package com.resolution.atlasplugins.samlsso;

import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.seraph.auth.Authenticator;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.resolution.atlasplugins.samlsso.cluster.ClusterNotificationListener;
import com.resolution.atlasplugins.samlsso.cluster.ClusterNotificator;
import com.resolution.atlasplugins.samlsso.configuration.PluginConfiguration;
import com.resolution.atlasplugins.samlsso.configuration.PluginConfigurationListener;
import com.resolution.samlprocessor.SAMLProcessor;
import com.resolution.samlprocessor.SAMLProcessorException;
import com.resolution.samlprocessor.SAMLResponseContent;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/AbstractSamlSsoService.class */
public abstract class AbstractSamlSsoService implements PluginConfigurationListener, ClusterNotificationListener, SamlSsoService {
    private static final Logger logger = LoggerFactory.getLogger(AbstractSamlSsoService.class);
    private static final String CONFIG_UPDATED_MESSAGE = "configUpdated";
    protected boolean initialized = false;
    protected final PluginConfiguration pluginConfiguration;
    protected final ApplicationProperties applicationProperties;
    protected final AuthenticatorHook authenticatorHook;
    protected final ClusterNotificator clusterNotificator;
    protected final CrowdDirectoryService crowdDirectoryService;
    protected SAMLProcessor samlProcessor;

    public AbstractSamlSsoService(PluginConfiguration pluginConfiguration, ApplicationProperties applicationProperties, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, AuthenticatorHook authenticatorHook, ClusterNotificator clusterNotificator) {
        this.pluginConfiguration = pluginConfiguration;
        this.pluginConfiguration.addListener(this);
        this.applicationProperties = applicationProperties;
        this.crowdDirectoryService = crowdDirectoryService;
        this.authenticatorHook = authenticatorHook;
        this.clusterNotificator = clusterNotificator;
        if (this.clusterNotificator != null) {
            this.clusterNotificator.register(this);
        }
        applyConfiguration();
        logger.debug("Finished constructing SamlSsoService");
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public abstract String getLoginPageUrl();

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public abstract String getRedirectUrlForLogin(HttpServletRequest httpServletRequest);

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRedirectUrlForLogin(HttpServletRequest httpServletRequest, String str) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        if (!substring.contains(str)) {
            Iterator<String> it = this.pluginConfiguration.getEnforceSsoDestinationsList().iterator();
            while (it.hasNext()) {
                if (Pattern.matches(it.next(), substring)) {
                    String queryString = httpServletRequest.getQueryString();
                    String str2 = substring;
                    if (queryString != null) {
                        str2 = String.valueOf(str2) + "?" + queryString;
                    }
                    String str3 = null;
                    try {
                        str3 = URLEncoder.encode(str2, "UTF-8");
                    } catch (UnsupportedEncodingException e) {
                        logger.error("Encoding " + queryString + " failed, THIS SHOULD NEVER HAPPEN", e);
                    }
                    logger.debug("QUERYSTRING === {}", queryString);
                    logger.debug("PATHWQSTR   === {}", str2);
                    logger.debug("EPATHWQSTR  === {}", str3);
                    String str4 = String.valueOf(getSSOUrl()) + "?redirectTo=" + str3;
                    logger.debug("URL matched erforced SSO Regex {}, redirecting to {}", substring, str4);
                    return str4;
                }
            }
            return null;
        }
        String header = httpServletRequest.getHeader("referer");
        logger.debug("REFERER   === {}", header);
        if (header != null && header.contains(str)) {
            logger.debug("Referer {} contains {}, not redirecting", header, str);
            return null;
        }
        String parameter = httpServletRequest.getParameter("os_destination");
        if (parameter == null) {
            return getSSOUrl();
        }
        try {
            parameter = URLEncoder.encode(parameter, "UTF-8");
            logger.debug("Re-encoded destination is {}", parameter);
        } catch (UnsupportedEncodingException e2) {
            logger.error("URLencoding failed, THIS SHOULD NEVER HAPPEN!", e2);
        }
        Iterator<String> it2 = this.pluginConfiguration.getNonSsoDestinationsList().iterator();
        while (it2.hasNext()) {
            if (parameter.contains(it2.next())) {
                logger.debug("Not redirecting, this is a non-sso link url: {}", parameter);
                return null;
            }
        }
        return String.valueOf(getSSOUrl()) + "?redirectTo=" + parameter;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public abstract String getRedirectUrlForLogout(HttpServletRequest httpServletRequest);

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public abstract boolean prepareUser(SAMLResponseContent sAMLResponseContent, boolean z, boolean z2) throws UserPreparationException;

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isLoggedInUser() {
        return this.authenticatorHook.isLoggedInUser();
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public SAMLProcessor getSamlProcessor() {
        return this.samlProcessor;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String generateSamlMetadata() throws SAMLProcessorException {
        if (this.initialized) {
            return this.samlProcessor.generateMetadata(getConsumerUrl());
        }
        logger.warn("Not initialized, returning null as metadata!");
        return null;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getConsumerUrl() {
        return String.valueOf(getAbsoluteBaseUrl()) + Defaults.SSO_LOGIN_URL;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isInitialized() {
        return this.initialized;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getAbsoluteBaseUrl() {
        String baseUrl = this.applicationProperties.getBaseUrl(UrlMode.CANONICAL);
        logger.trace("returning absolute base URL {}", baseUrl);
        return baseUrl;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getRelativeBaseUrl() {
        return this.applicationProperties.getBaseUrl(UrlMode.RELATIVE_CANONICAL);
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getSSOUrl() {
        return String.valueOf(getAbsoluteBaseUrl()) + Defaults.SSO_LOGIN_URL;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getRedirectURLForRequest(HttpServletRequest httpServletRequest) {
        if (logger.isTraceEnabled()) {
            logger.trace("Request is for {} | {}", httpServletRequest.getRequestURL().toString(), httpServletRequest.getQueryString());
            logger.trace("Servlet path is {}", httpServletRequest.getServletPath());
        }
        boolean isOverrideLogoutUrl = this.pluginConfiguration.isOverrideLogoutUrl();
        boolean isOverrideLoginUrl = this.pluginConfiguration.isOverrideLoginUrl();
        if (!isOverrideLogoutUrl && !isOverrideLoginUrl) {
            return null;
        }
        if (httpServletRequest.getParameter("nosso") != null) {
            logger.trace("nosso parameter is present, not redirecting");
            return null;
        }
        String header = httpServletRequest.getHeader("user-agent");
        for (String str : this.pluginConfiguration.getNonSsoUserAgentsList()) {
            if (header != null && header.contains(str)) {
                logger.trace("Not redirecting, this is a non-sso user agent: {}", header);
                return null;
            }
        }
        if (this.authenticatorHook.isLoggedInUser()) {
            if (isOverrideLogoutUrl) {
                return getRedirectUrlForLogout(httpServletRequest);
            }
            return null;
        }
        if (isOverrideLoginUrl) {
            return getRedirectUrlForLogin(httpServletRequest);
        }
        logger.trace("Login redirection is disabled, returning null");
        return null;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public AuthenticatorHook getAuthenticatorHook() {
        return this.authenticatorHook;
    }

    @Override // com.resolution.atlasplugins.samlsso.configuration.PluginConfigurationListener, com.resolution.atlasplugins.samlsso.SamlSsoService
    public void configurationUpdated() {
        this.pluginConfiguration.load();
        applyConfiguration();
        if (this.clusterNotificator != null) {
            logger.debug("Sending configuration updated message to the cluster");
            this.clusterNotificator.send(CONFIG_UPDATED_MESSAGE);
        }
    }

    @Override // com.resolution.atlasplugins.samlsso.cluster.ClusterNotificationListener, com.resolution.atlasplugins.samlsso.SamlSsoService
    public void receiveClusterNotification(String str) {
        if (!str.equals(CONFIG_UPDATED_MESSAGE)) {
            logger.debug("Received message {} from cluster. Ignoring it.", str);
            return;
        }
        logger.info("Configuration was updated on other cluster node. Reloading configuration.");
        this.pluginConfiguration.load();
        applyConfiguration();
    }

    protected void applyConfiguration() {
        logger.debug("Reading writable directories");
        try {
            this.samlProcessor = new SAMLProcessor(getConsumerUrl(), this.pluginConfiguration.getIdpConfigurations());
            this.initialized = true;
        } catch (SAMLProcessorException e) {
            logger.error("Creating SAMLProcessor failed", e);
            this.initialized = false;
        }
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public final boolean checkForSamlSsoAuthenticator() {
        Authenticator authenticator = SecurityConfigFactory.getInstance().getAuthenticator();
        for (Class<?> cls : authenticator.getClass().getInterfaces()) {
            if (cls.getName().equals("com.resolution.samlsso.authenticator.SamlSsoAuthenticator")) {
                logger.debug("Authenticator {} implements SamlSsoAuthenticator", authenticator.getClass().getName());
                return true;
            }
        }
        logger.debug("Authenticator {} does not implement SamlSsoAuthenticator", authenticator.getClass().getName());
        return false;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isJira7() {
        return false;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isJira6() {
        return false;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isJiraServiceDesk() {
        return false;
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean isConfluence() {
        return false;
    }
}
