package org.artifactory.webapp.servlet.authentication;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.artifactory.api.repo.RepositoryService;
import org.artifactory.api.security.SecurityService;
import org.artifactory.descriptor.repo.RepoType;
import org.artifactory.descriptor.repo.VirtualRepoDescriptor;
import org.artifactory.util.HttpUtils;
import org.artifactory.webapp.servlet.HttpArtifactoryRequest;
import org.artifactory.webapp.servlet.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/artifactory/webapp/servlet/authentication/OssForceAuthenticationFilter.class */
public class OssForceAuthenticationFilter implements ArtifactoryAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(OssForceAuthenticationFilter.class);
    private RepositoryService repoService;
    private SecurityService securityService;

    @Autowired
    public void setRepoService(RepositoryService repositoryService) {
        this.repoService = repositoryService;
    }

    @Autowired
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public boolean requiresReAuthentication(ServletRequest servletRequest, Authentication authentication) {
        return acceptFilter(servletRequest);
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public boolean acceptFilter(ServletRequest servletRequest) {
        boolean isMavenVirtualRepoForcedAuthentication = isMavenVirtualRepoForcedAuthentication(servletRequest);
        boolean z = !AuthenticationFilterUtils.isRequestContainsAuthentication((HttpServletRequest) servletRequest, this.securityService);
        log.trace("[{}] repoIsForcingAuthentication: {}; noAuthentication:{}", new Object[]{RequestUtils.getServletPathFromRequest((HttpServletRequest) servletRequest), Boolean.valueOf(isMavenVirtualRepoForcedAuthentication), Boolean.valueOf(z)});
        return isMavenVirtualRepoForcedAuthentication && z;
    }

    private boolean isMavenVirtualRepoForcedAuthentication(ServletRequest servletRequest) {
        String tryExtractingRepoKeyFromRequest = tryExtractingRepoKeyFromRequest(servletRequest);
        if (StringUtils.isBlank(tryExtractingRepoKeyFromRequest)) {
            log.trace("Request is not to a repo");
            return false;
        }
        VirtualRepoDescriptor repoDescriptorByKey = this.repoService.repoDescriptorByKey(tryExtractingRepoKeyFromRequest);
        if ((repoDescriptorByKey instanceof VirtualRepoDescriptor) && RepoType.Maven.equals(repoDescriptorByKey.getType())) {
            return repoDescriptorByKey.isForceMavenAuthentication();
        }
        log.trace("Request is to repo {} which is not a virtual Maven repo", tryExtractingRepoKeyFromRequest);
        return false;
    }

    private String tryExtractingRepoKeyFromRequest(ServletRequest servletRequest) {
        try {
            String repoKey = new HttpArtifactoryRequest((HttpServletRequest) servletRequest).getRepoKey();
            if ("ui".equals(repoKey) || "api".equals(repoKey) || "webapp".equals(repoKey)) {
                return null;
            }
            return repoKey;
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        sendHttpAuthChallenge((HttpServletResponse) servletResponse);
    }

    private void sendHttpAuthChallenge(HttpServletResponse httpServletResponse) throws IOException {
        log.debug("Anonymous user resolving via virtual repo with authRequired flag on - sending auth challenge");
        httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Artifactory Realm\"");
        HttpUtils.sendErrorResponse(httpServletResponse, 401, "Unauthorized");
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public String getCacheKey(ServletRequest servletRequest) {
        return null;
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public String getLoginIdentifier(ServletRequest servletRequest) {
        return null;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }
}
