package com.atlassian.bitbucket.internal.crowd.sso;

import com.atlassian.bitbucket.ServerException;
import com.atlassian.bitbucket.crowd.sso.CrowdSsoService;
import com.atlassian.bitbucket.event.server.BaseUrlChangedEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.cache.CacheFactory;
import com.atlassian.cache.Supplier;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.event.directory.DirectoryCreatedEvent;
import com.atlassian.crowd.event.directory.DirectoryDeletedEvent;
import com.atlassian.crowd.event.directory.DirectoryUpdatedEvent;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
import com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl;
import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl;
import com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl;
import com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory;
import com.atlassian.crowd.model.authentication.CookieConfiguration;
import com.atlassian.crowd.service.client.ClientProperties;
import com.atlassian.crowd.service.client.ClientPropertiesImpl;
import com.atlassian.crowd.service.client.CrowdClient;
import com.atlassian.event.api.EventListener;
import com.atlassian.fugue.Option;
import com.atlassian.util.concurrent.LazyReference;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.DisposableBean;

/* loaded from: input_file:com/atlassian/bitbucket/internal/crowd/sso/DefaultCrowdSsoService.class */
public class DefaultCrowdSsoService implements CrowdSsoService, DisposableBean {
    static final String PROP_PREFIX = "plugin.auth-crowd.sso.";
    static final String PROP_ENABLED = "plugin.auth-crowd.sso.enabled";
    static final String PROP_CONFIG_ERROR_WAIT = "plugin.auth-crowd.sso.config.error.wait";
    static final String PROP_CONFIG_TTL = "plugin.auth-crowd.sso.config.ttl";
    static final SsoConfiguration DISABLED_CONFIGURATION = new SsoConfiguration(null, null, null, null);
    private static final Logger log = LoggerFactory.getLogger(DefaultCrowdSsoService.class);
    private final CrowdService crowdService;
    private final CrowdDirectoryService directoryService;
    private final I18nService i18nService;
    private final NavBuilder navBuilder;
    private final RestCrowdClientFactory restClientFactory;
    private final SsoConfigurationCache configCache;
    private final boolean enabled;
    private final LazyReference<Properties> ssoProperties;

    /* loaded from: input_file:com/atlassian/bitbucket/internal/crowd/sso/DefaultCrowdSsoService$SsoConfigurationSupplier.class */
    private class SsoConfigurationSupplier implements Supplier<Option<SsoConfiguration>> {
        private SsoConfigurationSupplier() {
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public Option<SsoConfiguration> m3get() {
            for (Directory directory : DefaultCrowdSsoService.this.directoryService.findAllDirectories()) {
                if (directory.isActive() && directory.getType() == DirectoryType.CROWD) {
                    ClientProperties createCrowdClientProperties = DefaultCrowdSsoService.this.createCrowdClientProperties(directory, null);
                    CrowdClient newInstance = DefaultCrowdSsoService.this.restClientFactory.newInstance(createCrowdClientProperties);
                    CookieConfiguration fetchCookieConfiguration = DefaultCrowdSsoService.this.fetchCookieConfiguration(newInstance, createCrowdClientProperties.getBaseURL());
                    if (fetchCookieConfiguration != null) {
                        ClientProperties createCrowdClientProperties2 = DefaultCrowdSsoService.this.createCrowdClientProperties(directory, DefaultCrowdSsoService.this.createCookieProperties(fetchCookieConfiguration));
                        SsoConfiguration ssoConfiguration = new SsoConfiguration(new CrowdHttpAuthenticatorImpl(newInstance, createCrowdClientProperties2, CrowdHttpTokenHelperImpl.getInstance(CrowdHttpValidationFactorExtractorImpl.getInstance())), fetchCookieConfiguration.getDomain(), directory, createCrowdClientProperties2);
                        if (ssoConfiguration.isValid()) {
                            DefaultCrowdSsoService.log.debug("Crowd SSO integration with directory {} has been (re)configured and enabled", directory.getName());
                            return Option.some(ssoConfiguration);
                        }
                        DefaultCrowdSsoService.log.info("Disabling Crowd SSO integration because the remote Crowd SSO configuration is invalid.");
                        throw new ServerException(DefaultCrowdSsoService.this.i18nService.createKeyedMessage("bitbucket.auth.crowd.sso.invalid.configuration", new Object[]{directory.getName()}));
                    }
                }
            }
            return Option.none();
        }
    }

    public DefaultCrowdSsoService(CacheFactory cacheFactory, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, I18nService i18nService, NavBuilder navBuilder, final ApplicationPropertiesService applicationPropertiesService, RestCrowdClientFactory restCrowdClientFactory) {
        this.crowdService = crowdService;
        this.directoryService = crowdDirectoryService;
        this.i18nService = i18nService;
        this.navBuilder = navBuilder;
        this.restClientFactory = restCrowdClientFactory;
        this.configCache = new SsoConfigurationCache(cacheFactory, new SsoConfigurationSupplier(), applicationPropertiesService.getPluginProperty(PROP_CONFIG_TTL, 15), TimeUnit.MINUTES, applicationPropertiesService.getPluginProperty(PROP_CONFIG_ERROR_WAIT, 1), TimeUnit.SECONDS);
        this.enabled = Boolean.parseBoolean(applicationPropertiesService.getPluginProperty(PROP_ENABLED));
        this.ssoProperties = new LazyReference<Properties>() { // from class: com.atlassian.bitbucket.internal.crowd.sso.DefaultCrowdSsoService.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: create, reason: merged with bridge method [inline-methods] */
            public Properties m2create() throws Exception {
                return DefaultCrowdSsoService.this.loadClientConfigurationProperties(applicationPropertiesService);
            }
        };
    }

    public void destroy() throws Exception {
        this.configCache.destroy();
    }

    @Override // com.atlassian.bitbucket.crowd.sso.CrowdSsoService
    public CrowdHttpAuthenticator getAuthenticator() {
        return getConfiguration().getAuthenticator();
    }

    public boolean isAvailable() {
        return getConfiguration().isValid();
    }

    @Override // com.atlassian.bitbucket.crowd.sso.CrowdSsoService
    public boolean isManagedBySso(@Nonnull String str) {
        User user;
        SsoConfiguration configuration = getConfiguration();
        return configuration.isValid() && (user = this.crowdService.getUser(str)) != null && configuration.getSsoDirectory().getId().longValue() == user.getDirectoryId();
    }

    @Override // com.atlassian.bitbucket.crowd.sso.CrowdSsoService
    public boolean isSsoCandidate(HttpServletRequest httpServletRequest) {
        SsoConfiguration configuration = getConfiguration();
        return configuration.isValid() && (configuration.getCookieDomain().isEmpty() || httpServletRequest.getServerName().endsWith(configuration.getCookieDomain()));
    }

    @EventListener
    public void onBaseUrlChanged(BaseUrlChangedEvent baseUrlChangedEvent) {
        ((Properties) this.ssoProperties.get()).put("application.login.url", this.navBuilder.login().buildConfigured());
        reset();
    }

    @EventListener
    public void onDirectoryCreated(DirectoryCreatedEvent directoryCreatedEvent) {
        reset();
    }

    @EventListener
    public void onDirectoryDeleted(DirectoryDeletedEvent directoryDeletedEvent) {
        reset();
    }

    @EventListener
    public void onDirectoryUpdatedEvent(DirectoryUpdatedEvent directoryUpdatedEvent) {
        reset();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Properties createCookieProperties(CookieConfiguration cookieConfiguration) {
        Properties properties = new Properties();
        properties.put("cookie.tokenkey", cookieConfiguration.getName());
        if (StringUtils.isNotBlank(cookieConfiguration.getDomain())) {
            properties.put("cookie.domain", StringUtils.trimToEmpty(cookieConfiguration.getDomain()));
        }
        return properties;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ClientProperties createCrowdClientProperties(Directory directory, Properties properties) {
        Properties properties2 = new Properties();
        Map attributes = directory.getAttributes();
        properties2.putAll((Map) this.ssoProperties.get());
        properties2.put("application.name", attributes.get("application.name"));
        properties2.put("application.password", attributes.get("application.password"));
        properties2.put("crowd.base.url", attributes.get("crowd.server.url"));
        if (properties != null) {
            properties2.putAll(properties);
        }
        return ClientPropertiesImpl.newInstanceFromProperties(properties2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CookieConfiguration fetchCookieConfiguration(CrowdClient crowdClient, String str) {
        try {
            CookieConfiguration cookieConfiguration = crowdClient.getCookieConfiguration();
            if (StringUtils.isNotBlank(cookieConfiguration.getName())) {
                return cookieConfiguration;
            }
            log.debug("Cookie configuration from Crowd at {} did not have a name. This may indicate an unexpected response from the Crowd server. Is the Crowd URL valid?", str);
            return null;
        } catch (OperationFailedException | InvalidAuthenticationException | ApplicationPermissionException e) {
            throw newConfigFetchFailedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SsoConfiguration getConfiguration() {
        return !this.enabled ? DISABLED_CONFIGURATION : (SsoConfiguration) this.configCache.get().getOrElse(DISABLED_CONFIGURATION);
    }

    private void loadProperty(ApplicationPropertiesService applicationPropertiesService, Properties properties, String str) {
        String pluginProperty = applicationPropertiesService.getPluginProperty(PROP_PREFIX + str);
        if (pluginProperty != null) {
            properties.put(str, pluginProperty);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Properties loadClientConfigurationProperties(ApplicationPropertiesService applicationPropertiesService) {
        Properties properties = new Properties();
        loadProperty(applicationPropertiesService, properties, "cookie.domain");
        loadProperty(applicationPropertiesService, properties, "cookie.tokenkey");
        loadProperty(applicationPropertiesService, properties, "http.max.connections");
        loadProperty(applicationPropertiesService, properties, "http.proxy.host");
        loadProperty(applicationPropertiesService, properties, "http.proxy.port");
        loadProperty(applicationPropertiesService, properties, "http.proxy.username");
        loadProperty(applicationPropertiesService, properties, "http.proxy.password");
        loadProperty(applicationPropertiesService, properties, "http.timeout");
        loadProperty(applicationPropertiesService, properties, "session.lastvalidation");
        loadProperty(applicationPropertiesService, properties, "session.tokenkey");
        loadProperty(applicationPropertiesService, properties, "session.validationinterval");
        loadProperty(applicationPropertiesService, properties, "socket.timeout");
        properties.put("application.login.url", this.navBuilder.login().buildConfigured());
        return properties;
    }

    private ServerException newConfigFetchFailedException(Exception exc) {
        throw new ServerException(this.i18nService.createKeyedMessage("bitbucket.auth.crowd.sso.configuration.fetch.failed", new Object[]{exc.getMessage()}), exc);
    }

    private void reset() {
        this.configCache.reset();
    }
}
