package com.atlassian.crowd.integration.springsecurity;

import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.integration.http.HttpAuthenticator;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;

/* loaded from: input_file:com/atlassian/crowd/integration/springsecurity/CrowdSSOAuthenticationProcessingFilter.class */
public class CrowdSSOAuthenticationProcessingFilter extends UsernamePasswordAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(CrowdSSOAuthenticationProcessingFilter.class);
    private HttpAuthenticator httpAuthenticator;
    private RequestToApplicationMapper requestToApplicationMapper;
    private LoginUrlAuthenticationEntryPoint authenticationProcessingFilterEntryPoint;

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean requiresAuthentication = super.requiresAuthentication(httpServletRequest, httpServletResponse);
        if (!requiresAuthentication) {
            Authentication authentication = null;
            try {
                CrowdSSOAuthenticationToken crowdSSOAuthenticationToken = new CrowdSSOAuthenticationToken(this.httpAuthenticator.getToken(httpServletRequest));
                doSetDetails(httpServletRequest, crowdSSOAuthenticationToken);
                authentication = getAuthenticationManager().authenticate(crowdSSOAuthenticationToken);
            } catch (AuthenticationException e) {
            } catch (InvalidTokenException e2) {
            }
            if (authentication == null) {
                SecurityContextHolder.clearContext();
            } else {
                SecurityContextHolder.getContext().setAuthentication(authentication);
                storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
            }
        }
        return requiresAuthentication;
    }

    protected void setDetails(HttpServletRequest httpServletRequest, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        doSetDetails(httpServletRequest, usernamePasswordAuthenticationToken);
    }

    static String requestUriWithoutContext(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    boolean canUseSavedRequestToAuthenticate(HttpServletRequest httpServletRequest) {
        if (super.requiresAuthentication(httpServletRequest, (HttpServletResponse) null)) {
            return true;
        }
        if (this.authenticationProcessingFilterEntryPoint == null) {
            return false;
        }
        return requestUriWithoutContext(httpServletRequest).equals(this.authenticationProcessingFilterEntryPoint.getLoginFormUrl());
    }

    protected void doSetDetails(HttpServletRequest httpServletRequest, AbstractAuthenticationToken abstractAuthenticationToken) {
        String applicationName;
        if (this.requestToApplicationMapper != null) {
            DefaultSavedRequest request = new HttpSessionRequestCache().getRequest(httpServletRequest, (HttpServletResponse) null);
            applicationName = this.requestToApplicationMapper.getApplication((!canUseSavedRequestToAuthenticate(httpServletRequest) || request == null) ? requestUriWithoutContext(httpServletRequest) : request.getRequestURI().substring(request.getContextPath().length()));
        } else {
            applicationName = this.httpAuthenticator.getSoapClientProperties().getApplicationName();
        }
        abstractAuthenticationToken.setDetails(new CrowdSSOAuthenticationDetails(applicationName, this.httpAuthenticator.getValidationFactors(httpServletRequest)));
    }

    private void storeTokenIfCrowd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (!(authentication instanceof CrowdSSOAuthenticationToken) || authentication.getCredentials() == null) {
            return;
        }
        try {
            this.httpAuthenticator.setPrincipalToken(httpServletRequest, httpServletResponse, authentication.getCredentials().toString());
        } catch (Exception e) {
            logger.error("Unable to set Crowd SSO token", e);
        }
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        storeTokenIfCrowd(httpServletRequest, httpServletResponse, authentication);
        super.successfulAuthentication(httpServletRequest, httpServletResponse, authentication);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        try {
            this.httpAuthenticator.logoff(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            logger.error("Unable to unset Crowd SSO token", e);
        }
        super.unsuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticationException);
    }

    public void setHttpAuthenticator(HttpAuthenticator httpAuthenticator) {
        this.httpAuthenticator = httpAuthenticator;
    }

    public void setRequestToApplicationMapper(RequestToApplicationMapper requestToApplicationMapper) {
        this.requestToApplicationMapper = requestToApplicationMapper;
    }

    public void setLoginUrlAuthenticationEntryPoint(LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint) {
        this.authenticationProcessingFilterEntryPoint = loginUrlAuthenticationEntryPoint;
    }
}
