package com.atlassian.plugins.authentication.sso.web.filter.authentication;

import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfigService;
import com.atlassian.plugins.authentication.api.config.IdpLoginOption;
import com.atlassian.plugins.authentication.api.config.LoginFormLoginOption;
import com.atlassian.plugins.authentication.api.config.LoginGatewayType;
import com.atlassian.plugins.authentication.api.config.LoginOption;
import com.atlassian.plugins.authentication.api.config.LoginOptionsService;
import com.atlassian.plugins.authentication.sso.johnson.JohnsonChecker;
import com.atlassian.plugins.authentication.sso.ui.login.LoginGatewayServlet;
import com.atlassian.plugins.authentication.sso.web.AuthenticationHandler;
import com.atlassian.plugins.authentication.sso.web.AuthenticationHandlerProvider;
import com.atlassian.plugins.authentication.sso.web.exception.UnsupportedHttpMethodException;
import com.atlassian.plugins.authentication.sso.web.filter.AbstractJohnsonAwareFilter;
import com.google.common.collect.Iterables;
import java.io.IOException;
import java.util.List;
import javax.annotation.Nullable;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/filter/authentication/AuthenticationFilter.class */
public abstract class AuthenticationFilter extends AbstractJohnsonAwareFilter {
    public static final String DESTINATION_REQUEST_PARAM = "atlassian.plugin.auth.destination";
    static final String SITEMESH_ALREADY_FILTERED_ATTRIBUTE_NAME = "com.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter";
    protected final Logger log;
    public static final String AUTH_FALLBACK_QUERY_PARAM = "auth_fallback";
    public static final String ATLASSIAN_RECOVERY_PASSWORD = "atlassian.recovery.password";
    public static final String NATIVE_LOGIN_PARAM = "native_login";
    protected final AuthenticationHandlerProvider authenticationHandlerProvider;
    protected final IdpConfigService idpConfigService;
    protected final LoginOptionsService loginOptionsService;

    public AuthenticationFilter(AuthenticationHandlerProvider authenticationHandlerProvider, IdpConfigService idpConfigService, LoginOptionsService loginOptionsService, JohnsonChecker johnsonChecker) {
        super(johnsonChecker);
        this.log = LoggerFactory.getLogger(AuthenticationFilter.class);
        this.authenticationHandlerProvider = authenticationHandlerProvider;
        this.idpConfigService = idpConfigService;
        this.loginOptionsService = loginOptionsService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.plugins.authentication.sso.web.filter.AbstractJohnsonAwareFilter
    public void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            boolean isAuthFallbackParamPresent = isAuthFallbackParamPresent(httpServletRequest);
            List<LoginOption> loginOptions = this.loginOptionsService.getLoginOptions(isAuthFallbackParamPresent, getLoginGatewayType());
            if (isProductInRecoveryMode()) {
                this.log.trace("Not attempting external authentication, Atlassian password recovery set");
                continueToNativeLoginForm(filterChain, httpServletRequest, httpServletResponse);
            } else if (loginOptions.isEmpty()) {
                this.log.warn("No login options are available, fall backing on to the login form");
                continueToNativeLoginForm(filterChain, httpServletRequest, httpServletResponse);
            } else if (isForcingNativeLogin(isAuthFallbackParamPresent, loginOptions, httpServletRequest)) {
                continueToNativeLoginForm(filterChain, httpServletRequest, httpServletResponse);
            } else if (isProductSpecificSkip(loginOptions, httpServletRequest)) {
                this.log.warn("Skipping because of product specific configuration");
                continueToNativeLoginForm(filterChain, httpServletRequest, httpServletResponse);
            } else if (!isSupportedHttpMethod(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else if (loginOptions.size() == 1) {
                handleSingleLoginOption(filterChain, httpServletRequest, httpServletResponse, (LoginOption) Iterables.getOnlyElement(loginOptions));
            } else {
                forceSitemeshToProcessRequest(httpServletRequest);
                saveRequestedUrl(httpServletRequest, extractRequestedUrl(httpServletRequest));
                httpServletRequest.getRequestDispatcher(LoginGatewayServlet.URL).forward(servletRequest, servletResponse);
            }
        } catch (UnsupportedHttpMethodException e) {
            this.log.warn(httpServletRequest.getMethod() + " method is not supported, thus sending '303 See Other' redirect");
            httpResponseSendSeeOtherRedirect(httpServletRequest, httpServletResponse);
        } catch (IllegalArgumentException e2) {
            httpServletResponse.sendError(Response.Status.BAD_REQUEST.getStatusCode(), e2.getMessage());
        }
    }

    protected boolean isProductSpecificSkip(List<LoginOption> list, HttpServletRequest httpServletRequest) {
        return false;
    }

    private boolean isForcingNativeLogin(boolean z, List<LoginOption> list, HttpServletRequest httpServletRequest) {
        return list.contains(LoginFormLoginOption.INSTANCE) && (z || isNativeLoginRequested(httpServletRequest));
    }

    private void handleSingleLoginOption(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginOption loginOption) throws IOException, ServletException {
        switch (loginOption.getType()) {
            case LOGIN_FORM:
                continueToNativeLoginForm(filterChain, httpServletRequest, httpServletResponse);
                return;
            case IDP:
                handleIdpLogin((IdpLoginOption) loginOption, filterChain, httpServletRequest, httpServletResponse);
                return;
            default:
                throw new IllegalStateException("Doesnt support this login type " + loginOption.getType());
        }
    }

    private void continueToNativeLoginForm(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        this.log.trace("Not attempting external authentication, native login is the only option");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected boolean isSupportedHttpMethod(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("GET");
    }

    private void handleIdpLogin(IdpLoginOption idpLoginOption, FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        IdpConfig idpConfig = this.idpConfigService.getIdpConfig(Long.valueOf(idpLoginOption.getId()));
        AuthenticationHandler authenticationHandler = this.authenticationHandlerProvider.getAuthenticationHandler(idpConfig.getSsoType());
        if (authenticationHandler.isCorrectlyConfigured(idpConfig)) {
            this.log.trace("Redirecting to external IDP login page for idp (id='{}', name='{}') as it is the only available login option", idpConfig.getId(), idpConfig.getName());
            authenticationHandler.processAuthenticationRequest(httpServletRequest, httpServletResponse, extractRequestedUrl(httpServletRequest), idpConfig);
        } else {
            this.log.trace("External IdP (id='{}', name='{}') is not correctly configured, continuing to product login page", idpConfig.getId(), idpConfig.getName());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private boolean isProductInRecoveryMode() {
        return System.getProperty(ATLASSIAN_RECOVERY_PASSWORD) != null;
    }

    private boolean isNativeLoginRequested(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(NATIVE_LOGIN_PARAM) != null;
    }

    private void forceSitemeshToProcessRequest(HttpServletRequest httpServletRequest) {
        httpServletRequest.removeAttribute(SITEMESH_ALREADY_FILTERED_ATTRIBUTE_NAME);
    }

    private void saveRequestedUrl(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.setAttribute(DESTINATION_REQUEST_PARAM, str);
    }

    private boolean isAuthFallbackParamPresent(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(AUTH_FALLBACK_QUERY_PARAM) != null;
    }

    @Nullable
    protected abstract String extractRequestedUrl(HttpServletRequest httpServletRequest);

    protected LoginGatewayType getLoginGatewayType() {
        return LoginGatewayType.GLOBAL_LOGIN_GATEWAY;
    }

    private void httpResponseSendSeeOtherRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(Response.Status.SEE_OTHER.getStatusCode());
        httpServletResponse.setHeader("Location", httpServletRequest.getRequestURI());
        httpServletResponse.flushBuffer();
    }
}
