package org.artifactory.webapp.servlet.authentication;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.artifactory.common.ConstantValues;
import org.artifactory.security.exceptions.LoginDisabledException;
import org.artifactory.util.HttpUtils;
import org.artifactory.util.UiRequestUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

/* loaded from: input_file:org/artifactory/webapp/servlet/authentication/ArtifactoryBasicAuthenticationEntryPoint.class */
public class ArtifactoryBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
    public static final String REALM = "Artifactory Realm";

    public void afterPropertiesSet() throws Exception {
        setRealmName(REALM);
        super.afterPropertiesSet();
    }

    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        sendErrorResponseToClient(httpServletRequest, httpServletResponse, authenticationException);
    }

    private void sendErrorResponseToClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        if (isIvyRequest(httpServletRequest, authenticationException) || isAlreadyAuthedNuGetRequest(httpServletRequest, authenticationException) || isUserLocked(authenticationException) || isLoginDisabled(authenticationException) || isCredentialsExpired(authenticationException) || isAlreadyAuthedApiKeyRequest(httpServletRequest, authenticationException)) {
            sendErrorResponse(httpServletRequest, httpServletResponse, authenticationException, 403);
        } else {
            sendErrorResponse(httpServletRequest, httpServletResponse, authenticationException, 401);
        }
    }

    private boolean isCredentialsExpired(AuthenticationException authenticationException) {
        return authenticationException instanceof CredentialsExpiredException;
    }

    private boolean isUserLocked(AuthenticationException authenticationException) {
        return authenticationException instanceof LockedException;
    }

    private boolean isLoginDisabled(AuthenticationException authenticationException) {
        return authenticationException instanceof LoginDisabledException;
    }

    private void sendErrorResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException, int i) throws IOException {
        if (!UiRequestUtils.isUiRestRequest(httpServletRequest)) {
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
        }
        HttpUtils.sendErrorResponse(httpServletResponse, i, authenticationException.getMessage());
    }

    public String getRealmName() {
        return REALM;
    }

    private boolean isIvyRequest(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        return ConstantValues.httpForceForbiddenResponse.getBoolean() && (authenticationException instanceof BadCredentialsException) && httpServletRequest.getHeader("User-Agent").toLowerCase().contains("Ivy".toLowerCase());
    }

    private boolean isAlreadyAuthedNuGetRequest(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        String header = httpServletRequest.getHeader("User-Agent");
        return (authenticationException instanceof BadCredentialsException) && StringUtils.isNotBlank(header) && header.toLowerCase().contains("nuget") && (StringUtils.isNotBlank(httpServletRequest.getHeader("Authorization")) || StringUtils.isNotBlank(httpServletRequest.getHeader("X-NuGet-ApiKey")));
    }

    private boolean isAlreadyAuthedApiKeyRequest(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        return StringUtils.isNotBlank(httpServletRequest.getHeader("X-JFrog-Art-Api")) || StringUtils.isNotBlank(httpServletRequest.getHeader("X-Api-Key"));
    }
}
