package com.google.gerrit.httpd.auth.container;

import com.google.gerrit.common.PageLinks;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AuthMethod;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.AuthResult;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.annotation.Nullable;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpHeaderValues;
import org.eclipse.jgit.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@Singleton
/* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/auth/container/HttpLoginServlet.class */
class HttpLoginServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger log = LoggerFactory.getLogger(HttpLoginServlet.class);
    private static final String AUTHORIZATION = "Authorization";
    private final Provider<WebSession> webSession;
    private final Provider<String> urlProvider;
    private final AccountManager accountManager;
    private final String loginHeader;

    @Inject
    HttpLoginServlet(AuthConfig authConfig, Provider<WebSession> provider, @CanonicalWebUrl @Nullable Provider<String> provider2, AccountManager accountManager) {
        this.webSession = provider;
        this.urlProvider = provider2;
        this.accountManager = accountManager;
        String loginHttpHeader = authConfig.getLoginHttpHeader();
        this.loginHeader = (loginHttpHeader == null || loginHttpHeader.equals("")) ? "Authorization" : loginHttpHeader;
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String token = getToken(httpServletRequest);
        if ("/logout".equals(token) || "/signout".equals(token)) {
            httpServletRequest.getRequestDispatcher("/logout").forward(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletResponse.setHeader("Expires", "Fri, 01 Jan 1980 00:00:00 GMT");
        httpServletResponse.setHeader("Pragma", HttpHeaderValues.NO_CACHE);
        httpServletResponse.setHeader("Cache-Control", "no-cache, must-revalidate");
        String remoteUser = getRemoteUser(httpServletRequest);
        if (remoteUser != null && !"".equals(remoteUser)) {
            try {
                AuthResult authenticate = this.accountManager.authenticate(AuthRequest.forUser(remoteUser));
                StringBuilder sb = new StringBuilder();
                sb.append(this.urlProvider.get());
                sb.append('#');
                if (authenticate.isNew() && !token.startsWith("/register/")) {
                    sb.append(PageLinks.REGISTER);
                }
                sb.append(token);
                this.webSession.get().login(authenticate, AuthMethod.COOKIE, true);
                httpServletResponse.sendRedirect(sb.toString());
                return;
            } catch (AccountException e) {
                log.error("Unable to authenticate user \"" + remoteUser + "\"", (Throwable) e);
                httpServletResponse.sendError(403);
                return;
            }
        }
        log.error("Unable to authenticate user by " + this.loginHeader + " request header.  Check container or server configuration.");
        Document parseFile = HtmlDomUtil.parseFile(HttpLoginServlet.class, "ConfigurationError.html");
        replace(parseFile, "loginHeader", this.loginHeader);
        replace(parseFile, "ServerName", httpServletRequest.getServerName());
        replace(parseFile, "ServerPort", ":" + httpServletRequest.getServerPort());
        replace(parseFile, "ContextPath", httpServletRequest.getContextPath());
        byte[] utf8 = HtmlDomUtil.toUTF8(parseFile);
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentLength(utf8.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write(utf8);
            outputStream.flush();
            outputStream.close();
        } catch (Throwable th) {
            outputStream.flush();
            outputStream.close();
            throw th;
        }
    }

    private void replace(Document document, String str, String str2) {
        Element find = HtmlDomUtil.find(document, str);
        if (find != null) {
            find.setTextContent(str2);
        } else {
            replaceByClass(document, str, str2);
        }
    }

    private void replaceByClass(Node node, String str, String str2) {
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item instanceof Element) {
                Element element = (Element) item;
                if (str.equals(element.getAttribute("class"))) {
                    element.setTextContent(str2);
                }
            }
            replaceByClass(item, str, str2);
        }
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null || pathInfo.isEmpty()) {
            pathInfo = "/";
        } else if (!pathInfo.startsWith("/")) {
            pathInfo = "/" + pathInfo;
        }
        return pathInfo;
    }

    private String getRemoteUser(HttpServletRequest httpServletRequest) {
        int indexOf;
        if (!"Authorization".equals(this.loginHeader)) {
            String header = httpServletRequest.getHeader(this.loginHeader);
            if (header == null || "".equals(header)) {
                return null;
            }
            return header;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser != null && !"".equals(remoteUser)) {
            return remoteUser;
        }
        String header2 = httpServletRequest.getHeader("Authorization");
        if (header2 == null || "".equals(header2)) {
            return null;
        }
        if (header2.startsWith("Basic ")) {
            String str = new String(Base64.decode(header2.substring("Basic ".length())));
            int indexOf2 = str.indexOf(58);
            if (indexOf2 > 0) {
                return str.substring(0, indexOf2);
            }
            return null;
        }
        if (!header2.startsWith("Digest ") || (indexOf = header2.indexOf("username=\"")) <= 0) {
            return null;
        }
        String substring = header2.substring(indexOf + 10);
        if (substring.indexOf(34) > 0) {
            return substring.substring(0, substring.indexOf(34));
        }
        return null;
    }
}
