package com.resolution.atlasplugins.samlsso.confluence;

import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.resolution.atlasplugins.samlsso.AbstractSamlSsoService;
import com.resolution.atlasplugins.samlsso.AuthenticatorHook;
import com.resolution.atlasplugins.samlsso.Defaults;
import com.resolution.atlasplugins.samlsso.UserPreparationException;
import com.resolution.atlasplugins.samlsso.cluster.ClusterNotificator;
import com.resolution.atlasplugins.samlsso.configuration.PluginConfiguration;
import com.resolution.samlprocessor.SAMLResponseContent;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/confluence/ConfluenceSamlSsoService.class */
public class ConfluenceSamlSsoService extends AbstractSamlSsoService {
    private static final Logger logger = LoggerFactory.getLogger(ConfluenceSamlSsoService.class);
    private final UserModificator userModificator;
    private final UserAccessor userAccessor;

    public ConfluenceSamlSsoService(PluginConfiguration pluginConfiguration, ApplicationProperties applicationProperties, TransactionTemplate transactionTemplate, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, AuthenticatorHook authenticatorHook, ClusterNotificator clusterNotificator, UserModificator userModificator, UserAccessor userAccessor) {
        super(pluginConfiguration, applicationProperties, eventPublisher, crowdService, crowdDirectoryService, authenticatorHook, clusterNotificator);
        this.userModificator = userModificator;
        this.userAccessor = userAccessor;
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractSamlSsoService, com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getLoginPageUrl() {
        return getRelativeBaseUrl() + "/login.action?nosso";
    }

    @Override // com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getAbsoluteLoginPageUrl() {
        return getAbsoluteBaseUrl() + "/login.action?nosso";
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractSamlSsoService, com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getRedirectUrlForLogin(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (!servletPath.equals("/login.action")) {
            if (servletPath.equals("/dashboard.action") && this.pluginConfiguration.isRedirectDashboardUrl()) {
                return getSSOUrl() + "?redirectTo=%2Fdashboard.action";
            }
            return null;
        }
        String header = httpServletRequest.getHeader("referer");
        if (header != null && header.contains("login.action")) {
            logger.debug("Referer {} contains login.action, not redirecting", header);
            return null;
        }
        String parameter = httpServletRequest.getParameter("os_destination");
        logger.debug("Destination parameter for login page is {}", parameter);
        if (parameter == null) {
            return getSSOUrl();
        }
        try {
            parameter = URLEncoder.encode(parameter, "UTF-8");
            logger.debug("Re-encoded destination is {}", parameter);
        } catch (UnsupportedEncodingException e) {
            logger.error("URLencoding failed:", e);
        }
        Iterator<String> it = this.pluginConfiguration.getNonSsoDestinationsList().iterator();
        while (it.hasNext()) {
            if (parameter.contains(it.next())) {
                logger.debug("Not redirecting, this is a no-sso-destination link url: {}", parameter);
                return null;
            }
        }
        return getSSOUrl() + "?redirectTo=" + parameter;
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractSamlSsoService, com.resolution.atlasplugins.samlsso.SamlSsoService
    public String getRedirectUrlForLogout(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.equals("/login.action") && httpServletRequest.getParameter("logout") != null && httpServletRequest.getParameter("logout").equals(true)) {
            return Defaults.SSO_LOGOUT_URL;
        }
        if (servletPath.equals("/logout.action")) {
            return getRelativeBaseUrl() + Defaults.SSO_LOGOUT_URL;
        }
        return null;
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractSamlSsoService, com.resolution.atlasplugins.samlsso.SamlSsoService
    public boolean prepareUser(SAMLResponseContent sAMLResponseContent, boolean z) throws UserPreparationException {
        boolean z2;
        if (!sAMLResponseContent.isUpdateUser()) {
            logger.debug("User update is not enabled");
            return false;
        }
        boolean z3 = false;
        String userid = sAMLResponseContent.getUserid();
        ConfluenceUser confluenceUser = null;
        if (this.userAccessor.exists(userid)) {
            confluenceUser = this.userAccessor.getUserByName(userid);
        }
        if (confluenceUser == null) {
            logger.info("Creating user {}", userid);
            z2 = z;
            try {
                confluenceUser = this.userModificator.createUser(userid, sAMLResponseContent.getFullName(), sAMLResponseContent.getEmailAddress());
                z3 = true;
            } catch (UserModificatorException e) {
                throw new UserPreparationException(e);
            }
        } else {
            try {
                if (sAMLResponseContent.isUpdateExisting() || this.userModificator.isSAMLCreated(confluenceUser)) {
                    z3 = this.userModificator.updateUser(confluenceUser, sAMLResponseContent.getFullName(), sAMLResponseContent.getEmailAddress());
                    z2 = z;
                } else {
                    logger.debug("This user is not created by us and updating existing users is not enabled, not changing users");
                    z2 = false;
                }
            } catch (UserModificatorException e2) {
                throw new UserPreparationException(e2);
            }
        }
        if (z2) {
            boolean z4 = sAMLResponseContent.isRemoveFromGroups() && this.userModificator.isSAMLCreated(confluenceUser);
            HashSet hashSet = new HashSet();
            hashSet.addAll(this.pluginConfiguration.getGroupsToAddUserToList());
            hashSet.addAll(sAMLResponseContent.getGroups());
            try {
                z3 = z3 || this.userModificator.updateUserGroups(confluenceUser, hashSet, z4);
            } catch (UserModificatorException e3) {
                throw new UserPreparationException(e3);
            }
        } else {
            logger.debug("updateGroups is false, not updating user groups");
        }
        return z3;
    }
}
