package com.atlassian.applinks.ui.auth;

import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/atlassian/applinks/ui/auth/PowerUserFilter.class */
public abstract class PowerUserFilter implements Filter {
    private static final String LOGIN_SERVLET_PATH = "/plugins/servlet/applinks/login";
    protected final AdminUIAuthenticator uiAuthenticator;

    public PowerUserFilter(AdminUIAuthenticator adminUIAuthenticator) {
        this.uiAuthenticator = adminUIAuthenticator;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (LOGIN_SERVLET_PATH.equals(httpServletRequest.getPathInfo()) || checkAccess(httpServletRequest.getParameter(AdminUIAuthenticator.ADMIN_USERNAME), httpServletRequest.getParameter(AdminUIAuthenticator.ADMIN_PASSWORD), new ServletSessionHandler(httpServletRequest))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                handleAccessDenied(httpServletRequest, httpServletResponse);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleAccessDenied(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + LOGIN_SERVLET_PATH + "?" + AdminLoginServlet.ORIGINAL_URL + "=" + getOriginalUrl(httpServletRequest) + "&" + AdminLoginServlet.FOR_ROLE + "=" + getForRole());
    }

    abstract String getForRole();

    abstract boolean checkAccess(String str, String str2, AdminUIAuthenticator.SessionHandler sessionHandler);

    private String getOriginalUrl(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        return URLEncoder.encode(httpServletRequest.getContextPath() + httpServletRequest.getServletPath() + httpServletRequest.getPathInfo() + sanitiseQueryString(httpServletRequest), "UTF-8");
    }

    private String sanitiseQueryString(HttpServletRequest httpServletRequest) {
        String replaceAll;
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            replaceAll = "";
        } else {
            replaceAll = queryString.replaceAll("(&|^)al_(username|password)=[^&]*", "");
            if (replaceAll.length() > 0) {
                replaceAll = "?" + replaceAll;
            }
        }
        return replaceAll;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
