package de.accxia.apps.bitbucket.ium.servlet.filter;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.auth.AuthenticationService;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.atlassian.webresource.api.UrlMode;
import com.atlassian.webresource.api.assembler.PageBuilderService;
import de.accxia.apps.bitbucket.ium.conditions.ConditionEvaluatorIUMImpl;
import de.accxia.apps.bitbucket.ium.config.DAO;
import de.accxia.apps.bitbucket.ium.impl.CurrentUser;
import de.accxia.apps.bitbucket.ium.repository.NavUserRepository;
import de.accxia.apps.bitbucket.ium.rest.RestRoute;
import de.accxia.apps.bitbucket.ium.util.IUMHelperService;
import de.accxia.apps.bitbucket.ium.util.Quota;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:de/accxia/apps/bitbucket/ium/servlet/filter/IntelligentUserManagerCerberosFilter.class */
public class IntelligentUserManagerCerberosFilter implements Filter {
    public static final String ORIGIN = "origin";
    public static final String URI_RESTORE = "secure/restore";
    public static final String URI_DISABLE = "secure/disable";

    @ComponentImport
    private final AuthenticationService authenticationService;

    @ComponentImport
    private final AuthenticationContext authenticationContext;

    @ComponentImport
    private final ApplicationProperties applicationProperties;

    @ComponentImport
    private PageBuilderService pageBuilderService;

    @ComponentImport
    private final TemplateRenderer renderer;
    public final NavUserRepository navUserRepository;

    @ComponentImport
    private final NavBuilder navBuilder;
    private final IUMHelperService helperService;
    private static final Logger LOG = LoggerFactory.getLogger(IntelligentUserManagerCerberosFilter.class);
    public static int REST_MAX_COUNT = 3;

    @Inject
    public IntelligentUserManagerCerberosFilter(IUMHelperService iUMHelperService, NavUserRepository navUserRepository, TemplateRenderer templateRenderer, PageBuilderService pageBuilderService, NavBuilder navBuilder, AuthenticationContext authenticationContext, AuthenticationService authenticationService, ApplicationProperties applicationProperties) {
        this.helperService = iUMHelperService;
        this.navUserRepository = navUserRepository;
        this.renderer = templateRenderer;
        this.navBuilder = navBuilder;
        this.authenticationContext = authenticationContext;
        this.authenticationService = authenticationService;
        this.applicationProperties = applicationProperties;
        this.pageBuilderService = pageBuilderService;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (LOG.isDebugEnabled()) {
            LOG.debug("IntelligentUserManagerCerberosFilter doFilter requestURI =" + (httpServletRequest.getRequestURI() != null ? httpServletRequest.getRequestURI() : "N/A") + ", servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "N/A") + ", pathInfo=" + (httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo() : "N/A") + ", user=" + (httpServletRequest.getRemoteUser() != null ? httpServletRequest.getRemoteUser() : "N/A"));
        }
        if (!this.authenticationContext.isAuthenticated()) {
            if (httpServletRequest.getRequestURI() == null || !httpServletRequest.getRequestURI().contains(URI_DISABLE)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Received disable url=secure/disable for unAuthenticated" + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
            }
            ((HttpServletResponse) servletResponse).sendRedirect(httpServletRequest.getContextPath() + "/");
            return;
        }
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null || !currentUser.isActive()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!ConditionEvaluatorIUMImpl.isLicenseValid()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getRequestURI() != null && httpServletRequest.getRequestURI().contains("j_atl_security_logout")) {
            UserSessionTracker.safeRemove(httpServletRequest);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!this.helperService.isUserInGroups(currentUser, DAO.getIUMGroupsDisabled())) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("IntelligentUserManagerCerberosFilter user " + currentUser.getName() + " is not belong to IUM Disable :" + DAO.getIUMGroupsDisabled() + "  ==> forward doFilter ");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getRequestURI() != null && httpServletRequest.getRequestURI().contains(URI_DISABLE)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Received disable url=secure/disable " + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
            }
            String parameter = servletRequest.getParameter("username");
            if (parameter == null || parameter.length() == 0) {
                ((HttpServletResponse) servletResponse).sendRedirect(httpServletRequest.getContextPath() + "/");
                return;
            }
            if (this.helperService.isUserInGroups(this.authenticationContext.getCurrentUser(), DAO.getIUMGroups())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Redirect to the saved url | referrer | base url " + this.applicationProperties.getBaseUrl());
                }
                doGlobalRedirect(httpServletRequest, (HttpServletResponse) servletResponse);
                return;
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Redirect user " + parameter + " to the queue ");
                }
                renderQueueVM(parameter, this.helperService.getQuotaForGroupOfUsername(parameter), httpServletRequest, (HttpServletResponse) servletResponse);
                return;
            }
        }
        if (httpServletRequest.getRequestURI() != null && ((httpServletRequest.getContentType() != null && !httpServletRequest.getContentType().contains("application/json")) || !httpServletRequest.getRequestURI().contains("/rest/"))) {
            UserSessionTracker.createOrUpdate(this.authenticationContext.getCurrentUser(), this.navUserRepository, httpServletRequest);
        }
        if (this.helperService.isUserInGroups(currentUser, DAO.getIUMGroups())) {
            if (httpServletRequest.getRequestURI() == null || !httpServletRequest.getRequestURI().contains(URI_RESTORE)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("IntelligentUserManagerCerberosFilter user " + currentUser.getName() + " belong to IUM Enable :" + DAO.getIUMGroups() + "  ==> forward doFilter ");
                }
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Received restore url=secure/restore  " + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
                }
                doGlobalRedirect(httpServletRequest, (HttpServletResponse) servletResponse);
                return;
            }
        }
        try {
            if (shouldInterceptRestRequest(httpServletRequest)) {
                try {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("TemporaryLicense=" + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
                    }
                    this.helperService.enableUserFromGroup(currentUser, httpServletRequest, true);
                    httpServletRequest.getSession().setAttribute("IUMUSER", currentUser.getName());
                    filterChain.doFilter(servletRequest, servletResponse);
                    this.helperService.forceDisableUserFromGroup(currentUser, httpServletRequest);
                } catch (Exception e) {
                    LOG.error("Exception: " + e.getMessage(), e);
                }
                this.authenticationService.clear();
                return;
            }
            if (httpServletRequest.getRequestURI() != null && (httpServletRequest.getRequestURI().contains("/rest/IUM/latest/apps") || httpServletRequest.getRequestURI().contains("/rest/IUM/latest/check") || httpServletRequest.getRequestURI().contains("/rest/IUM/latest/retry") || httpServletRequest.getRequestURI().contains("/rest/projects") || httpServletRequest.getRequestURI().contains("/rest/plugins/") || httpServletRequest.getRequestURI().contains("/rest/api") || httpServletRequest.getRequestURI().contains("/rest/ui") || httpServletRequest.getRequestURI().contains("/rest/jira-integration") || httpServletRequest.getRequestURI().contains("/rest/analytics") || httpServletRequest.getRequestURI().contains("/rest/gadget/1.0/login"))) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("WatchedRestRequest=" + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
                }
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (httpServletRequest.getRequestURI() != null && httpServletRequest.getRequestURI().contains("/scm")) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Clone Request " + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
                }
                try {
                    try {
                        this.helperService.enableUserFromGroup(currentUser, httpServletRequest, true);
                        httpServletRequest.getSession().setAttribute("IUMUSER", currentUser.getName());
                        filterChain.doFilter(servletRequest, servletResponse);
                        this.helperService.forceDisableUserFromGroup(currentUser, httpServletRequest);
                        return;
                    } catch (Exception e2) {
                        LOG.error("Exception: " + e2.getMessage(), e2);
                        this.helperService.forceDisableUserFromGroup(currentUser, httpServletRequest);
                        return;
                    }
                } finally {
                    this.helperService.forceDisableUserFromGroup(currentUser, httpServletRequest);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("For user[" + currentUser.getName() + "] try to enable route=" + httpServletRequest.getRequestURI());
            }
            CurrentUser enableUserFromGroup = this.helperService.enableUserFromGroup(currentUser, httpServletRequest, false);
            if (enableUserFromGroup == null || enableUserFromGroup.user == null) {
                renderQueueVM(currentUser.getName(), enableUserFromGroup != null ? enableUserFromGroup.noOfUsers : 0, httpServletRequest, httpServletResponse);
                return;
            }
            httpServletRequest.getSession().setAttribute("IUMUSER", currentUser.getName());
            if (httpServletRequest.getRequestURI() == null || !httpServletRequest.getRequestURI().contains(URI_RESTORE) || !httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
                filterChain.doFilter(httpServletRequest, servletResponse);
                return;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Received secure/restore " + httpServletRequest.getRequestURI() + " ,servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "NULL"));
            }
            doGlobalRedirect(httpServletRequest, (HttpServletResponse) servletResponse);
        } catch (Throwable th) {
            this.helperService.forceDisableUserFromGroup(currentUser, httpServletRequest);
            throw th;
        }
    }

    private void doGlobalRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(ORIGIN);
        if (parameter != null && parameter.length() > 0) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("doGlobalRedirect  ==> " + parameter);
            }
            httpServletResponse.sendRedirect(parameter);
            return;
        }
        if (LOG.isWarnEnabled()) {
            LOG.warn("IntelligentUserManagerCerberosFilter doGlobalRedirect requestURI =" + (httpServletRequest.getRequestURI() != null ? httpServletRequest.getRequestURI() : "N/A") + ", servletPath=" + (httpServletRequest.getServletPath() != null ? httpServletRequest.getServletPath() : "N/A") + ", pathInfo=" + (httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo() : "N/A") + ", referer=" + (httpServletRequest.getHeader("referer") != null ? httpServletRequest.getHeader("referer") : "N/A") + ", user=" + (httpServletRequest.getRemoteUser() != null ? httpServletRequest.getRemoteUser() : "N/A"));
            doWarnRequestData(httpServletRequest, httpServletResponse);
        }
        String header = httpServletRequest.getHeader("referer");
        if (header != null && header.length() > 0 && httpServletRequest.getRequestURI() != null && ((httpServletRequest.getRequestURI().contains(URI_DISABLE) || httpServletRequest.getRequestURI().contains(URI_RESTORE)) && (!header.contains(URI_DISABLE) || !header.contains(URI_RESTORE)))) {
            httpServletResponse.sendRedirect(header);
            return;
        }
        if (LOG.isWarnEnabled()) {
            LOG.warn("doGlobalRedirect  ==> /");
        }
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/");
    }

    private void renderQueueVM(String str, Quota quota, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("quota= " + quota);
        }
        renderQueueVM(str, quota.getQueueSizes(), quota.getFreeSlots(), httpServletRequest, httpServletResponse);
    }

    private void renderQueueVM(String str, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        renderQueueVM(str, i, -1, httpServletRequest, httpServletResponse);
    }

    private void renderQueueVM(String str, int i, int i2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header;
        this.applicationProperties.getBaseUrl();
        String parameter = httpServletRequest.getParameter(ORIGIN);
        if ((parameter == null || parameter.length() == 0) && (header = httpServletRequest.getHeader("referer")) != null && !header.contains(URI_DISABLE) && !header.contains("/login.jsp")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Retrive referrer from request: " + header + " update latest ref");
            }
            parameter = header;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(ORIGIN, parameter);
        hashMap.put("applicationProperties", this.applicationProperties);
        hashMap.put("redirUrl", this.applicationProperties.getBaseUrl());
        hashMap.put("duration", DAO.getDuration());
        hashMap.put("username", httpServletRequest.getRemoteUser());
        hashMap.put("queueSize", Integer.valueOf(i));
        if (i2 > 0) {
            hashMap.put("freeSlots", Integer.valueOf(i2));
        }
        httpServletResponse.setContentType("text/html;charset=utf-8");
        this.pageBuilderService.assembler().resources().requireWebResource("de.accxia.apps.bitbucket.ium.IUMForBitbucket:IUM-Check-resources");
        this.pageBuilderService.assembler().resources().requireWebResource("de.accxia.apps.bitbucket.ium.IUMForBitbucket:IUM-resources");
        this.pageBuilderService.assembler().assembled().drainIncludedResources().writeHtmlTags(httpServletResponse.getWriter(), UrlMode.RELATIVE);
        this.renderer.render("templates/queue_IUM.vm", hashMap, httpServletResponse.getWriter());
    }

    private boolean shouldInterceptRestRequest(HttpServletRequest httpServletRequest) {
        if (RestRoute.getInstance().isEmpty()) {
            return false;
        }
        httpServletRequest.getHeader("referer");
        String requestURI = httpServletRequest.getRequestURI();
        return Arrays.stream(RestRoute.getInstance().getAllRestRoutes()).anyMatch(str -> {
            return requestURI.indexOf(str) != -1;
        });
    }

    private void doWarnRequestData(ServletRequest servletRequest, ServletResponse servletResponse) {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (httpServletRequest.getQueryString() != null) {
                LOG.warn("QueryString=" + httpServletRequest.getQueryString());
            }
            for (Cookie cookie : httpServletRequest.getCookies()) {
                LOG.warn(cookie.getName() + " " + cookie.getValue());
            }
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            if (headerNames != null) {
                while (headerNames.hasMoreElements()) {
                    String str = (String) headerNames.nextElement();
                    LOG.warn(str + "=" + httpServletRequest.getHeader(str));
                }
            }
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str2 = (String) parameterNames.nextElement();
                LOG.warn(str2 + "=" + httpServletRequest.getParameter(str2));
            }
            Enumeration attributeNames = httpServletRequest.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str3 = (String) attributeNames.nextElement();
                LOG.warn(str3 + "=" + httpServletRequest.getParameter(str3));
            }
        } catch (Exception e) {
            LOG.error("Exception: " + e.getMessage(), e);
        }
    }
}
