package com.atlassian.plugins.authentication.sso.web;

import com.atlassian.plugin.webresource.WebResourceUrlProvider;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.sso.util.ApplicationStateValidator;
import com.atlassian.plugins.authentication.sso.util.PluginData;
import com.atlassian.plugins.authentication.sso.util.TargetUrlNormalizer;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.soy.renderer.SoyTemplateRenderer;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import java.io.IOException;
import java.net.URI;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/AbstractAuthenticationHandler.class */
public abstract class AbstractAuthenticationHandler<T extends IdpConfig> implements AuthenticationHandler<T> {
    private static final int COOKIE_WITH_FRAGMENT_MAXIMUM_AGE_MINUTES = 5;
    private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationHandler.class);
    protected final ApplicationProperties applicationProperties;
    protected final ApplicationStateValidator applicationStateValidator;
    protected final SessionDataService sessionDataService;
    protected final TargetUrlNormalizer targetUrlNormalizer;
    protected final WebResourceUrlProvider webResourceUrlProvider;
    protected final SoyTemplateRenderer soyTemplateRenderer;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationHandler(ApplicationProperties applicationProperties, ApplicationStateValidator applicationStateValidator, SessionDataService sessionDataService, TargetUrlNormalizer targetUrlNormalizer, WebResourceUrlProvider webResourceUrlProvider, SoyTemplateRenderer soyTemplateRenderer) {
        this.applicationProperties = applicationProperties;
        this.applicationStateValidator = applicationStateValidator;
        this.sessionDataService = sessionDataService;
        this.targetUrlNormalizer = targetUrlNormalizer;
        this.webResourceUrlProvider = webResourceUrlProvider;
        this.soyTemplateRenderer = soyTemplateRenderer;
    }

    @Override // com.atlassian.plugins.authentication.sso.web.AuthenticationHandler
    @Nonnull
    public String getIssuerUrl() {
        return this.applicationProperties.getBaseUrl(UrlMode.CANONICAL);
    }

    @Override // com.atlassian.plugins.authentication.sso.web.AuthenticationHandler
    public void processAuthenticationRequest(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nullable String str, T t) throws IOException {
        processAuthenticationRequestForRelativeDestinationUrl(httpServletRequest, httpServletResponse, this.targetUrlNormalizer.getRelativeTargetUrl(str), t);
    }

    @VisibleForTesting
    public void processAuthenticationRequestForRelativeDestinationUrl(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nullable URI uri, T t) throws IOException {
        this.applicationStateValidator.checkCanProcessAuthenticationRequest(t);
        this.sessionDataService.ensureSessionExists(httpServletRequest);
        AuthenticationRequest prepareAuthenticationRequest = prepareAuthenticationRequest(httpServletRequest, httpServletResponse, t);
        this.sessionDataService.setSessionData(httpServletRequest, httpServletResponse, prepareAuthenticationRequest.getSessionDataKey(), new SessionData(prepareAuthenticationRequest, uri, t.getId().longValue()));
        if (uri == null) {
            log.trace("No destination uri present, redirecting user to the login request url.");
            httpServletResponse.sendRedirect(prepareAuthenticationRequest.getLoginRequestUrl());
        } else {
            log.trace("Destination uri present, saving URL fragment and proceeding with SSO.");
            renderFragmentSavingPage(httpServletResponse, prepareAuthenticationRequest.getLoginRequestUrl(), prepareAuthenticationRequest.getPublicId());
        }
    }

    @Override // com.atlassian.plugins.authentication.sso.web.AuthenticationHandler
    public boolean isCorrectlyConfigured(IdpConfig idpConfig) {
        return this.applicationStateValidator.canProcessAuthenticationRequest(idpConfig);
    }

    protected abstract AuthenticationRequest prepareAuthenticationRequest(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, T t);

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPermissionViolation(HttpServletRequest httpServletRequest) {
        if (!this.sessionDataService.isUserLoggedInWithSso(httpServletRequest)) {
            return false;
        }
        log.info("User is already logged in. Looks like permissions violation. Force re-authentication in IDP");
        return true;
    }

    private void renderFragmentSavingPage(@Nonnull HttpServletResponse httpServletResponse, @Nonnull String str, @Nonnull String str2) throws IOException {
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding(URLUtils.CHARSET);
        this.soyTemplateRenderer.render(httpServletResponse.getWriter(), PluginData.SAVE_FRAGMENT_RESOURCE_FULL_NAME, "AuthenticationPlugin.SaveHash.display", ImmutableMap.builder().put("idpRequest", str).put("cookieName", PluginData.FRAGMENT_COOKIE_NAME + str2).put("cookiePath", this.applicationProperties.getBaseUrl(UrlMode.RELATIVE)).put("cookieExpirationTimeInMinutesFromNow", 5).put("jsCookieLibraryUrl", getJsCookieLibraryUrl()).build());
    }

    private String getJsCookieLibraryUrl() {
        return this.webResourceUrlProvider.getStaticPluginResourceUrl(PluginData.SAVE_FRAGMENT_RESOURCE_FULL_NAME, PluginData.JS_COOKIE_LIBRARY_RESOURCE_NAME, com.atlassian.plugin.webresource.UrlMode.RELATIVE);
    }
}
