package com.atlassian.seraph.filter;

import com.atlassian.security.auth.trustedapps.ApplicationCertificate;
import com.atlassian.security.auth.trustedapps.CurrentApplication;
import com.atlassian.security.auth.trustedapps.InvalidCertificateException;
import com.atlassian.security.auth.trustedapps.TrustedApplication;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsManager;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.seraph.auth.RoleMapper;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.opensymphony.user.EntityNotFoundException;
import com.opensymphony.user.User;
import com.opensymphony.user.UserManager;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/seraph/filter/TrustedApplicationsFilter.class */
public class TrustedApplicationsFilter extends BaseLoginFilter {
    private static final Logger log;
    private final TrustedApplicationsManager appManager;
    static Class class$com$atlassian$seraph$filter$TrustedApplicationsFilter;

    public TrustedApplicationsFilter(TrustedApplicationsManager trustedApplicationsManager) {
        this.appManager = trustedApplicationsManager;
    }

    @Override // com.atlassian.seraph.filter.BaseLoginFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!getPathInfo((HttpServletRequest) servletRequest).endsWith("/admin/appTrustCertificate")) {
            super.doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        CurrentApplication currentApplication = this.appManager.getCurrentApplication();
        PublicKey publicKey = currentApplication.getPublicKey();
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setContentType("text/plain");
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpServletResponse.getOutputStream());
        outputStreamWriter.write(currentApplication.getID());
        outputStreamWriter.write("\n");
        outputStreamWriter.write(publicKey.getAlgorithm());
        outputStreamWriter.write("\n");
        outputStreamWriter.write(new String(Base64.encodeBase64(publicKey.getEncoded())));
        outputStreamWriter.flush();
    }

    protected String getPathInfo(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        return (contextPath == null || contextPath.length() <= 0) ? requestURI : requestURI.substring(contextPath.length());
    }

    @Override // com.atlassian.seraph.filter.BaseLoginFilter
    public String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(CurrentApplication.HEADER_TRUSTED_APP_CERT);
        if (header == null || header.length() == 0) {
            return LOGIN_NOATTEMPT;
        }
        String header2 = httpServletRequest.getHeader(CurrentApplication.HEADER_TRUSTED_APP_ID);
        if (header2 == null || header2.length() == 0) {
            return BaseLoginFilter.LOGIN_ERROR;
        }
        TrustedApplication trustedApplication = this.appManager.getTrustedApplication(header2);
        try {
            ApplicationCertificate decode = trustedApplication.decode(header, httpServletRequest);
            try {
                User user = UserManager.getInstance().getUser(decode.getUserName());
                if (getRoleMapper().canLogin(user, httpServletRequest)) {
                    httpServletRequest.getSession().setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, user);
                    return BaseLoginFilter.LOGIN_SUCCESS;
                }
                log.error(new StringBuffer().append("User '").append(decode.getUserName()).append("' referenced by trusted application: '").append(trustedApplication.getID()).append("' can not login.").toString());
                return BaseLoginFilter.LOGIN_FAILED;
            } catch (EntityNotFoundException e) {
                log.error(new StringBuffer().append("User '").append(decode.getUserName()).append("' referenced by trusted application: '").append(trustedApplication.getID()).append("' is not found.").toString(), e);
                return BaseLoginFilter.LOGIN_FAILED;
            }
        } catch (InvalidCertificateException e2) {
            log.error(new StringBuffer().append("Failed to login trusted application: ").append(trustedApplication.getID()).toString(), e2);
            return BaseLoginFilter.LOGIN_ERROR;
        }
    }

    protected RoleMapper getRoleMapper() {
        return SecurityConfigFactory.getInstance().getRoleMapper();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$atlassian$seraph$filter$TrustedApplicationsFilter == null) {
            cls = class$("com.atlassian.seraph.filter.TrustedApplicationsFilter");
            class$com$atlassian$seraph$filter$TrustedApplicationsFilter = cls;
        } else {
            cls = class$com$atlassian$seraph$filter$TrustedApplicationsFilter;
        }
        log = Logger.getLogger(cls);
        try {
            Security.addProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance());
        } catch (ClassNotFoundException e) {
            log.info("Failed to instantiate bouncycastle cryptography provider. The library is not on the classpath.");
        } catch (IllegalAccessException e2) {
            throw new RuntimeException(e2);
        } catch (InstantiationException e3) {
            throw new RuntimeException(e3);
        }
    }
}
