package com.atlassian.applinks.ui.auth;

import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.page.PageCapability;
import com.atlassian.sal.api.user.UserRole;
import java.io.IOException;
import java.net.URI;
import java.util.EnumSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-9.0.13.jar:com/atlassian/applinks/ui/auth/AdminFilter.class */
public class AdminFilter implements Filter {
    protected final AdminUIAuthenticator uiAuthenticator;
    private final LoginUriProvider loginUriProvider;
    private final ApplicationProperties applicationProperties;

    public AdminFilter(AdminUIAuthenticator adminUIAuthenticator, LoginUriProvider loginUriProvider, ApplicationProperties applicationProperties) {
        this.uiAuthenticator = adminUIAuthenticator;
        this.loginUriProvider = loginUriProvider;
        this.applicationProperties = applicationProperties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (checkAccess(httpServletRequest.getParameter(AdminUIAuthenticator.ADMIN_USERNAME), httpServletRequest.getParameter(AdminUIAuthenticator.ADMIN_PASSWORD), new ServletSessionHandler(httpServletRequest))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                handleAccessDenied(httpServletRequest, httpServletResponse);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleAccessDenied(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.loginUriProvider.getLoginUriForRole(getOriginalUrl(httpServletRequest), getForRole(), EnumSet.of(PageCapability.IFRAME)).toASCIIString());
    }

    UserRole getForRole() {
        return UserRole.ADMIN;
    }

    boolean checkAccess(String str, String str2, AdminUIAuthenticator.SessionHandler sessionHandler) {
        return this.uiAuthenticator.checkAdminUIAccessBySessionOrPasswordAndActivateAdminSession(str, str2, sessionHandler);
    }

    private URI getOriginalUrl(HttpServletRequest httpServletRequest) {
        return URIUtil.uncheckedToUri(this.applicationProperties.getBaseUrl(UrlMode.ABSOLUTE) + httpServletRequest.getServletPath() + httpServletRequest.getPathInfo() + sanitiseQueryString(httpServletRequest));
    }

    private String sanitiseQueryString(HttpServletRequest httpServletRequest) {
        String replaceAll;
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            replaceAll = "";
        } else {
            replaceAll = queryString.replaceAll("(&|^)al_(username|password)=[^&]*", "");
            if (replaceAll.length() > 0) {
                replaceAll = "?" + replaceAll;
            }
        }
        return replaceAll;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
