package com.atlassian.crowd.integration.springsecurity;

import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
import com.atlassian.crowd.model.authentication.CookieConfiguration;
import com.atlassian.crowd.service.client.ClientProperties;
import java.io.IOException;
import java.util.List;
import javax.annotation.Nullable;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;

/* loaded from: input_file:com/atlassian/crowd/integration/springsecurity/AbstractCrowdSSOAuthenticationProcessingFilter.class */
public abstract class AbstractCrowdSSOAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(AbstractCrowdSSOAuthenticationProcessingFilter.class);
    protected final ClientProperties clientProperties;
    protected final CrowdHttpTokenHelper tokenHelper;

    @Nullable
    private RequestToApplicationMapper requestToApplicationMapper;

    @Nullable
    private LoginUrlAuthenticationEntryPoint authenticationProcessingFilterEntryPoint;

    protected AbstractCrowdSSOAuthenticationProcessingFilter(ClientProperties clientProperties, CrowdHttpTokenHelper crowdHttpTokenHelper) {
        this.clientProperties = clientProperties;
        this.tokenHelper = crowdHttpTokenHelper;
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean requiresAuthentication = super.requiresAuthentication(httpServletRequest, httpServletResponse);
        if (!requiresAuthentication) {
            Authentication authentication = null;
            try {
                String crowdToken = this.tokenHelper.getCrowdToken(httpServletRequest, this.clientProperties.getCookieTokenKey());
                if (crowdToken != null) {
                    CrowdSSOAuthenticationToken crowdSSOAuthenticationToken = new CrowdSSOAuthenticationToken(crowdToken);
                    doSetDetails(httpServletRequest, crowdSSOAuthenticationToken);
                    authentication = getAuthenticationManager().authenticate(crowdSSOAuthenticationToken);
                }
            } catch (AuthenticationException e) {
            }
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
                storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
            }
        }
        return requiresAuthentication;
    }

    protected void setDetails(HttpServletRequest httpServletRequest, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        doSetDetails(httpServletRequest, usernamePasswordAuthenticationToken);
    }

    private static String requestUriWithoutContext(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    protected boolean canUseSavedRequestToAuthenticate(HttpServletRequest httpServletRequest) {
        if (super.requiresAuthentication(httpServletRequest, (HttpServletResponse) null)) {
            return true;
        }
        if (this.authenticationProcessingFilterEntryPoint == null) {
            return false;
        }
        return requestUriWithoutContext(httpServletRequest).equals(this.authenticationProcessingFilterEntryPoint.getLoginFormUrl());
    }

    protected void doSetDetails(HttpServletRequest httpServletRequest, AbstractAuthenticationToken abstractAuthenticationToken) {
        String applicationName;
        List validationFactors = this.tokenHelper.getValidationFactorExtractor().getValidationFactors(httpServletRequest);
        if (this.requestToApplicationMapper != null) {
            DefaultSavedRequest request = new HttpSessionRequestCache().getRequest(httpServletRequest, (HttpServletResponse) null);
            applicationName = this.requestToApplicationMapper.getApplication((!canUseSavedRequestToAuthenticate(httpServletRequest) || request == null) ? requestUriWithoutContext(httpServletRequest) : request.getRequestURI().substring(request.getContextPath().length()));
        } else {
            applicationName = this.clientProperties.getApplicationName();
        }
        abstractAuthenticationToken.setDetails(new CrowdSSOAuthenticationDetails(applicationName, validationFactors));
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
        super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
    }

    protected void storeTokenIfCrowd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (!(authentication instanceof CrowdSSOAuthenticationToken) || authentication.getCredentials() == null) {
            return;
        }
        try {
            this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, (String) authentication.getCredentials(), this.clientProperties, getCookieConfiguration());
        } catch (Exception e) {
            logger.error("Unable to set Crowd SSO token", e);
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse);
        super.unsuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticationException);
    }

    protected abstract void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    protected abstract CookieConfiguration getCookieConfiguration() throws Exception;

    public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper) {
        this.requestToApplicationMapper = requestToApplicationMapper;
    }

    public void setLoginUrlAuthenticationEntryPoint(LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint) {
        this.authenticationProcessingFilterEntryPoint = loginUrlAuthenticationEntryPoint;
    }
}
