package com.resolution.atlasplugins.samlsso;

import com.atlassian.crowd.dao.application.ApplicationDAO;
import com.atlassian.crowd.directory.DelegatedAuthenticationDirectory;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdUser;
import com.atlassian.crowd.event.user.UserAuthenticatedEvent;
import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.DirectoryMapping;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.spring.container.ContainerManager;
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/ConfluenceAuthenticatorHook.class */
public class ConfluenceAuthenticatorHook extends AbstractAuthenticatorHook {
    private final Logger logger = LoggerFactory.getLogger(ConfluenceAuthenticatorHook.class);
    private DefaultAuthenticator authenticator;
    private TransactionTemplate transactionTemplate;
    private ApplicationService applicationService;
    private ApplicationDAO applicationDao;
    private DirectoryInstanceLoader directoryLoader;
    private EventPublisher eventPublisher;

    public ConfluenceAuthenticatorHook(TransactionTemplate transactionTemplate) throws AuthenticatorHookException {
        this.logger.debug("Creating ConfluenceAuthenticatorHook...");
        this.transactionTemplate = transactionTemplate;
        DefaultAuthenticator authenticator = SecurityConfigFactory.getInstance().getAuthenticator();
        if (!(authenticator instanceof DefaultAuthenticator)) {
            throw new AuthenticatorHookException("This authenticator of type " + this.authenticator.getClass().getCanonicalName() + "is not a DefaultAuthenticator.");
        }
        this.authenticator = authenticator;
    }

    @Override // com.resolution.atlasplugins.samlsso.AuthenticatorHook
    public boolean authoriseUserAndEstablishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticatorHookException {
        Principal user = getUser(str);
        if (user == null) {
            this.logger.debug("User " + str + " was not found.");
            return false;
        }
        this.logger.debug("Principal name is: " + user.getName() + ", class is: " + user.getClass().getCanonicalName());
        try {
            httpServletRequest.setAttribute("com.atlassian.confluence.login.direct", true);
            Object[] objArr = {httpServletRequest, httpServletResponse, user};
            Method declaredMethod = DefaultAuthenticator.class.getDeclaredMethod("authoriseUserAndEstablishSession", HttpServletRequest.class, HttpServletResponse.class, Principal.class);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(this.authenticator, objArr);
            if (!(invoke instanceof Boolean)) {
                throw new AuthenticatorHookException("Authenticator method did not return a boolean, but a " + invoke.getClass().getCanonicalName());
            }
            boolean booleanValue = ((Boolean) invoke).booleanValue();
            this.logger.debug("authoriseUserAndEstablishSession returned " + booleanValue);
            return booleanValue;
        } catch (IllegalAccessException e) {
            throw new AuthenticatorHookException(e);
        } catch (IllegalArgumentException e2) {
            throw new AuthenticatorHookException(e2);
        } catch (NoSuchMethodException e3) {
            throw new AuthenticatorHookException(e3);
        } catch (SecurityException e4) {
            throw new AuthenticatorHookException(e4);
        } catch (InvocationTargetException e5) {
            throw new AuthenticatorHookException(e5.getCause());
        }
    }

    protected Principal getUser(String str) throws AuthenticatorHookException {
        Principal findLdapUser = findLdapUser(str);
        if (findLdapUser == null) {
            Object[] objArr = {str};
            try {
                Method declaredMethod = DefaultAuthenticator.class.getDeclaredMethod("getUser", String.class);
                declaredMethod.setAccessible(true);
                Object invoke = declaredMethod.invoke(this.authenticator, objArr);
                if (invoke == null) {
                    return null;
                }
                if (!(invoke instanceof Principal)) {
                    throw new AuthenticatorHookException("getUser method did not return a Principal but a " + invoke.getClass().getCanonicalName());
                }
                findLdapUser = (Principal) invoke;
            } catch (IllegalAccessException e) {
                throw new AuthenticatorHookException(e);
            } catch (IllegalArgumentException e2) {
                throw new AuthenticatorHookException(e2);
            } catch (NoSuchMethodException e3) {
                throw new AuthenticatorHookException(e3);
            } catch (SecurityException e4) {
                throw new AuthenticatorHookException(e4);
            } catch (InvocationTargetException e5) {
                throw new AuthenticatorHookException(e5.getCause());
            }
        }
        return findLdapUser;
    }

    protected User findLdapUser(final String str) {
        return (User) this.transactionTemplate.execute(new TransactionCallback<User>() { // from class: com.resolution.atlasplugins.samlsso.ConfluenceAuthenticatorHook.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public User m98doInTransaction() {
                com.atlassian.crowd.model.user.User findUserByName;
                try {
                    Application findByName = ConfluenceAuthenticatorHook.this.getApplicationDao().findByName("crowd-embedded");
                    for (Directory directory : ConfluenceAuthenticatorHook.this.getActiveLdapDirectories(findByName)) {
                        try {
                            ConfluenceAuthenticatorHook.this.logger.debug(String.format("Enumerating directory %s (%s): %s", String.valueOf(directory.getId()), directory.getName(), directory.getDescription()));
                            ConfluenceAuthenticatorHook.this.logger.debug(String.format("The directory is of type %s", directory.getType().toString()));
                            DelegatedAuthenticationDirectory directory2 = ConfluenceAuthenticatorHook.this.getDirectoryLoader().getDirectory(directory);
                            if (directory2 instanceof DelegatedAuthenticationDirectory) {
                                ConfluenceAuthenticatorHook.this.logger.debug("Forcing optional 'Copy User on Login' and 'Group Import' processing.");
                                findUserByName = directory2.addOrUpdateLdapUser(str);
                            } else {
                                ConfluenceAuthenticatorHook.this.logger.debug("Locating user in directory");
                                findUserByName = directory2.findUserByName(str);
                            }
                            ConfluenceAuthenticatorHook.this.triggerUserAuthenticatedEvent(findByName, directory, findUserByName);
                            return new EmbeddedCrowdUser(findUserByName);
                        } catch (OperationFailedException e) {
                            ConfluenceAuthenticatorHook.this.logger.error(String.format("Failed to check directory for user; skipping (%s: %s)", e.getMessage(), e.toString()));
                        } catch (DirectoryInstantiationException e2) {
                            ConfluenceAuthenticatorHook.this.logger.error(String.format("Unable to instantiate the desired RemoteDirectory; skipping (%s: %s)", e2.getMessage(), e2.toString()));
                        } catch (UserNotFoundException e3) {
                            ConfluenceAuthenticatorHook.this.logger.debug("User not found in this directory; skipping.");
                        }
                    }
                    ConfluenceAuthenticatorHook.this.logger.info("The requested username does not appear to be a valid user in any configured LDAP directory.");
                    return null;
                } catch (ApplicationNotFoundException e4) {
                    ConfluenceAuthenticatorHook.this.logger.error(String.format("Unable to load Application singleton %s: %s", e4.getMessage(), e4.toString()));
                    return null;
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void triggerUserAuthenticatedEvent(Application application, Directory directory, com.atlassian.crowd.model.user.User user) {
        this.logger.debug(String.format("Firing UserAuthenticatedEvent for User %s in Directory %s", user.getName(), directory.getName()));
        getEventPublisher().publish(new UserAuthenticatedEvent(getApplicationService(), directory, application, user));
    }

    private ApplicationService getApplicationService() {
        if (this.applicationService == null) {
            this.applicationService = (ApplicationService) ContainerManager.getComponent("crowdApplicationService");
        }
        return this.applicationService;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ApplicationDAO getApplicationDao() {
        if (this.applicationDao == null) {
            this.applicationDao = (ApplicationDAO) ContainerManager.getComponent("embeddedCrowdApplicationDao");
        }
        return this.applicationDao;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Iterable<Directory> getActiveLdapDirectories(Application application) {
        return Iterables.filter(Iterables.transform(application.getDirectoryMappings(), new Function<DirectoryMapping, Directory>() { // from class: com.resolution.atlasplugins.samlsso.ConfluenceAuthenticatorHook.2
            public Directory apply(DirectoryMapping directoryMapping) {
                return directoryMapping.getDirectory();
            }
        }), new Predicate<Directory>() { // from class: com.resolution.atlasplugins.samlsso.ConfluenceAuthenticatorHook.3
            public boolean apply(Directory directory) {
                return directory.isActive() && (directory.getType().equals(DirectoryType.DELEGATING) || directory.getType().equals(DirectoryType.CONNECTOR));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DirectoryInstanceLoader getDirectoryLoader() {
        if (this.directoryLoader == null) {
            this.directoryLoader = (DirectoryInstanceLoader) ContainerManager.getComponent("directoryInstanceLoader");
        }
        return this.directoryLoader;
    }

    protected EventPublisher getEventPublisher() {
        if (this.eventPublisher == null) {
            this.eventPublisher = (EventPublisher) ContainerManager.getInstance().getContainerContext().getComponent("eventPublisher");
        }
        return this.eventPublisher;
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractAuthenticatorHook
    protected DefaultAuthenticator getAuthenticator() {
        return this.authenticator;
    }
}
