package com.resolution.atlasplugins.samlsso;

import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.resolution.atlasplugins.samlsso.cluster.ClusterNotificationListener;
import com.resolution.atlasplugins.samlsso.cluster.ClusterNotificator;
import com.resolution.samlprocessor.SAMLProcessor;
import com.resolution.samlprocessor.SAMLProcessorException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/SamlSsoService.class */
public abstract class SamlSsoService implements PluginConfigurationListener, ClusterNotificationListener {
    private static final Logger logger = LoggerFactory.getLogger(SamlSsoService.class);
    private static final String CONFIG_UPDATED_MESSAGE = "configUpdated";
    protected final PluginConfiguration pluginConfiguration;
    protected final ApplicationProperties applicationProperties;
    protected final SAMLProcessor samlProcessor;
    protected final AuthenticatorHook authenticatorHook;
    protected final ClusterNotificator clusterNotificator;

    public SamlSsoService(PluginConfiguration pluginConfiguration, ApplicationProperties applicationProperties, TransactionTemplate transactionTemplate, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, AuthenticatorHook authenticatorHook, ClusterNotificator clusterNotificator) {
        this.pluginConfiguration = pluginConfiguration;
        this.pluginConfiguration.addListener(this);
        this.applicationProperties = applicationProperties;
        this.authenticatorHook = authenticatorHook;
        this.clusterNotificator = clusterNotificator;
        try {
            this.samlProcessor = new SAMLProcessor();
            this.samlProcessor.setIdpCertificate(pluginConfiguration.getBase64encodedCertificate());
            if (this.clusterNotificator != null) {
                this.clusterNotificator.register(this);
            }
            logger.debug("Finished constructing SamlSsoService");
        } catch (SAMLProcessorException e) {
            throw new RuntimeException("Initializing SAMLProcessor failed!", e);
        }
    }

    public abstract String getLoginPageUrl();

    public abstract String getRedirectUrlForLogin(HttpServletRequest httpServletRequest);

    public abstract String getRedirectUrlForLogout(HttpServletRequest httpServletRequest);

    public boolean isLoggedInUser() {
        return this.authenticatorHook.isLoggedInUser();
    }

    public SAMLProcessor getSamlProcessor() {
        return this.samlProcessor;
    }

    public String getLogoutUrl() {
        String logoutUrl = this.pluginConfiguration.getLogoutUrl();
        return logoutUrl == null ? getAbsoluteBaseUrl() + Defaults.SSO_LOGOUT_URL : logoutUrl;
    }

    public String generateSamlMetadata() throws SAMLProcessorException {
        if (this.samlProcessor != null) {
            return this.samlProcessor.generateMetadata(getConsumerUrl());
        }
        logger.warn("Not initialized, returning null as metadata!");
        return null;
    }

    public String getConsumerUrl() {
        return getAbsoluteBaseUrl() + Defaults.SSO_LOGIN_URL;
    }

    public boolean isInitialized() {
        return (this.samlProcessor == null || this.authenticatorHook == null || this.pluginConfiguration.getIdpUrl() == null || this.pluginConfiguration.getIdpUrl().isEmpty()) ? false : true;
    }

    public String getAbsoluteBaseUrl() {
        return this.applicationProperties.getBaseUrl(UrlMode.CANONICAL);
    }

    public String getRelativeBaseUrl() {
        String str;
        String absoluteBaseUrl = getAbsoluteBaseUrl();
        try {
            str = new URL(absoluteBaseUrl).getPath();
        } catch (MalformedURLException e) {
            logger.warn("MalformedURLExeception while parsing relarive URL from " + absoluteBaseUrl + ". Returning full URL.");
            str = absoluteBaseUrl;
        }
        logger.debug("Relative base URL is " + str);
        return str;
    }

    public String getSSOUrl() {
        return getAbsoluteBaseUrl() + Defaults.SSO_LOGIN_URL;
    }

    public String getRedirectURLForRequest(HttpServletRequest httpServletRequest) {
        logger.debug("Request is for {} | {}", httpServletRequest.getRequestURL().toString(), httpServletRequest.getQueryString());
        logger.debug("Servlet path is {}", httpServletRequest.getServletPath());
        boolean isOverrideLogoutUrl = this.pluginConfiguration.isOverrideLogoutUrl();
        boolean isOverrideLoginUrl = this.pluginConfiguration.isOverrideLoginUrl();
        if (!isOverrideLogoutUrl && !isOverrideLoginUrl) {
            return null;
        }
        if (httpServletRequest.getParameter("nosso") != null) {
            logger.debug("nosso parameter is present, not redirecting");
            return null;
        }
        String header = httpServletRequest.getHeader("user-agent");
        for (String str : this.pluginConfiguration.getNonSsoUserAgentsList()) {
            if (header != null && header.contains(str)) {
                logger.debug("Not redirecting, this is a non-sso user agent: {}", header);
                return null;
            }
        }
        if (this.authenticatorHook.isLoggedInUser()) {
            if (isOverrideLogoutUrl) {
                return getRedirectUrlForLogout(httpServletRequest);
            }
            return null;
        }
        if (isOverrideLoginUrl) {
            return getRedirectUrlForLogin(httpServletRequest);
        }
        logger.debug("Login redirection is disabled, returning null");
        return null;
    }

    public String getUrlForLogoutRedirect(HttpServletRequest httpServletRequest) {
        return getLogoutUrl();
    }

    public AuthenticatorHook getAuthenticatorHook() {
        return this.authenticatorHook;
    }

    public String transformUserid(String str) {
        String useridTransformationRegex = this.pluginConfiguration.getUseridTransformationRegex();
        String str2 = useridTransformationRegex == null ? "" : useridTransformationRegex;
        String useridTransformationReplacement = this.pluginConfiguration.getUseridTransformationReplacement();
        String str3 = useridTransformationReplacement == null ? "" : useridTransformationReplacement;
        if (str2.isEmpty()) {
            logger.debug("Transformation regex is empty, retuning {}", str);
            return str;
        }
        String replaceAll = str.replaceAll(str2, str3);
        logger.debug("Transformed userid {} to {} using regex {} and replacement {}", new String[]{str, replaceAll, str2, str3});
        return replaceAll;
    }

    @Override // com.resolution.atlasplugins.samlsso.PluginConfigurationListener
    public void configurationUpdated() {
        updateSamlProcessor();
        if (this.clusterNotificator != null) {
            logger.debug("Sending configuration updated message to the cluster");
            this.clusterNotificator.send(CONFIG_UPDATED_MESSAGE);
        }
    }

    @Override // com.resolution.atlasplugins.samlsso.cluster.ClusterNotificationListener
    public void receiveClusterNotification(String str) {
        if (!str.equals(CONFIG_UPDATED_MESSAGE)) {
            logger.debug("Received message {} from cluster. Ignoring it.", str);
        } else {
            logger.info("Configuration was updated on other cluster node");
            updateSamlProcessor();
        }
    }

    protected void updateSamlProcessor() {
        logger.debug("Reloading IdP certificate");
        try {
            this.samlProcessor.setIdpCertificate(this.pluginConfiguration.getBase64encodedCertificate());
        } catch (SAMLProcessorException e) {
            logger.error("SAMLEception while updating certificate. This should not happen, the certificate validity should have been checked during configuration update", e);
        }
    }
}
