package com.atlassian.plugins.authentication.sso.web.filter.authentication;

import com.atlassian.confluence.admin.criteria.WritableDirectoryExistsCriteria;
import com.atlassian.confluence.security.CaptchaManager;
import com.atlassian.confluence.security.login.LoginManager;
import com.atlassian.confluence.user.SignupManager;
import com.atlassian.confluence.util.UserChecker;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.api.config.IdpConfigService;
import com.atlassian.plugins.authentication.api.config.LoginOption;
import com.atlassian.plugins.authentication.api.config.LoginOptionsService;
import com.atlassian.plugins.authentication.api.config.SsoConfigService;
import com.atlassian.plugins.authentication.sso.johnson.JohnsonChecker;
import com.atlassian.plugins.authentication.sso.web.AuthenticationHandlerProvider;
import com.atlassian.plugins.authentication.sso.web.exception.UnsupportedHttpMethodException;
import com.atlassian.plugins.authentication.sso.web.filter.authentication.confluence.ConfluenceActionResolver;
import com.atlassian.plugins.authentication.sso.web.filter.authentication.confluence.ConfluenceActionResolverFactory;
import com.atlassian.sal.api.features.DarkFeatureManager;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/filter/authentication/ConfluenceAuthenticationFilter.class */
public class ConfluenceAuthenticationFilter extends SeraphAuthenticationFilter {
    private final SignupManager signupManager;
    private final UserChecker userChecker;
    private final WritableDirectoryExistsCriteria writableDirectoryExistsCriteria;
    private final ConfluenceActionResolver defaultActionResolver;
    private final ConfluenceActionResolver darkFeatureActionResolver;
    private final DarkFeatureManager darkFeatureManager;
    private final CaptchaManager captchaManager;
    private final LoginManager loginManager;
    private final SsoConfigService ssoConfigService;
    private static final String LOGIN_ACTION_CLASSNAME = "com.atlassian.confluence.user.actions.LoginAction";
    private static final String SIGNUP_ACTION_CLASSNAME = "com.atlassian.confluence.user.actions.SignUpAction";
    private static final Set<String> PUBLIC_AUTHENTICATION_ACTIONS = ImmutableSet.builder().add(LOGIN_ACTION_CLASSNAME).add(SIGNUP_ACTION_CLASSNAME).build();

    /* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/filter/authentication/ConfluenceAuthenticationFilter$DarkFeature.class */
    public enum DarkFeature {
        FILTER_REQUEST_WITH_ACTION_CONFIG_DISABLED("atlassian.authentication.sso.filter.request.action.configuration.disabled");

        private final String key;

        DarkFeature(String str) {
            this.key = str;
        }

        public String getKey() {
            return this.key;
        }
    }

    public ConfluenceAuthenticationFilter(AuthenticationHandlerProvider authenticationHandlerProvider, IdpConfigService idpConfigService, LoginOptionsService loginOptionsService, JohnsonChecker johnsonChecker, ConfluenceActionResolverFactory confluenceActionResolverFactory, SsoConfigService ssoConfigService, @ComponentImport SignupManager signupManager, @ComponentImport UserChecker userChecker, @ComponentImport WritableDirectoryExistsCriteria writableDirectoryExistsCriteria, @ComponentImport DarkFeatureManager darkFeatureManager, @ComponentImport CaptchaManager captchaManager, @ComponentImport LoginManager loginManager) {
        super(authenticationHandlerProvider, idpConfigService, loginOptionsService, johnsonChecker);
        this.defaultActionResolver = confluenceActionResolverFactory.createActionResolver();
        this.darkFeatureActionResolver = confluenceActionResolverFactory.createStaticActionResolver(LOGIN_ACTION_CLASSNAME, SIGNUP_ACTION_CLASSNAME);
        this.ssoConfigService = ssoConfigService;
        this.signupManager = signupManager;
        this.userChecker = userChecker;
        this.writableDirectoryExistsCriteria = writableDirectoryExistsCriteria;
        this.darkFeatureManager = darkFeatureManager;
        this.captchaManager = captchaManager;
        this.loginManager = loginManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.plugins.authentication.sso.web.filter.authentication.AuthenticationFilter, com.atlassian.plugins.authentication.sso.web.filter.AbstractJohnsonAwareFilter
    public void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isRequestForPublicAuthenticationPage((HttpServletRequest) servletRequest)) {
            super.doFilterInternal(servletRequest, servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    @Override // com.atlassian.plugins.authentication.sso.web.filter.authentication.AuthenticationFilter
    protected boolean isProductSpecificSkip(List<LoginOption> list, HttpServletRequest httpServletRequest) {
        return isSignUpHidden(httpServletRequest) || isPostToNativeLoginPage(list, httpServletRequest) || isCaptchaSpecificSkip(list, httpServletRequest);
    }

    @Override // com.atlassian.plugins.authentication.sso.web.filter.authentication.AuthenticationFilter
    protected boolean isSupportedHttpMethod(HttpServletRequest httpServletRequest) {
        String method = httpServletRequest.getMethod();
        if (method.equals("GET") || method.equals("HEAD")) {
            return true;
        }
        throw new UnsupportedHttpMethodException(method);
    }

    private boolean isSignUpHidden(HttpServletRequest httpServletRequest) {
        return isOnPublicSignupPage(httpServletRequest) && this.signupManager.isPublicSignupPermitted() && this.userChecker.isLicensedToAddMoreUsers() && this.writableDirectoryExistsCriteria.isMet();
    }

    private boolean isRequestForPublicAuthenticationPage(HttpServletRequest httpServletRequest) {
        Optional<String> actionConfigClassName = getActionResolver().getActionConfigClassName(httpServletRequest);
        Set<String> set = PUBLIC_AUTHENTICATION_ACTIONS;
        set.getClass();
        return actionConfigClassName.filter((v1) -> {
            return r1.contains(v1);
        }).isPresent();
    }

    private ConfluenceActionResolver getActionResolver() {
        Optional isEnabledForAllUsers = this.darkFeatureManager.isEnabledForAllUsers(DarkFeature.FILTER_REQUEST_WITH_ACTION_CONFIG_DISABLED.getKey());
        Boolean bool = Boolean.TRUE;
        bool.getClass();
        return ((Boolean) isEnabledForAllUsers.filter((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue() ? this.darkFeatureActionResolver : this.defaultActionResolver;
    }

    private boolean isOnPublicSignupPage(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getServletPath() != null && ("/signup.action".equals(httpServletRequest.getServletPath()) || "/dosignup.action".equals(httpServletRequest.getServletPath()));
    }

    private boolean isPostToNativeLoginPage(List<LoginOption> list, HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && isNativeLoginTheOnlyAvailable(list);
    }

    private boolean isCaptchaSpecificSkip(List<LoginOption> list, HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && (isNativeLoginPageAvailable(list) || isGlobalAuthenticationFallbackEnabled()) && isCaptchaRequired(httpServletRequest);
    }

    private boolean isCaptchaRequired(HttpServletRequest httpServletRequest) {
        return this.captchaManager.isCaptchaAvailable() && this.loginManager.requiresElevatedSecurityCheck(httpServletRequest.getParameter("os_username"));
    }

    private boolean isGlobalAuthenticationFallbackEnabled() {
        return this.ssoConfigService.getSsoConfig().enableAuthenticationFallback();
    }

    private boolean isNativeLoginTheOnlyAvailable(List<LoginOption> list) {
        return list.size() == 1 && ((LoginOption) Iterables.getOnlyElement(list)).getType().equals(LoginOption.Type.LOGIN_FORM);
    }

    private boolean isNativeLoginPageAvailable(List<LoginOption> list) {
        return list.stream().anyMatch(loginOption -> {
            return loginOption.getType().equals(LoginOption.Type.LOGIN_FORM);
        });
    }
}
