package com.atlassian.crowd.integration.http;

import com.atlassian.crowd.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
import com.atlassian.crowd.model.authentication.CookieConfiguration;
import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.service.client.ClientProperties;
import com.atlassian.crowd.service.client.CrowdClient;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/integration/http/CrowdHttpAuthenticatorImpl.class */
public class CrowdHttpAuthenticatorImpl implements CrowdHttpAuthenticator {
    private static final Logger LOGGER = Logger.getLogger(CrowdHttpAuthenticator.class);
    private final CrowdClient client;
    private final ClientProperties clientProperties;
    private final CrowdHttpTokenHelper tokenHelper;

    public CrowdHttpAuthenticatorImpl(CrowdClient crowdClient, ClientProperties clientProperties, CrowdHttpTokenHelper crowdHttpTokenHelper) {
        this.client = crowdClient;
        this.clientProperties = clientProperties;
        this.tokenHelper = crowdHttpTokenHelper;
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public User getUser(HttpServletRequest httpServletRequest) throws InvalidTokenException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException {
        String crowdToken = this.tokenHelper.getCrowdToken(httpServletRequest, getCookieTokenKey());
        if (crowdToken != null) {
            return this.client.findUserFromSSOToken(crowdToken);
        }
        LOGGER.debug("Could not find user from token.");
        return null;
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public User authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws InvalidTokenException, ApplicationAccessDeniedException, ExpiredCredentialException, InactiveAccountException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException {
        UserAuthenticationContext userAuthenticationContext = this.tokenHelper.getUserAuthenticationContext(httpServletRequest, str, str2, this.clientProperties);
        CookieConfiguration cookieConfiguration = this.client.getCookieConfiguration();
        String str3 = null;
        try {
            str3 = this.client.authenticateSSOUser(userAuthenticationContext);
            this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, str3, this.clientProperties, cookieConfiguration);
            if (str3 == null) {
                this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, this.clientProperties, cookieConfiguration);
            }
            return this.client.findUserFromSSOToken(str3);
        } catch (Throwable th) {
            if (str3 == null) {
                this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, this.clientProperties, cookieConfiguration);
            }
            throw th;
        }
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public User authenticateWithoutValidatingPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws InvalidTokenException, ApplicationAccessDeniedException, InactiveAccountException, ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException {
        UserAuthenticationContext userAuthenticationContext = this.tokenHelper.getUserAuthenticationContext(httpServletRequest, str, null, this.clientProperties);
        CookieConfiguration cookieConfiguration = this.client.getCookieConfiguration();
        String str2 = null;
        try {
            str2 = this.client.authenticateSSOUserWithoutValidatingPassword(userAuthenticationContext);
            this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, str2, this.clientProperties, cookieConfiguration);
            if (str2 == null) {
                this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, this.clientProperties, cookieConfiguration);
            }
            return this.client.findUserFromSSOToken(str2);
        } catch (Throwable th) {
            if (str2 == null) {
                this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, this.clientProperties, cookieConfiguration);
            }
            throw th;
        }
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OperationFailedException {
        HttpSession session = httpServletRequest.getSession();
        String crowdToken = this.tokenHelper.getCrowdToken(httpServletRequest, this.clientProperties.getCookieTokenKey());
        if (crowdToken == null) {
            LOGGER.debug("Non authenticated request, unable to find a valid Crowd token.");
            return false;
        }
        Date date = (Date) session.getAttribute(this.clientProperties.getSessionLastValidation());
        if (date != null && this.clientProperties.getSessionValidationInterval() > 0 && date.getTime() + (60000 * this.clientProperties.getSessionValidationInterval()) > System.currentTimeMillis()) {
            return true;
        }
        try {
            this.client.validateSSOAuthentication(crowdToken, this.tokenHelper.getValidationFactorExtractor().getValidationFactors(httpServletRequest));
            this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, crowdToken, this.clientProperties, this.client.getCookieConfiguration());
            return true;
        } catch (InvalidAuthenticationException e) {
            if (!LOGGER.isDebugEnabled()) {
                return false;
            }
            LOGGER.debug(e.getMessage(), e);
            return false;
        } catch (InvalidTokenException e2) {
            if (!LOGGER.isDebugEnabled()) {
                return false;
            }
            LOGGER.debug(e2.getMessage(), e2);
            return false;
        } catch (ApplicationPermissionException e3) {
            if (!LOGGER.isDebugEnabled()) {
                return false;
            }
            LOGGER.debug(e3.getMessage(), e3);
            return false;
        }
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ApplicationPermissionException, InvalidAuthenticationException, OperationFailedException {
        String crowdToken = this.tokenHelper.getCrowdToken(httpServletRequest, getCookieTokenKey());
        if (crowdToken != null) {
            this.client.invalidateSSOToken(crowdToken);
        }
        this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, this.clientProperties, this.client.getCookieConfiguration());
    }

    @Override // com.atlassian.crowd.integration.http.CrowdHttpAuthenticator
    public String getToken(HttpServletRequest httpServletRequest) {
        return this.tokenHelper.getCrowdToken(httpServletRequest, getCookieTokenKey());
    }

    private String getCookieTokenKey() {
        return this.clientProperties.getCookieTokenKey();
    }
}
