package com.atlassian.crowd.integration.http;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.ApplicationAccessDeniedException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.exception.InvalidTokenException;
import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelperImpl;
import com.atlassian.crowd.integration.http.util.CrowdHttpValidationFactorExtractorImpl;
import com.atlassian.crowd.integration.soap.SOAPCookieInfo;
import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import com.atlassian.crowd.model.authentication.CookieConfiguration;
import com.atlassian.crowd.model.authentication.UserAuthenticationContext;
import com.atlassian.crowd.model.authentication.ValidationFactor;
import com.atlassian.crowd.service.AuthenticationManager;
import com.atlassian.crowd.service.soap.client.SecurityServerClient;
import com.atlassian.crowd.service.soap.client.SoapClientProperties;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/integration/http/HttpAuthenticatorImpl.class */
public class HttpAuthenticatorImpl implements HttpAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(HttpAuthenticatorImpl.class);
    private final AuthenticationManager authenticationManager;
    private final CrowdHttpTokenHelper tokenHelper = CrowdHttpTokenHelperImpl.getInstance(CrowdHttpValidationFactorExtractorImpl.getInstance());

    public HttpAuthenticatorImpl(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    private void invalidateClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException {
        if (logger.isDebugEnabled()) {
            logger.debug("Invalidating the Crowd token: " + str);
        }
        CookieConfiguration cookieConfiguration = null;
        if (httpServletResponse != null) {
            SOAPCookieInfo cookieInfo = getSecurityServerClient().getCookieInfo();
            cookieConfiguration = new CookieConfiguration(cookieInfo.getDomain(), cookieInfo.isSecure(), "crowd.token_key");
        }
        this.tokenHelper.removeCrowdToken(httpServletRequest, httpServletResponse, getSoapClientProperties(), cookieConfiguration);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void setPrincipalToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException {
        if (logger.isDebugEnabled()) {
            logger.debug("Setting the Crowd token: " + str);
        }
        CookieConfiguration cookieConfiguration = null;
        if (httpServletResponse != null) {
            SOAPCookieInfo cookieInfo = getSecurityServerClient().getCookieInfo();
            cookieConfiguration = new CookieConfiguration(cookieInfo.getDomain(), cookieInfo.isSecure(), "crowd.token_key");
        }
        this.tokenHelper.setCrowdToken(httpServletRequest, httpServletResponse, str, getSoapClientProperties(), cookieConfiguration);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public SOAPPrincipal getPrincipal(HttpServletRequest httpServletRequest) throws InvalidAuthorizationTokenException, RemoteException, InvalidTokenException, InvalidAuthenticationException {
        return getSecurityServerClient().findPrincipalByToken(getToken(httpServletRequest));
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public String getToken(HttpServletRequest httpServletRequest) throws InvalidTokenException {
        String crowdToken = this.tokenHelper.getCrowdToken(httpServletRequest, getCookieTokenKey());
        if (crowdToken == null) {
            throw new InvalidTokenException("Unable to find a valid principal token.");
        }
        return crowdToken;
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidAuthorizationTokenException, RemoteException, ApplicationAccessDeniedException, InvalidAuthenticationException {
        HttpSession session = httpServletRequest.getSession();
        try {
            String token = getToken(httpServletRequest);
            Date date = (Date) session.getAttribute(getSoapClientProperties().getSessionLastValidation());
            if (date != null && getSoapClientProperties().getSessionValidationInterval() > 0 && date.getTime() + TimeUnit.MINUTES.toMillis(getSoapClientProperties().getSessionValidationInterval()) > System.currentTimeMillis()) {
                return true;
            }
            if (!this.authenticationManager.isAuthenticated(token, getValidationFactors(httpServletRequest))) {
                return false;
            }
            setPrincipalToken(httpServletRequest, httpServletResponse, token);
            return true;
        } catch (InvalidTokenException e) {
            logger.debug("Non authenticated request, unable to find a valid Crowd token.");
            return false;
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException {
        String str3 = null;
        try {
            str3 = this.authenticationManager.authenticate(getPrincipalAuthenticationContext(httpServletRequest, httpServletResponse, str, str2));
            if (str3 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str3);
            }
        } catch (Throwable th) {
            if (str3 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str3);
            }
            throw th;
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void authenticateWithoutValidatingPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ApplicationAccessDeniedException, InvalidAuthenticationException, InvalidAuthorizationTokenException, InactiveAccountException, RemoteException {
        String str2 = null;
        try {
            str2 = this.authenticationManager.authenticateWithoutValidatingPassword(getPrincipalAuthenticationContext(httpServletRequest, httpServletResponse, str, null));
            if (str2 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str2);
            }
        } catch (Throwable th) {
            if (str2 == null) {
                invalidateClient(httpServletRequest, httpServletResponse, null);
            } else {
                setPrincipalToken(httpServletRequest, httpServletResponse, str2);
            }
            throw th;
        }
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public String verifyAuthentication(String str, String str2, ValidationFactor[] validationFactorArr) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException {
        PasswordCredential passwordCredential = new PasswordCredential(str2);
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setApplication(getSoapClientProperties().getApplicationName());
        userAuthenticationContext.setCredential(passwordCredential);
        userAuthenticationContext.setName(str);
        userAuthenticationContext.setValidationFactors(validationFactorArr);
        return this.authenticationManager.authenticate(userAuthenticationContext);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void verifyAuthentication(String str, String str2) throws InvalidAuthorizationTokenException, InvalidAuthenticationException, RemoteException, InactiveAccountException, ApplicationAccessDeniedException, ExpiredCredentialException {
        this.authenticationManager.authenticate(str, str2);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public ValidationFactor[] getValidationFactors(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        if (httpServletRequest != null) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            if (remoteAddr != null && remoteAddr.length() > 0) {
                arrayList.add(new ValidationFactor(com.atlassian.crowd.integration.authentication.ValidationFactor.REMOTE_ADDRESS, remoteAddr));
            }
            String header = httpServletRequest.getHeader(com.atlassian.crowd.integration.authentication.ValidationFactor.X_FORWARDED_FOR);
            if (header != null && !header.equals(remoteAddr)) {
                arrayList.add(new ValidationFactor(com.atlassian.crowd.integration.authentication.ValidationFactor.X_FORWARDED_FOR, header));
            }
        }
        return (ValidationFactor[]) arrayList.toArray(new ValidationFactor[arrayList.size()]);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public void logoff(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidAuthorizationTokenException, RemoteException, InvalidAuthenticationException {
        String str = null;
        try {
            str = getToken(httpServletRequest);
            this.authenticationManager.invalidate(str);
        } catch (InvalidTokenException e) {
        }
        invalidateClient(httpServletRequest, httpServletResponse, str);
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public UserAuthenticationContext getPrincipalAuthenticationContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        PasswordCredential passwordCredential = new PasswordCredential(str2);
        UserAuthenticationContext userAuthenticationContext = new UserAuthenticationContext();
        userAuthenticationContext.setApplication(getSoapClientProperties().getApplicationName());
        userAuthenticationContext.setCredential(passwordCredential);
        userAuthenticationContext.setName(str);
        userAuthenticationContext.setValidationFactors(getValidationFactors(httpServletRequest));
        return userAuthenticationContext;
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public SoapClientProperties getSoapClientProperties() {
        return getSecurityServerClient().getSoapClientProperties();
    }

    protected String getCookieTokenKey() {
        return getSoapClientProperties().getCookieTokenKey();
    }

    @Override // com.atlassian.crowd.integration.http.HttpAuthenticator
    public SecurityServerClient getSecurityServerClient() {
        return this.authenticationManager.getSecurityServerClient();
    }
}
