package com.google.gerrit.httpd.auth.oauth;

import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.LoginUrlToken;
import com.google.gerrit.httpd.template.SiteHeaderFooter;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.SortedMap;
import java.util.SortedSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/auth/oauth/OAuthWebFilter.class */
class OAuthWebFilter implements Filter {
    static final String GERRIT_LOGIN = "/login";
    private final Provider<String> urlProvider;
    private final Provider<OAuthSession> oauthSessionProvider;
    private final DynamicMap<OAuthServiceProvider> oauthServiceProviders;
    private final SiteHeaderFooter header;
    private OAuthServiceProvider ssoProvider;

    @Inject
    OAuthWebFilter(@CanonicalWebUrl @Nullable Provider<String> provider, DynamicMap<OAuthServiceProvider> dynamicMap, Provider<OAuthSession> provider2, SiteHeaderFooter siteHeaderFooter) {
        this.urlProvider = provider;
        this.oauthServiceProviders = dynamicMap;
        this.oauthSessionProvider = provider2;
        this.header = siteHeaderFooter;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        pickSSOServiceProvider();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        OAuthSession oAuthSession = this.oauthSessionProvider.get();
        if (servletRequest.getParameter("link") != null) {
            oAuthSession.setLinkMode(true);
            oAuthSession.setServiceProvider(null);
        }
        String parameter = httpServletRequest.getParameter("provider");
        OAuthServiceProvider serviceProvider = this.ssoProvider == null ? oAuthSession.getServiceProvider() : this.ssoProvider;
        if (!isGerritLogin(httpServletRequest) && !oAuthSession.isOAuthFinal(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        if (serviceProvider == null && Strings.isNullOrEmpty(parameter)) {
            selectProvider(httpServletRequest, httpServletResponse, null);
            return;
        }
        if (serviceProvider == null) {
            serviceProvider = findService(parameter);
        }
        oAuthSession.setServiceProvider(serviceProvider);
        oAuthSession.login(httpServletRequest, httpServletResponse, serviceProvider);
    }

    private OAuthServiceProvider findService(String str) throws ServletException {
        for (String str2 : this.oauthServiceProviders.plugins()) {
            for (Map.Entry<String, Provider<OAuthServiceProvider>> entry : this.oauthServiceProviders.byPlugin(str2).entrySet()) {
                if (str.equals(String.format("%s_%s", str2, entry.getKey()))) {
                    return entry.getValue().get();
                }
            }
        }
        throw new ServletException("No provider found for: " + str);
    }

    private void selectProvider(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable String str) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        String str2 = ((String) MoreObjects.firstNonNull(this.urlProvider != null ? this.urlProvider.get() : "/", "/")) + LoginUrlToken.getToken(httpServletRequest);
        Document parse = this.header.parse(OAuthWebFilter.class, "LoginForm.html");
        HtmlDomUtil.find(parse, "hostName").setTextContent(httpServletRequest.getServerName());
        HtmlDomUtil.find(parse, "login_form").setAttribute("action", requestURI);
        HtmlDomUtil.find(parse, "cancel_link").setAttribute("href", str2);
        Element find = HtmlDomUtil.find(parse, "error_message");
        if (Strings.isNullOrEmpty(str)) {
            find.getParentNode().removeChild(find);
        } else {
            find.setTextContent(str);
        }
        Element find2 = HtmlDomUtil.find(parse, "providers");
        for (String str3 : this.oauthServiceProviders.plugins()) {
            for (Map.Entry<String, Provider<OAuthServiceProvider>> entry : this.oauthServiceProviders.byPlugin(str3).entrySet()) {
                addProvider(find2, str3, entry.getKey(), entry.getValue().get().getName());
            }
        }
        sendHtml(httpServletResponse, parse);
    }

    private static void addProvider(Element element, String str, String str2, String str3) {
        Element createElement = element.getOwnerDocument().createElement("div");
        createElement.setAttribute("id", str2);
        Element createElement2 = element.getOwnerDocument().createElement("a");
        createElement2.setAttribute("href", String.format("?provider=%s_%s", str, str2));
        createElement2.setTextContent(str3 + " (" + str + " plugin)");
        createElement.appendChild(createElement2);
        element.appendChild(createElement);
    }

    private static void sendHtml(HttpServletResponse httpServletResponse, Document document) throws IOException {
        byte[] utf8 = HtmlDomUtil.toUTF8(document);
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentLength(utf8.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write(utf8);
            if (outputStream != null) {
                outputStream.close();
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void pickSSOServiceProvider() throws ServletException {
        SortedSet<String> plugins = this.oauthServiceProviders.plugins();
        if (plugins.isEmpty()) {
            throw new ServletException("OAuth service provider wasn't installed");
        }
        if (plugins.size() == 1) {
            SortedMap<String, Provider<OAuthServiceProvider>> byPlugin = this.oauthServiceProviders.byPlugin((String) Iterables.getOnlyElement(plugins));
            if (byPlugin.size() == 1) {
                this.ssoProvider = (OAuthServiceProvider) ((Provider) Iterables.getOnlyElement(byPlugin.values())).get();
            }
        }
    }

    private static boolean isGerritLogin(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().contains(GERRIT_LOGIN);
    }
}
