package com.atlassian.crowd.integration.springsecurity;

import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
import com.atlassian.crowd.service.client.ClientProperties;
import com.atlassian.crowd.service.client.CrowdClient;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* loaded from: input_file:com/atlassian/crowd/integration/springsecurity/CrowdSSOAuthenticationProcessingFilter.class */
public class CrowdSSOAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(CrowdSSOAuthenticationProcessingFilter.class);
    private final CrowdHttpTokenHelper tokenHelper;
    private final CrowdClient crowdClient;
    private final ClientProperties clientProperties;
    private CrowdHttpAuthenticator httpAuthenticator;
    private LoginUrlAuthenticationEntryPoint authenticationProcessingFilterEntryPoint;

    public CrowdSSOAuthenticationProcessingFilter(CrowdHttpTokenHelper crowdHttpTokenHelper, CrowdClient crowdClient, ClientProperties clientProperties) {
        this.tokenHelper = crowdHttpTokenHelper;
        this.crowdClient = crowdClient;
        this.clientProperties = clientProperties;
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean requiresAuthentication = super.requiresAuthentication(httpServletRequest, httpServletResponse);
        if (!requiresAuthentication) {
            Authentication authentication = null;
            try {
                String token = this.httpAuthenticator.getToken(httpServletRequest);
                if (token != null) {
                    CrowdSSOAuthenticationToken crowdSSOAuthenticationToken = new CrowdSSOAuthenticationToken(token);
                    doSetDetails(httpServletRequest, crowdSSOAuthenticationToken);
                    authentication = getAuthenticationManager().authenticate(crowdSSOAuthenticationToken);
                }
            } catch (AuthenticationException e) {
            }
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
                storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
            }
        }
        return requiresAuthentication;
    }

    protected void setDetails(HttpServletRequest httpServletRequest, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        doSetDetails(httpServletRequest, usernamePasswordAuthenticationToken);
    }

    static String requestUriWithoutContext(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    boolean canUseSavedRequestToAuthenticate(HttpServletRequest httpServletRequest) {
        if (super.requiresAuthentication(httpServletRequest, (HttpServletResponse) null)) {
            return true;
        }
        if (this.authenticationProcessingFilterEntryPoint == null) {
            return false;
        }
        return requestUriWithoutContext(httpServletRequest).equals(this.authenticationProcessingFilterEntryPoint.getLoginFormUrl());
    }

    protected void doSetDetails(HttpServletRequest httpServletRequest, AbstractAuthenticationToken abstractAuthenticationToken) {
        abstractAuthenticationToken.setDetails(new CrowdSSOAuthenticationDetails(this.tokenHelper.getValidationFactorExtractor().getValidationFactors(httpServletRequest)));
    }

    private void storeTokenIfCrowd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (!(authentication instanceof CrowdSSOAuthenticationToken) || authentication.getCredentials() == null) {
            return;
        }
        try {
            this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, (String) authentication.getCredentials(), this.clientProperties, this.crowdClient.getCookieConfiguration());
        } catch (Exception e) {
            logger.error("Unable to set Crowd SSO token", e);
        }
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
        super.successfulAuthentication(httpServletRequest, httpServletResponse, authentication);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        try {
            this.httpAuthenticator.logout(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            logger.error("Unable to unset Crowd SSO token", e);
        }
        super.unsuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticationException);
    }

    public void setHttpAuthenticator(CrowdHttpAuthenticator crowdHttpAuthenticator) {
        this.httpAuthenticator = crowdHttpAuthenticator;
    }

    public void setLoginUrlAuthenticationEntryPoint(LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint) {
        this.authenticationProcessingFilterEntryPoint = loginUrlAuthenticationEntryPoint;
    }
}
