package com.atlassian.seraph.auth;

import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.seraph.interceptor.LogoutInterceptor;
import com.atlassian.seraph.util.CookieUtils;
import com.opensymphony.user.EntityNotFoundException;
import com.opensymphony.user.User;
import com.opensymphony.user.UserManager;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Category;

/* loaded from: input_file:WEB-INF/lib/seraph-0.7.7-berkano-SNAPSHOT.jar:com/atlassian/seraph/auth/DefaultAuthenticator.class */
public class DefaultAuthenticator extends AbstractAuthenticator {
    private String loginCookieKey;
    private static final Category log;
    public static String LOGGED_IN_KEY;
    public static String LOGGED_OUT_KEY;
    private static int AUTOLOGIN_COOKIE_AGE;
    static Class class$com$atlassian$seraph$auth$DefaultAuthenticator;
    static Class class$com$atlassian$seraph$interceptor$LogoutInterceptor;

    @Override // com.atlassian.seraph.auth.AbstractAuthenticator, com.atlassian.seraph.Initable
    public void init(Map map, SecurityConfig securityConfig) {
        log.debug(new StringBuffer().append(getClass().getName()).append(" $Revision: 1.11 $ initializing").toString());
        super.init(map, securityConfig);
        this.loginCookieKey = securityConfig.getLoginCookieKey();
    }

    @Override // com.atlassian.seraph.auth.AbstractAuthenticator, com.atlassian.seraph.auth.Authenticator
    public boolean isUserInRole(HttpServletRequest httpServletRequest, String str) {
        return getRoleMapper().hasRole(getUser(httpServletRequest), httpServletRequest, str);
    }

    @Override // com.atlassian.seraph.auth.AbstractAuthenticator, com.atlassian.seraph.auth.Authenticator
    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticatorException {
        Principal user = getUser(str);
        if (user == null) {
            log.info(new StringBuffer().append("Cannot login user '").append(str).append("' as they do not exist.").toString());
        } else if (authenticate(user, str2)) {
            httpServletRequest.getSession().setAttribute(LOGGED_IN_KEY, user);
            httpServletRequest.getSession().setAttribute(LOGGED_OUT_KEY, (Object) null);
            if (getRoleMapper().canLogin(user, httpServletRequest)) {
                if (!z || httpServletResponse == null) {
                    return true;
                }
                CookieUtils.setCookie(httpServletRequest, httpServletResponse, getLoginCookieKey(), CookieUtils.encodePasswordCookie(str, str2, getConfig().getCookieEncoding()), AUTOLOGIN_COOKIE_AGE, getCookiePath(httpServletRequest));
                return true;
            }
            httpServletRequest.getSession().removeAttribute(LOGGED_IN_KEY);
        } else {
            log.info(new StringBuffer().append("Cannot login user '").append(str).append("' as they used an incorrect password").toString());
        }
        if (httpServletResponse == null || CookieUtils.getCookie(httpServletRequest, getLoginCookieKey()) == null) {
            return false;
        }
        log.warn(new StringBuffer().append("User: ").append(str).append(" tried to login but they do not have USE permission or weren't found. Deleting cookie.").toString());
        try {
            CookieUtils.invalidateCookie(httpServletRequest, httpServletResponse, getLoginCookieKey(), getCookiePath(httpServletRequest));
            return false;
        } catch (Exception e) {
            log.error(new StringBuffer().append("Could not invalidate cookie: ").append(e).toString(), e);
            return false;
        }
    }

    protected RoleMapper getRoleMapper() {
        return SecurityConfigFactory.getInstance().getRoleMapper();
    }

    protected Principal getUser(String str) {
        try {
            return UserManager.getInstance().getUser(str);
        } catch (EntityNotFoundException e) {
            log.debug(new StringBuffer().append("Could not find user who tried to login: ").append(e).toString());
            return null;
        }
    }

    protected boolean authenticate(Principal principal, String str) {
        return ((User) principal).authenticate(str);
    }

    @Override // com.atlassian.seraph.auth.AbstractAuthenticator, com.atlassian.seraph.auth.Authenticator
    public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticatorException {
        List logoutInterceptors = getLogoutInterceptors();
        Iterator it = logoutInterceptors.iterator();
        while (it.hasNext()) {
            ((LogoutInterceptor) it.next()).beforeLogout(httpServletRequest, httpServletResponse);
        }
        httpServletRequest.getSession().setAttribute(LOGGED_IN_KEY, (Object) null);
        httpServletRequest.getSession().setAttribute(LOGGED_OUT_KEY, Boolean.TRUE);
        try {
            CookieUtils.invalidateCookie(httpServletRequest, httpServletResponse, getLoginCookieKey(), getCookiePath(httpServletRequest));
        } catch (Exception e) {
            log.error(new StringBuffer().append("Could not invalidate cookie: ").append(e).toString(), e);
        }
        Iterator it2 = logoutInterceptors.iterator();
        while (it2.hasNext()) {
            ((LogoutInterceptor) it2.next()).afterLogout(httpServletRequest, httpServletResponse);
        }
        return true;
    }

    @Override // com.atlassian.seraph.auth.AbstractAuthenticator, com.atlassian.seraph.auth.Authenticator
    public Principal getUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Principal principal = null;
        try {
            if (httpServletRequest.getSession() != null && httpServletRequest.getSession().getAttribute(LOGGED_OUT_KEY) != null) {
                log.debug("Session found; user already logged in");
                principal = null;
            } else if (httpServletRequest.getSession() == null || httpServletRequest.getSession().getAttribute(LOGGED_IN_KEY) == null) {
                Cookie cookie = CookieUtils.getCookie(httpServletRequest, getLoginCookieKey());
                if (cookie != null) {
                    String[] decodePasswordCookie = CookieUtils.decodePasswordCookie(cookie.getValue(), SecurityConfigFactory.getInstance().getCookieEncoding());
                    if (decodePasswordCookie != null && login(httpServletRequest, httpServletResponse, decodePasswordCookie[0], decodePasswordCookie[1], false)) {
                        log.debug("Logged user in via a cookie");
                        return getUser(httpServletRequest);
                    }
                    log.debug("Cannot log user in via a cookie");
                }
            } else {
                log.debug("Session found; user already logged in");
                principal = (Principal) httpServletRequest.getSession().getAttribute(LOGGED_IN_KEY);
            }
        } catch (Exception e) {
            log.warn(new StringBuffer().append("Exception: ").append(e).toString(), e);
        }
        return principal;
    }

    protected String getCookiePath(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        return (contextPath == null || contextPath.equals("")) ? "/" : !contextPath.startsWith("/") ? new StringBuffer().append("/").append(contextPath).toString() : contextPath;
    }

    protected String getLoginCookieKey() {
        return this.loginCookieKey;
    }

    protected List getLogoutInterceptors() {
        Class cls;
        SecurityConfig config = getConfig();
        if (class$com$atlassian$seraph$interceptor$LogoutInterceptor == null) {
            cls = class$("com.atlassian.seraph.interceptor.LogoutInterceptor");
            class$com$atlassian$seraph$interceptor$LogoutInterceptor = cls;
        } else {
            cls = class$com$atlassian$seraph$interceptor$LogoutInterceptor;
        }
        return config.getInterceptors(cls);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$atlassian$seraph$auth$DefaultAuthenticator == null) {
            cls = class$(Authenticator.DEFAULT_AUTHENTICATOR);
            class$com$atlassian$seraph$auth$DefaultAuthenticator = cls;
        } else {
            cls = class$com$atlassian$seraph$auth$DefaultAuthenticator;
        }
        log = Category.getInstance(cls);
        LOGGED_IN_KEY = "seraph_defaultauthenticator_user";
        LOGGED_OUT_KEY = "seraph_defaultauthenticator_logged_out_user";
        AUTOLOGIN_COOKIE_AGE = 31536000;
    }
}
