package com.resolution.atlasplugins.samlsso;

import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.event.user.LoginEvent;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.seraph.config.SecurityConfigFactory;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/JiraAuthenticatorHook.class */
public class JiraAuthenticatorHook implements AuthenticatorHook {
    private final Logger logger = LoggerFactory.getLogger(JiraAuthenticatorHook.class);
    private TransactionTemplate transactionTemplate;
    private List<String> groupsToAddUserTo;
    private DefaultAuthenticator authenticator;
    private EventPublisher eventPublisher;
    private CrowdService crowdService;
    private CrowdDirectoryService crowdDirectoryService;
    private boolean enableUserForLogin;

    public JiraAuthenticatorHook(TransactionTemplate transactionTemplate, List<String> list, boolean z, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService) {
        this.transactionTemplate = transactionTemplate;
        this.groupsToAddUserTo = list;
        this.eventPublisher = eventPublisher;
        this.crowdService = crowdService;
        this.crowdDirectoryService = crowdDirectoryService;
        this.enableUserForLogin = z;
        DefaultAuthenticator authenticator = SecurityConfigFactory.getInstance().getAuthenticator();
        if (!(authenticator instanceof DefaultAuthenticator)) {
            throw new AuthenticatorHookException("This authenticator of type " + this.authenticator.getClass().getCanonicalName() + "is not a DefaultAuthenticator.");
        }
        this.authenticator = authenticator;
    }

    @Override // com.resolution.atlasplugins.samlsso.AuthenticatorHook
    public boolean authoriseUserAndEstablishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticatorHookException {
        User user = getUser(str);
        if (user == null) {
            this.logger.debug("User " + str + " was not found.");
            return false;
        }
        this.logger.debug("Principal name is: " + user.getName() + ", class is: " + user.getClass().getCanonicalName());
        try {
            Object[] objArr = {httpServletRequest, httpServletResponse, user};
            Method declaredMethod = DefaultAuthenticator.class.getDeclaredMethod("authoriseUserAndEstablishSession", HttpServletRequest.class, HttpServletResponse.class, Principal.class);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(this.authenticator, objArr);
            if (!(invoke instanceof Boolean)) {
                throw new AuthenticatorHookException("Authenticator method did not return a boolean, but a " + invoke.getClass().getCanonicalName());
            }
            boolean booleanValue = ((Boolean) invoke).booleanValue();
            this.logger.debug("authoriseUserAndEstablishSession returned " + booleanValue);
            if (booleanValue) {
                this.eventPublisher.publish(new LoginEvent(user));
            } else if (this.enableUserForLogin && addUserToJiraUsers(user)) {
                boolean booleanValue2 = ((Boolean) declaredMethod.invoke(this.authenticator, objArr)).booleanValue();
                removeUserFromJiraUsers(user);
                if (booleanValue) {
                    this.eventPublisher.publish(new LoginEvent(user));
                }
                booleanValue = booleanValue2;
            }
            return booleanValue;
        } catch (IllegalAccessException e) {
            throw new AuthenticatorHookException(e);
        } catch (IllegalArgumentException e2) {
            throw new AuthenticatorHookException(e2);
        } catch (NoSuchMethodException e3) {
            throw new AuthenticatorHookException(e3);
        } catch (SecurityException e4) {
            throw new AuthenticatorHookException(e4);
        } catch (InvocationTargetException e5) {
            throw new AuthenticatorHookException(e5.getCause());
        }
    }

    protected boolean addUserToJiraUsers(User user) {
        try {
            this.logger.debug("Adding {} to jira-users", user.getName());
            return this.crowdService.addUserToGroup(user, this.crowdService.getGroup(SamlSsoComponent.DEFAULTJIRAGROUPS));
        } catch (OperationNotPermittedException e) {
            this.logger.warn("Could not add {} to jira-users", user.getName(), e);
            return false;
        }
    }

    protected boolean removeUserFromJiraUsers(User user) {
        try {
            this.logger.debug("Removing {} from jira-users", user.getName());
            return this.crowdService.removeUserFromGroup(user, this.crowdService.getGroup(SamlSsoComponent.DEFAULTJIRAGROUPS));
        } catch (OperationNotPermittedException e) {
            this.logger.warn("Could not remove {} from jira-users", user.getName(), e);
            return false;
        }
    }

    protected User getUser(final String str) throws AuthenticatorHookException {
        return (User) this.transactionTemplate.execute(new TransactionCallback<User>() { // from class: com.resolution.atlasplugins.samlsso.JiraAuthenticatorHook.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public User m99doInTransaction() {
                DirectoryManager directoryManager = (DirectoryManager) ComponentAccessor.getComponent(DirectoryManager.class);
                com.atlassian.crowd.model.user.User user = null;
                Iterator it = JiraAuthenticatorHook.this.crowdDirectoryService.findAllDirectories().iterator();
                while (it.hasNext()) {
                    try {
                        user = directoryManager.findUserByName(((Directory) it.next()).getId().longValue(), str);
                    } catch (Exception e) {
                        JiraAuthenticatorHook.this.logger.warn("Exception", e);
                    }
                }
                com.atlassian.crowd.model.user.User user2 = user;
                if (user2 == null) {
                    return null;
                }
                Iterator it2 = JiraAuthenticatorHook.this.groupsToAddUserTo.iterator();
                while (it2.hasNext()) {
                    Group group = JiraAuthenticatorHook.this.crowdService.getGroup((String) it2.next());
                    if (group != null && !JiraAuthenticatorHook.this.crowdService.isUserMemberOfGroup(user2, group)) {
                        try {
                            if (JiraAuthenticatorHook.this.crowdService.addUserToGroup(user2, group)) {
                                JiraAuthenticatorHook.this.logger.debug("added {} to group {}", user2.getName(), group.getName());
                            }
                        } catch (OperationNotPermittedException e2) {
                            throw new AuthenticatorHookException("Adding " + user2.getName() + " to group " + group.getName() + " failed", e2);
                        }
                    }
                }
                return user2;
            }
        });
    }
}
