package com.atlassian.crowd.integration.http.util;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.integration.Constants;
import com.atlassian.crowd.model.authentication.CookieConfiguration;
import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import com.atlassian.crowd.service.client.ClientProperties;
import com.atlassian.security.cookie.HttpOnlyCookies;
import java.util.Date;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crowd-integration-client-common-2.5.0.jar:com/atlassian/crowd/integration/http/util/CrowdHttpTokenHelperImpl.class */
public class CrowdHttpTokenHelperImpl implements CrowdHttpTokenHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(CrowdHttpTokenHelperImpl.class);
    private final CrowdHttpValidationFactorExtractor validationFactorExtractor;

    private CrowdHttpTokenHelperImpl(CrowdHttpValidationFactorExtractor crowdHttpValidationFactorExtractor) {
        this.validationFactorExtractor = crowdHttpValidationFactorExtractor;
    }

    @Override // com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper
    public String getCrowdToken(HttpServletRequest httpServletRequest, String str) {
        Validate.notNull(httpServletRequest);
        Validate.notNull(str);
        boolean z = LOGGER != null && LOGGER.isDebugEnabled();
        if (z) {
            LOGGER.debug("Checking for a SSO token that will need to be verified by Crowd.");
        }
        String str2 = (String) httpServletRequest.getAttribute(Constants.COOKIE_TOKEN_KEY);
        if (str2 == null) {
            if (z) {
                LOGGER.debug("No request attribute token could be found, now checking the browser submitted cookies.");
            }
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null && cookies.length > 0) {
                int length = cookies.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Cookie cookie = cookies[i];
                    if (z) {
                        LOGGER.debug("Cookie name/value: " + cookie.getName() + " / " + cookie.getValue());
                    }
                    if (!str.equals(cookie.getName()) || cookie.getValue() == null) {
                        i++;
                    } else {
                        if (z) {
                            LOGGER.debug("Accepting the SSO cookie value: " + cookie.getValue());
                        }
                        str2 = cookie.getValue();
                    }
                }
            }
        }
        if (z) {
            if (str2 == null) {
                LOGGER.debug("Unable to find a valid Crowd token.");
            } else {
                LOGGER.debug("Existing token value yet to be verified by Crowd: " + str2);
            }
        }
        return str2;
    }

    @Override // com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper
    public void removeCrowdToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ClientProperties clientProperties, CookieConfiguration cookieConfiguration) {
        Validate.notNull(httpServletRequest);
        Validate.notNull(clientProperties);
        if (httpServletResponse != null) {
            Validate.notNull(cookieConfiguration);
        }
        httpServletRequest.getSession().removeAttribute(clientProperties.getSessionTokenKey());
        httpServletRequest.removeAttribute(Constants.COOKIE_TOKEN_KEY);
        if (httpServletResponse != null) {
            Cookie buildCookie = buildCookie(null, clientProperties.getCookieTokenKey(cookieConfiguration.getName()), cookieConfiguration);
            buildCookie.setMaxAge(0);
            HttpOnlyCookies.addHttpOnlyCookie(httpServletResponse, buildCookie);
        }
    }

    @Override // com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper
    public void setCrowdToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, ClientProperties clientProperties, CookieConfiguration cookieConfiguration) {
        Validate.notNull(httpServletRequest);
        Validate.notNull(str);
        Validate.notNull(clientProperties);
        if (httpServletResponse != null) {
            Validate.notNull(cookieConfiguration);
        }
        httpServletRequest.getSession().setAttribute(clientProperties.getSessionLastValidation(), new Date());
        httpServletRequest.setAttribute(Constants.COOKIE_TOKEN_KEY, str);
        if (httpServletResponse == null || httpServletRequest.getAttribute(Constants.REQUEST_SSO_COOKIE_COMMITTED) != null) {
            return;
        }
        HttpOnlyCookies.addHttpOnlyCookie(httpServletResponse, buildCookie(str, clientProperties.getCookieTokenKey(cookieConfiguration.getName()), cookieConfiguration));
        httpServletRequest.setAttribute(Constants.REQUEST_SSO_COOKIE_COMMITTED, Boolean.TRUE);
    }

    @Override // com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper
    public UserAuthenticationContext getUserAuthenticationContext(HttpServletRequest httpServletRequest, String str, String str2, ClientProperties clientProperties) {
        PasswordCredential passwordCredential = new PasswordCredential(str2);
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setApplication(clientProperties.getApplicationName());
        userAuthenticationContext.setCredential(passwordCredential);
        userAuthenticationContext.setName(str);
        userAuthenticationContext.setValidationFactors((ValidationFactor[]) this.validationFactorExtractor.getValidationFactors(httpServletRequest).toArray(new ValidationFactor[0]));
        return userAuthenticationContext;
    }

    @Override // com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper
    public CrowdHttpValidationFactorExtractor getValidationFactorExtractor() {
        return this.validationFactorExtractor;
    }

    private Cookie buildCookie(String str, String str2, CookieConfiguration cookieConfiguration) {
        String domain = cookieConfiguration.getDomain();
        boolean isSecure = cookieConfiguration.isSecure();
        Cookie cookie = new Cookie(str2, str);
        cookie.setPath("/");
        if (domain != null && StringUtils.isNotBlank(domain) && !"localhost".equals(domain)) {
            cookie.setDomain(domain);
        }
        cookie.setSecure(isSecure);
        return cookie;
    }

    public static CrowdHttpTokenHelper getInstance(CrowdHttpValidationFactorExtractor crowdHttpValidationFactorExtractor) {
        return new CrowdHttpTokenHelperImpl(crowdHttpValidationFactorExtractor);
    }
}
