package org.artifactory.webapp.servlet.authentication;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.iterators.EnumerationIterator;
import org.artifactory.addon.AddonsManager;
import org.artifactory.addon.plugin.PluginsAddon;
import org.artifactory.api.context.ContextHelper;
import org.artifactory.api.security.SecurityService;
import org.artifactory.security.exceptions.LoginDisabledException;
import org.artifactory.util.HttpUtils;
import org.artifactory.webapp.servlet.HttpArtifactoryRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

/* loaded from: input_file:org/artifactory/webapp/servlet/authentication/ArtifactoryAuthenticationFilterChain.class */
public class ArtifactoryAuthenticationFilterChain {
    private static final Logger log = LoggerFactory.getLogger(ArtifactoryAuthenticationFilterChain.class);
    private SecurityService securityService;
    private BasicAuthenticationEntryPoint authenticationEntryPoint;
    private final List<ArtifactoryAuthenticationFilter> authenticationFilters = new ArrayList();

    public ArtifactoryAuthenticationFilterChain(BasicAuthenticationEntryPoint basicAuthenticationEntryPoint) {
        this.authenticationEntryPoint = basicAuthenticationEntryPoint;
    }

    public void addFilters(Collection<ArtifactoryAuthenticationFilter> collection) {
        ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter = null;
        ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter2 = null;
        for (ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter3 : collection) {
            if (artifactoryAuthenticationFilter3.getClass().getName().endsWith("SignedUrlAuthenticationFilter")) {
                this.authenticationFilters.add(0, artifactoryAuthenticationFilter3);
            } else if (artifactoryAuthenticationFilter3 instanceof ArtifactoryBasicAuthenticationFilter) {
                artifactoryAuthenticationFilter2 = artifactoryAuthenticationFilter3;
            } else if (artifactoryAuthenticationFilter3.getClass().getName().endsWith("CasAuthenticationFilter")) {
                artifactoryAuthenticationFilter = artifactoryAuthenticationFilter3;
            } else {
                this.authenticationFilters.add(artifactoryAuthenticationFilter3);
            }
        }
        if (artifactoryAuthenticationFilter != null) {
            this.authenticationFilters.add(artifactoryAuthenticationFilter);
        }
        if (artifactoryAuthenticationFilter2 != null) {
            this.authenticationFilters.add(artifactoryAuthenticationFilter2);
        }
    }

    public ArtifactoryAuthenticationFilter acceptFilter(ServletRequest servletRequest) {
        ArrayList newArrayList = Lists.newArrayList();
        for (ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter : this.authenticationFilters) {
            if (artifactoryAuthenticationFilter.acceptFilter(servletRequest)) {
                newArrayList.add(artifactoryAuthenticationFilter);
            }
        }
        if (newArrayList.size() > 1 && log.isDebugEnabled()) {
            log.debug("Ignored filters for request {} {}:\n{}\n\nHeaders: {}", new Object[]{servletRequest instanceof HttpServletRequest ? ((HttpServletRequest) servletRequest).getMethod() : "?METHOD?", servletRequest instanceof HttpServletRequest ? ((HttpServletRequest) servletRequest).getRequestURI() : "?URI?", Joiner.on("\n").join(newArrayList.stream().map(artifactoryAuthenticationFilter2 -> {
                return artifactoryAuthenticationFilter2.getClass().getName();
            }).iterator()), servletRequest instanceof HttpServletRequest ? Joiner.on(", ").join(new EnumerationIterator(((HttpServletRequest) servletRequest).getHeaderNames())) : "?HEADERS?"});
        }
        if (newArrayList.isEmpty()) {
            return null;
        }
        return (ArtifactoryAuthenticationFilter) newArrayList.get(0);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        Iterator<ArtifactoryAuthenticationFilter> it = this.authenticationFilters.iterator();
        while (it.hasNext()) {
            it.next().init(filterConfig);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter, FilterChain filterChain) throws IOException, ServletException {
        FilterChain filterChain2 = (servletRequest2, servletResponse2) -> {
            try {
                ((AddonsManager) ContextHelper.get().beanForType(AddonsManager.class)).addonByType(PluginsAddon.class).executeAdditiveRealmPlugins(new HttpArtifactoryRequest((HttpServletRequest) servletRequest2));
                filterChain.doFilter(servletRequest2, servletResponse2);
            } catch (AuthenticationException e) {
                ((BasicAuthenticationEntryPoint) ContextHelper.get().beanForType(BasicAuthenticationEntryPoint.class)).commence((HttpServletRequest) servletRequest2, (HttpServletResponse) servletResponse2, e);
            }
        };
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        long sessionAccessTime = HttpUtils.getSessionAccessTime(httpServletRequest);
        String remoteClientAddress = HttpUtils.getRemoteClientAddress((HttpServletRequest) servletRequest);
        try {
            String loginIdentifier = getLoginIdentifier(servletRequest, artifactoryAuthenticationFilter);
            if (loginIdentifier == null) {
                log.debug("Login identifier was not resolved");
                artifactoryAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain2);
            } else {
                if (Strings.isNullOrEmpty(loginIdentifier)) {
                    getSecurityService().ensureSessionIsNotLocked(loginIdentifier);
                    getSecurityService().ensureSessionShouldNotBeDelayed(loginIdentifier);
                } else {
                    getSecurityService().ensureUserIsNotLocked(loginIdentifier);
                    getSecurityService().ensureLoginShouldNotBeDelayed(loginIdentifier, sessionAccessTime);
                }
                getSecurityService().updateUserLastAccess(loginIdentifier, remoteClientAddress, sessionAccessTime);
                artifactoryAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain2);
                HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
                if (httpServletResponse2.getStatus() == 401) {
                    log.debug("Filter responded with code {}, registering authentication failure!", Integer.valueOf(httpServletResponse2.getStatus()));
                    getSecurityService().interceptLoginFailure(loginIdentifier, sessionAccessTime);
                } else if (httpServletResponse2.getStatus() >= 400 || httpServletResponse2.getStatus() < 200) {
                    log.debug("Filter responded with code {}, skipping result interception", Integer.valueOf(httpServletResponse2.getStatus()));
                } else {
                    log.debug("Filter responded with code {}, registering authentication success!", Integer.valueOf(httpServletResponse2.getStatus()));
                    getSecurityService().interceptLoginSuccess(loginIdentifier);
                }
            }
        } catch (LockedException | LoginDisabledException | CredentialsExpiredException e) {
            log.debug("{}, cause: {}", e.getMessage(), e);
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
        } catch (AuthenticationException e2) {
            log.debug("User authentication has failed, {}", e2);
            if (!Strings.isNullOrEmpty((String) null)) {
                getSecurityService().interceptLoginFailure((String) null, sessionAccessTime);
            }
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e2);
        }
    }

    private String getLoginIdentifier(ServletRequest servletRequest, ArtifactoryAuthenticationFilter artifactoryAuthenticationFilter) {
        String cacheKey = artifactoryAuthenticationFilter.getCacheKey(servletRequest);
        try {
            cacheKey = artifactoryAuthenticationFilter.getLoginIdentifier(servletRequest);
            if ((artifactoryAuthenticationFilter instanceof ArtifactoryAccessTokenAuthenticationFilter) || (artifactoryAuthenticationFilter instanceof ArtifactoryBasicAuthenticationFilter)) {
                log.debug("Found loginIdentifier {}", cacheKey);
            }
        } catch (BadCredentialsException e) {
            log.debug("Resolving uses access details has failed, {}", e.getMessage());
            if (cacheKey == null) {
                cacheKey = "";
            }
        }
        return cacheKey;
    }

    public void destroy() {
        Iterator<ArtifactoryAuthenticationFilter> it = this.authenticationFilters.iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
    }

    private SecurityService getSecurityService() {
        if (this.securityService == null) {
            this.securityService = (SecurityService) ContextHelper.get().beanForType(SecurityService.class);
        }
        return this.securityService;
    }
}
