package org.sonar.server.authentication;

import com.google.common.collect.ImmutableSet;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.api.config.Settings;
import org.sonar.api.server.ServerSide;
import org.sonar.api.web.ServletFilter;
import org.sonar.db.DbClient;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.ws.LoginAction;
import org.sonar.server.authentication.ws.ValidateAction;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.issue.IssueUpdater;
import org.sonar.server.user.ServerUserSession;
import org.sonar.server.user.ThreadLocalUserSession;

@ServerSide
/* loaded from: input_file:org/sonar/server/authentication/UserSessionInitializer.class */
public class UserSessionInitializer {
    public static final String ACCESS_LOG_LOGIN = "LOGIN";
    private static final Set<String> SKIPPED_URLS = ImmutableSet.of("/batch/index", "/batch/file", "/maintenance/*", "/setup/*", "/sessions/*", "/api/system/db_migration_status", new String[]{"/api/system/status", "/api/system/migrate_db", "/api/server/index", "/api/server/setup", "/api/server/version", LoginAction.AUTH_LOGIN_URL, ValidateAction.AUTH_VALIDATE_URL});
    private static final ServletFilter.UrlPattern URL_PATTERN = ServletFilter.UrlPattern.builder().includes(new String[]{"/*"}).excludes(ServletFilter.UrlPattern.Builder.staticResourcePatterns()).excludes(SKIPPED_URLS).build();
    private final DbClient dbClient;
    private final Settings settings;
    private final JwtHttpHandler jwtHttpHandler;
    private final BasicAuthenticator basicAuthenticator;
    private final ThreadLocalUserSession threadLocalSession;

    public UserSessionInitializer(DbClient dbClient, Settings settings, JwtHttpHandler jwtHttpHandler, BasicAuthenticator basicAuthenticator, ThreadLocalUserSession threadLocalUserSession) {
        this.dbClient = dbClient;
        this.settings = settings;
        this.jwtHttpHandler = jwtHttpHandler;
        this.basicAuthenticator = basicAuthenticator;
        this.threadLocalSession = threadLocalUserSession;
    }

    public boolean initUserSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String replaceFirst = httpServletRequest.getRequestURI().replaceFirst(httpServletRequest.getContextPath(), IssueUpdater.UNUSED);
        try {
            if (!URL_PATTERN.matches(replaceFirst)) {
                return true;
            }
            setUserSession(httpServletRequest, httpServletResponse);
            return true;
        } catch (UnauthorizedException e) {
            httpServletResponse.setStatus(401);
            return !isWsUrl(replaceFirst);
        }
    }

    private void setUserSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional<UserDto> authenticate = authenticate(httpServletRequest, httpServletResponse);
        if (authenticate.isPresent()) {
            ServerUserSession createForUser = ServerUserSession.createForUser(this.dbClient, authenticate.get());
            this.threadLocalSession.set(createForUser);
            httpServletRequest.setAttribute(ACCESS_LOG_LOGIN, createForUser.getLogin());
        } else {
            if (this.settings.getBoolean("sonar.forceAuthentication")) {
                throw new UnauthorizedException("User must be authenticated");
            }
            this.threadLocalSession.set(ServerUserSession.createForAnonymous(this.dbClient));
            httpServletRequest.setAttribute(ACCESS_LOG_LOGIN, "-");
        }
    }

    public void removeUserSession() {
        this.threadLocalSession.unload();
    }

    private Optional<UserDto> authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional<UserDto> validateToken = this.jwtHttpHandler.validateToken(httpServletRequest, httpServletResponse);
        return validateToken.isPresent() ? validateToken : this.basicAuthenticator.authenticate(httpServletRequest);
    }

    private static boolean isWsUrl(String str) {
        return str.startsWith("/batch/") || str.startsWith("/api/");
    }
}
