package com.atlassian.crowd.integration.http;

import com.atlassian.crowd.integration.Constants;
import com.atlassian.crowd.integration.authentication.PasswordCredential;
import com.atlassian.crowd.integration.authentication.PrincipalAuthenticationContext;
import com.atlassian.crowd.integration.authentication.ValidationFactor;
import com.atlassian.crowd.integration.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.integration.exception.InactiveAccountException;
import com.atlassian.crowd.integration.exception.InvalidAuthenticationException;
import com.atlassian.crowd.integration.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.integration.exception.InvalidTokenException;
import com.atlassian.crowd.integration.exception.ObjectNotFoundException;
import com.atlassian.crowd.integration.service.AuthenticationManager;
import com.atlassian.crowd.integration.service.soap.client.ClientProperties;
import com.atlassian.crowd.integration.service.soap.client.SecurityServerClient;
import com.atlassian.crowd.integration.soap.SOAPCookieInfo;
import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Date;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/integration/http/HttpAuthenticatorImpl.class */
public class HttpAuthenticatorImpl implements HttpAuthenticator {
    private static final Logger logger = Logger.getLogger(HttpAuthenticatorImpl.class);
    private final AuthenticationManager authenticationManager;

    public HttpAuthenticatorImpl(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    private void invalidateClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws InvalidAuthorizationTokenException, RemoteException {
        if (logger.isDebugEnabled()) {
            logger.debug("Invalidating the Crowd token: " + str);
        }
        httpServletRequest.getSession().removeAttribute(getClientProperties().getSessionTokenKey());
        httpServletRequest.removeAttribute(getCookieTokenKey());
        if (httpServletResponse != null) {
            Cookie buildCookie = buildCookie(str);
            buildCookie.setMaxAge(0);
            httpServletResponse.addCookie(buildCookie);
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void setPrincipalToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws InvalidAuthorizationTokenException, RemoteException {
        if (logger.isDebugEnabled()) {
            logger.debug("Setting the Crowd token: " + str);
        }
        httpServletRequest.getSession().setAttribute(getClientProperties().getSessionLastValidation(), new Date());
        httpServletRequest.setAttribute(getCookieTokenKey(), str);
        if (httpServletResponse == null || httpServletRequest.getAttribute(REQUEST_SSO_COOKIE_COMMITTED) != null) {
            return;
        }
        httpServletResponse.addCookie(buildCookie(str));
        httpServletRequest.setAttribute(REQUEST_SSO_COOKIE_COMMITTED, Boolean.TRUE);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public SOAPPrincipal getPrincipal(HttpServletRequest httpServletRequest) throws InvalidAuthorizationTokenException, RemoteException, ObjectNotFoundException, InvalidTokenException {
        return getSecurityServerClient().findPrincipalByToken(getToken(httpServletRequest));
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public String getToken(HttpServletRequest httpServletRequest) throws InvalidTokenException {
        if (logger.isDebugEnabled()) {
            logger.debug("Checking for a SSO token that will need to be verified by Crowd.");
        }
        String str = (String) httpServletRequest.getAttribute(getCookieTokenKey());
        if (str == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("No request header token could be found, now checking the browser submitted cookies.");
            }
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null && cookies.length > 0) {
                int i = 0;
                while (true) {
                    if (i >= cookies.length) {
                        break;
                    }
                    Cookie cookie = cookies[i];
                    if (logger.isDebugEnabled()) {
                        logger.debug("Cookie name/value: " + cookie.getName() + " / " + cookie.getValue());
                    }
                    if (!getCookieTokenKey().equals(cookie.getName()) || cookie.getValue() == null) {
                        i++;
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Accepting the SSO cookie value: " + cookie.getValue());
                        }
                        str = cookie.getValue();
                    }
                }
            }
        }
        if (str == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to find a valid Crowd token.");
            }
            throw new InvalidTokenException("Unable to find a valid principal token.");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Existing token value yet to be verified by Crowd: " + str);
        }
        return str;
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException {
        HttpSession session = httpServletRequest.getSession();
        try {
            String token = getToken(httpServletRequest);
            Date date = (Date) session.getAttribute(getClientProperties().getSessionLastValidation());
            if (date != null && getClientProperties().getSessionValidationInterval() > 0 && date.getTime() + (60000 * getClientProperties().getSessionValidationInterval()) > System.currentTimeMillis()) {
                return true;
            }
            if (!this.authenticationManager.isAuthenticated(token, getValidationFactors(httpServletRequest))) {
                return false;
            }
            setPrincipalToken(httpServletRequest, httpServletResponse, token);
            return true;
        } catch (InvalidTokenException e) {
            logger.debug("Non authenticated request, unable to find a valid Crowd token.");
            return false;
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException {
        String str3 = null;
        try {
            str3 = this.authenticationManager.authenticate(getPrincipalAuthenticationContext(httpServletRequest, httpServletResponse, str, str2));
            if (str3 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str3);
            }
        } catch (Throwable th) {
            if (str3 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str3);
            }
            throw th;
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public String verifyAuthentication(String str, String str2, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException {
        PasswordCredential passwordCredential = new PasswordCredential(str2);
        PrincipalAuthenticationContext principalAuthenticationContext = new PrincipalAuthenticationContext();
        principalAuthenticationContext.setApplication(getClientProperties().getApplicationName());
        principalAuthenticationContext.setCredential(passwordCredential);
        principalAuthenticationContext.setName(str);
        principalAuthenticationContext.setValidationFactors(validationFactorArr);
        return this.authenticationManager.authenticate(principalAuthenticationContext);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void verifyAuthentication(String str, String str2) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException {
        this.authenticationManager.authenticate(str, str2);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public ValidationFactor[] getValidationFactors(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        if (httpServletRequest != null) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            if (remoteAddr != null && remoteAddr.length() > 0) {
                arrayList.add(new ValidationFactor(ValidationFactor.REMOTE_ADDRESS, remoteAddr));
            }
            String header = httpServletRequest.getHeader(ValidationFactor.X_FORWARDED_FOR);
            if (header != null && !header.equals(remoteAddr)) {
                arrayList.add(new ValidationFactor(ValidationFactor.X_FORWARDED_FOR, header));
            }
            String header2 = httpServletRequest.getHeader(ValidationFactor.USER_AGENT);
            if (header2 != null && header2.length() > 0) {
                arrayList.add(new ValidationFactor(ValidationFactor.USER_AGENT, header2));
            }
        }
        return (ValidationFactor[]) arrayList.toArray(new ValidationFactor[arrayList.size()]);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void logoff(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidAuthorizationTokenException, RemoteException {
        String str = null;
        try {
            str = getToken(httpServletRequest);
            this.authenticationManager.invalidate(str);
        } catch (InvalidTokenException e) {
        }
        invalidateClient(httpServletRequest, httpServletResponse, str);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public PrincipalAuthenticationContext getPrincipalAuthenticationContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        PasswordCredential passwordCredential = new PasswordCredential(str2);
        PrincipalAuthenticationContext principalAuthenticationContext = new PrincipalAuthenticationContext();
        principalAuthenticationContext.setApplication(getClientProperties().getApplicationName());
        principalAuthenticationContext.setCredential(passwordCredential);
        principalAuthenticationContext.setName(str);
        principalAuthenticationContext.setValidationFactors(getValidationFactors(httpServletRequest));
        return principalAuthenticationContext;
    }

    private Cookie buildCookie(String str) throws InvalidAuthorizationTokenException, RemoteException {
        Cookie cookie = new Cookie(getCookieTokenKey(), str);
        cookie.setPath(Constants.COOKIE_PATH);
        SOAPCookieInfo cookieInfo = getSecurityServerClient().getCookieInfo();
        String domain = cookieInfo.getDomain();
        if (domain != null && domain.length() > 0 && !"localhost".equals(domain)) {
            cookie.setDomain(domain);
        }
        cookie.setSecure(cookieInfo.isSecure());
        return cookie;
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public ClientProperties getClientProperties() {
        return getSecurityServerClient().getClientProperties();
    }

    protected String getCookieTokenKey() {
        return getClientProperties().getCookieTokenKey();
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public SecurityServerClient getSecurityServerClient() {
        return this.authenticationManager.getSecurityServerClient();
    }
}
