtil.compress(this.signInRaw);
        this.loginHeader = (String) MoreObjects.firstNonNull(Strings.emptyToNull(authConfig.getLoginHttpHeader()), "Authorization");
        this.displaynameHeader = Strings.emptyToNull(authConfig.getHttpDisplaynameHeader());
        this.emailHeader = Strings.emptyToNull(authConfig.getHttpEmailHeader());
        this.externalIdHeader = Strings.emptyToNull(authConfig.getHttpExternalIdHeader());
        this.userNameToLowerCase = authConfig.isUserNameToLowerCase();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        byte[] bArr;
        if (isSessionValid((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (RPCServletUtils.acceptsGzipEncoding((HttpServletRequest) servletRequest)) {
            httpServletResponse.setHeader("Content-Encoding", HttpSupport.ENCODING_GZIP);
            bArr = this.signInGzip;
        } else {
            bArr = this.signInRaw;
        }
        CacheHeaders.setNotCacheable(httpServletResponse);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding(HtmlDomUtil.ENC.name());
        httpServletResponse.setContentLength(bArr.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        Throwable th = null;
        try {
            try {
                outputStream.write(bArr);
                if (outputStream != null) {
                    if (0 == 0) {
                        outputStream.close();
                        return;
                    }
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (outputStream != null) {
                if (th != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th4;
        }
    }

    private boolean isSessionValid(HttpServletRequest httpServletRequest) {
        WebSession webSession = this.sessionProvider.get();
        if (!webSession.isSignedIn()) {
            return false;
        }
        String remoteUser = getRemoteUser(httpServletRequest);
        return remoteUser == null || correctUser(remoteUser, webSession);
    }

    private static boolean correctUser(String str, WebSession webSession) {
        ExternalId.Key lastLoginExternalId = webSession.getLastLoginExternalId();
        return lastLoginExternalId != null && lastLoginExternalId.equals(ExternalId.Key.create("gerrit", str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        String remoteUser = RemoteUserUtil.getRemoteUser(httpServletRequest, this.loginHeader);
        return (!this.userNameToLowerCase || remoteUser == null) ? remoteUser : remoteUser.toLowerCase(Locale.US);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteDisplayname(HttpServletRequest httpServletRequest) {
        if (this.displaynameHeader != null) {
            return Strings.emptyToNull(new String(httpServletRequest.getHeader(this.displaynameHeader).getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteEmail(HttpServletRequest httpServletRequest) {
        if (this.emailHeader != null) {
            return Strings.emptyToNull(httpServletRequest.getHeader(this.emailHeader));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRemoteExternalIdToken(HttpServletRequest httpServletRequest) {
        if (this.externalIdHeader != null) {
            return Strings.emptyToNull(httpServletRequest.getHeader(this.externalIdHeader));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getLoginHeader() {
        return this.loginHeader;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
