package com.atlassian.crowd.integration.seraph;

import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.service.UserManager;
import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.seraph.cookie.CookieFactory;
import com.atlassian.seraph.util.RedirectUtils;
import java.security.Principal;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/integration/seraph/CrowdAuthenticator.class */
public abstract class CrowdAuthenticator extends DefaultAuthenticator {
    private static final Logger logger = Logger.getLogger(CrowdAuthenticator.class);
    protected final HttpAuthenticator httpAuthenticator;
    protected final UserManager userManager;

    public CrowdAuthenticator(HttpAuthenticator httpAuthenticator, UserManager userManager) {
        this.httpAuthenticator = httpAuthenticator;
        this.userManager = userManager;
    }

    protected boolean authenticate(Principal principal, String str) {
        return true;
    }

    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticatorException {
        try {
            logout(httpServletRequest, httpServletResponse);
            logger.debug("Authenticating user with Crowd");
            this.httpAuthenticator.authenticate(httpServletRequest, httpServletResponse, str, str2);
            logger.debug("Updating user session for Seraph");
            return super.login(httpServletRequest, httpServletResponse, str, str2, z);
        } catch (Exception e) {
            logger.info(e.getMessage(), e);
            return false;
        }
    }

    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws AuthenticatorException {
        return login(httpServletRequest, httpServletResponse, str, str2, false);
    }

    public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticatorException {
        try {
            logger.debug("Logging off from Crowd");
            this.httpAuthenticator.logoff(httpServletRequest, httpServletResponse);
            logger.debug("Invalidating user in Crowd-Seraph specific session variables");
            logoutUser(httpServletRequest);
        } catch (Exception e) {
            logger.info(e.getMessage(), e);
        }
        logger.debug("Invalidating user in Seraph specific session variables");
        return super.logout(httpServletRequest, httpServletResponse);
    }

    protected boolean isAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean isTrustedAppsRequest = isTrustedAppsRequest(httpServletRequest);
        if (!isTrustedAppsRequest) {
            try {
                isTrustedAppsRequest = this.httpAuthenticator.isAuthenticated(httpServletRequest, httpServletResponse);
                if (isTrustedAppsRequest && logger.isDebugEnabled()) {
                    logger.debug("User IS authenticated via the Crowd session-token");
                } else if (logger.isDebugEnabled()) {
                    logger.debug("User is NOT authenticated via the Crowd session-token");
                }
            } catch (Exception e) {
                logger.info("Error while attempting to check if user isAuthenticated with Crowd", e);
            }
        }
        if (!isTrustedAppsRequest) {
            isTrustedAppsRequest = autoLoginToCrowd(httpServletRequest, httpServletResponse);
            if (isTrustedAppsRequest && logger.isDebugEnabled()) {
                logger.debug("Authenticated via Crowd-Seraph AutoLogin cookie");
            } else if (logger.isDebugEnabled()) {
                logger.debug("Failed to authenticate via Crowd-Seraph AutoLogin cookie");
            }
        }
        if (!isTrustedAppsRequest && RedirectUtils.isBasicAuthentication(httpServletRequest, getAuthType()) && getUserFromBasicAuthentication(httpServletRequest, httpServletResponse) != null) {
            isTrustedAppsRequest = true;
        }
        if (!isTrustedAppsRequest) {
            logger.debug("Request is not authenticated, logging out the user");
            try {
                logoutUser(httpServletRequest);
                if (httpServletResponse != null) {
                    super.logout(httpServletRequest, httpServletResponse);
                }
            } catch (AuthenticatorException e2) {
                logger.error(e2.getMessage(), e2);
            }
            isTrustedAppsRequest = false;
        }
        return isTrustedAppsRequest;
    }

    protected boolean autoLoginToCrowd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = CookieFactory.getCookieHandler().getCookie(httpServletRequest, getLoginCookieKey());
        if (cookie == null) {
            return false;
        }
        String[] decodeCookie = decodeCookie(cookie.getValue());
        if (ArrayUtils.isEmpty(decodeCookie)) {
            return false;
        }
        String str = decodeCookie[0];
        String str2 = decodeCookie[1];
        logger.debug("Got username and password from auto-login cookie, attempting to authenticate user");
        try {
            this.httpAuthenticator.authenticate(httpServletRequest, httpServletResponse, str, str2);
            logger.debug("User authenticated via auto-login cookie");
            return true;
        } catch (Exception e) {
            logger.debug("Could not auto-login authenticate user " + str, e);
            if (httpServletResponse == null) {
                return false;
            }
            CookieFactory.getCookieHandler().invalidateCookie(httpServletRequest, httpServletResponse, getLoginCookieKey(), "/");
            return false;
        }
    }

    abstract void logoutUser(HttpServletRequest httpServletRequest);

    public Principal getUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Principal principal = null;
        if (isTrustedAppsRequest(httpServletRequest)) {
            return getUserFromSession(httpServletRequest);
        }
        if (isAuthenticated(httpServletRequest, httpServletResponse)) {
            try {
                String token = this.httpAuthenticator.getToken(httpServletRequest);
                String str = (String) httpServletRequest.getSession().getAttribute(this.httpAuthenticator.getSoapClientProperties().getSessionTokenKey());
                if (token != null && token.equals(str)) {
                    principal = getUserFromSession(httpServletRequest);
                }
                if (principal == null) {
                    try {
                        principal = getUser(this.userManager.getUserFromToken(token).getName());
                    } catch (Exception e) {
                        logger.info(e.getMessage(), e);
                    }
                    if (principal != null) {
                        if (!getRoleMapper().canLogin(principal, httpServletRequest)) {
                            return null;
                        }
                        HttpSession session = httpServletRequest.getSession();
                        session.setAttribute("seraph_defaultauthenticator_user", principal);
                        session.setAttribute("seraph_defaultauthenticator_logged_out_user", (Object) null);
                        session.setAttribute(this.httpAuthenticator.getSoapClientProperties().getSessionTokenKey(), token);
                    }
                }
            } catch (InvalidTokenException e2) {
                logger.error(e2.getMessage(), e2);
                return null;
            }
        }
        return principal;
    }

    private boolean isTrustedAppsRequest(HttpServletRequest httpServletRequest) {
        if (!"success".equals(httpServletRequest.getAttribute("os_authstatus"))) {
            return false;
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("User IS authenticated via previous filter/trusted apps");
        return true;
    }
}
