package org.sonar.server.authentication;

import javax.annotation.CheckForNull;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.api.platform.Server;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.web.ServletFilter;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.authentication.exception.RedirectionException;

/* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilter.class */
public class OAuth2CallbackFilter extends AuthenticationFilter {
    private final OAuth2ContextFactory oAuth2ContextFactory;
    private final AuthenticationEvent authenticationEvent;
    private final OAuth2AuthenticationParameters oauth2Parameters;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/authentication/OAuth2CallbackFilter$WrappedContext.class */
    public static final class WrappedContext implements OAuth2IdentityProvider.CallbackContext {
        private final OAuth2IdentityProvider.CallbackContext delegate;
        private boolean authenticated;

        @CheckForNull
        private String login;

        private WrappedContext(OAuth2IdentityProvider.CallbackContext callbackContext) {
            this.authenticated = false;
            this.delegate = callbackContext;
        }

        public String getCallbackUrl() {
            return this.delegate.getCallbackUrl();
        }

        public HttpServletRequest getRequest() {
            return this.delegate.getRequest();
        }

        public HttpServletResponse getResponse() {
            return this.delegate.getResponse();
        }

        public void verifyCsrfState() {
            this.delegate.verifyCsrfState();
        }

        public void redirectToRequestedPage() {
            this.delegate.redirectToRequestedPage();
        }

        public void authenticate(UserIdentity userIdentity) {
            this.delegate.authenticate(userIdentity);
            this.authenticated = true;
            this.login = userIdentity.getLogin();
        }

        public boolean isAuthenticated() {
            return this.authenticated;
        }

        @CheckForNull
        public String getLogin() {
            return this.login;
        }
    }

    public OAuth2CallbackFilter(IdentityProviderRepository identityProviderRepository, OAuth2ContextFactory oAuth2ContextFactory, Server server, AuthenticationEvent authenticationEvent, OAuth2AuthenticationParameters oAuth2AuthenticationParameters) {
        super(server, identityProviderRepository);
        this.oAuth2ContextFactory = oAuth2ContextFactory;
        this.authenticationEvent = authenticationEvent;
        this.oauth2Parameters = oAuth2AuthenticationParameters;
    }

    public ServletFilter.UrlPattern doGetPattern() {
        return ServletFilter.UrlPattern.create("/oauth2/callback/*");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        IdentityProvider resolveProviderOrHandleResponse = resolveProviderOrHandleResponse(httpServletRequest, (HttpServletResponse) servletResponse, "/oauth2/callback/");
        if (resolveProviderOrHandleResponse != null) {
            handleProvider(httpServletRequest, (HttpServletResponse) servletResponse, resolveProviderOrHandleResponse);
        }
    }

    private void handleProvider(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IdentityProvider identityProvider) {
        try {
            if (identityProvider instanceof OAuth2IdentityProvider) {
                handleOAuth2Provider(httpServletResponse, httpServletRequest, (OAuth2IdentityProvider) identityProvider);
            } else {
                AuthenticationError.handleError(httpServletResponse, String.format("Not an OAuth2IdentityProvider: %s", identityProvider.getClass()));
            }
        } catch (AuthenticationException e) {
            this.oauth2Parameters.delete(httpServletRequest, httpServletResponse);
            this.authenticationEvent.loginFailure(httpServletRequest, e);
            AuthenticationError.handleAuthenticationError(e, httpServletResponse, getContextPath());
        } catch (RedirectionException e2) {
            this.oauth2Parameters.delete(httpServletRequest, httpServletResponse);
            AuthenticationRedirection.redirectTo(httpServletResponse, e2.getPath(getContextPath()));
        } catch (Exception e3) {
            this.oauth2Parameters.delete(httpServletRequest, httpServletResponse);
            AuthenticationError.handleError(e3, httpServletResponse, String.format("Fail to callback authentication with '%s'", identityProvider.getKey()));
        }
    }

    private void handleOAuth2Provider(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, OAuth2IdentityProvider oAuth2IdentityProvider) {
        WrappedContext wrappedContext = new WrappedContext(this.oAuth2ContextFactory.newCallback(httpServletRequest, httpServletResponse, oAuth2IdentityProvider));
        try {
            oAuth2IdentityProvider.callback(wrappedContext);
            if (!wrappedContext.isAuthenticated()) {
                throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.oauth2(oAuth2IdentityProvider)).setMessage("Plugin did not call authenticate").build();
            }
            this.authenticationEvent.loginSuccess(httpServletRequest, wrappedContext.getLogin(), AuthenticationEvent.Source.oauth2(oAuth2IdentityProvider));
        } catch (UnauthorizedException e) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.oauth2(oAuth2IdentityProvider)).setMessage(e.getMessage()).setPublicMessage(e.getMessage()).build();
        }
    }

    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }
}
