package com.resolution.atlasplugins.samlsso.jira;

import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.event.user.LoginEvent;
import com.atlassian.jira.security.login.LoginStore;
import com.atlassian.jira.security.login.LoginStoreImpl;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.resolution.atlasplugins.samlsso.AbstractAuthenticatorHook;
import com.resolution.atlasplugins.samlsso.AuthenticatorHookException;
import com.resolution.atlasplugins.samlsso.Defaults;
import com.resolution.atlasplugins.samlsso.configuration.PluginConfiguration;
import com.resolution.atlasplugins.samlsso.jira.compatibility.JIRA6LoginNotificator;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/jira/JIRAAuthenticatorHook.class */
public class JIRAAuthenticatorHook extends AbstractAuthenticatorHook {
    private final Logger logger = LoggerFactory.getLogger(JIRAAuthenticatorHook.class);
    private final TransactionTemplate transactionTemplate;
    private final DefaultAuthenticator authenticator;
    private final EventPublisher eventPublisher;
    private final CrowdService crowdService;
    private final CrowdDirectoryService crowdDirectoryService;
    private final LoginStore loginStore;
    private final PluginConfiguration pluginConfiguration;
    private final UserManager userManager;
    private final boolean isJIRA6;

    public JIRAAuthenticatorHook(PluginConfiguration pluginConfiguration, TransactionTemplate transactionTemplate, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, UserManager userManager, ApplicationProperties applicationProperties) {
        this.pluginConfiguration = pluginConfiguration;
        this.transactionTemplate = transactionTemplate;
        this.eventPublisher = eventPublisher;
        this.crowdService = crowdService;
        this.crowdDirectoryService = crowdDirectoryService;
        this.userManager = userManager;
        DefaultAuthenticator authenticator = SecurityConfigFactory.getInstance().getAuthenticator();
        this.isJIRA6 = applicationProperties.getVersion().startsWith("6");
        this.logger.debug("JIRA Version is {}, so isJIRA6 is {}", applicationProperties.getVersion(), Boolean.valueOf(this.isJIRA6));
        if (!(authenticator instanceof DefaultAuthenticator)) {
            this.authenticator = null;
            throw new AuthenticatorHookException("This authenticator of type " + this.authenticator.getClass().getCanonicalName() + "is not a DefaultAuthenticator.");
        }
        this.authenticator = authenticator;
        this.loginStore = (LoginStore) ComponentAccessor.getComponent(LoginStoreImpl.class);
        if (this.loginStore == null) {
            this.logger.error("Retrieving the LoginStore failed!");
        }
    }

    @Override // com.resolution.atlasplugins.samlsso.AuthenticatorHook
    public boolean isLoggedInUser() {
        return ComponentAccessor.getJiraAuthenticationContext().isLoggedInUser();
    }

    @Override // com.resolution.atlasplugins.samlsso.AuthenticatorHook
    public boolean authoriseUserAndEstablishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticatorHookException {
        User user = getUser(str);
        ApplicationUser userByName = this.userManager.getUserByName(str);
        if (user == null || userByName == null) {
            this.logger.debug("User " + str + " was not found.");
            return false;
        }
        this.logger.debug("Principal name is: " + user.getName() + ", class is: " + user.getClass().getCanonicalName());
        try {
            Object[] objArr = {httpServletRequest, httpServletResponse, user};
            Method declaredMethod = DefaultAuthenticator.class.getDeclaredMethod("authoriseUserAndEstablishSession", HttpServletRequest.class, HttpServletResponse.class, Principal.class);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(this.authenticator, objArr);
            if (!(invoke instanceof Boolean)) {
                throw new AuthenticatorHookException("Authenticator method did not return a boolean, but a " + invoke.getClass().getCanonicalName());
            }
            boolean booleanValue = ((Boolean) invoke).booleanValue();
            this.logger.debug("authoriseUserAndEstablishSession returned " + booleanValue);
            if (booleanValue) {
                this.eventPublisher.publish(this.isJIRA6 ? JIRA6LoginNotificator.createLoginEvent(user) : new LoginEvent(userByName));
            } else if (this.pluginConfiguration.isEnableUserForLogin()) {
                String userGroupForEnablement = this.pluginConfiguration.getUserGroupForEnablement();
                if (addUserGroup(user, userGroupForEnablement)) {
                    boolean booleanValue2 = ((Boolean) declaredMethod.invoke(this.authenticator, objArr)).booleanValue();
                    removeUserFromGroup(user, userGroupForEnablement);
                    if (booleanValue) {
                        this.eventPublisher.publish(this.isJIRA6 ? JIRA6LoginNotificator.createLoginEvent(user) : new LoginEvent(userByName));
                    }
                    booleanValue = booleanValue2;
                }
            }
            if (this.isJIRA6) {
                JIRA6LoginNotificator.recordLoginEvent(user, this.loginStore, booleanValue);
            } else {
                this.loginStore.recordLoginAttempt(userByName, booleanValue);
            }
            return booleanValue;
        } catch (IllegalAccessException e) {
            throw new AuthenticatorHookException(e);
        } catch (IllegalArgumentException e2) {
            throw new AuthenticatorHookException(e2);
        } catch (NoSuchMethodException e3) {
            throw new AuthenticatorHookException(e3);
        } catch (SecurityException e4) {
            throw new AuthenticatorHookException(e4);
        } catch (InvocationTargetException e5) {
            throw new AuthenticatorHookException(e5.getCause());
        }
    }

    protected boolean addUserGroup(User user, String str) {
        try {
            this.logger.debug("Adding {} to {}", user.getName(), str);
            return this.crowdService.addUserToGroup(user, this.crowdService.getGroup(str));
        } catch (Exception e) {
            this.logger.warn("Could not add {} to {}", new Object[]{user.getName(), str, e});
            return false;
        }
    }

    protected boolean removeUserFromGroup(User user, String str) {
        try {
            this.logger.debug("Removing {} from {}", user.getName(), str);
            return this.crowdService.removeUserFromGroup(user, this.crowdService.getGroup(str));
        } catch (Exception e) {
            this.logger.warn("Could not remove {} from {}", new Object[]{user.getName(), str, e});
            return false;
        }
    }

    protected User getUser(final String str) throws AuthenticatorHookException {
        return (User) this.transactionTemplate.execute(new TransactionCallback<User>() { // from class: com.resolution.atlasplugins.samlsso.jira.JIRAAuthenticatorHook.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public User m40doInTransaction() {
                DirectoryManager directoryManager = (DirectoryManager) ComponentAccessor.getComponent(DirectoryManager.class);
                User user = null;
                Directory directory = null;
                for (Directory directory2 : JIRAAuthenticatorHook.this.crowdDirectoryService.findAllDirectories()) {
                    if (user == null) {
                        try {
                            user = directoryManager.findUserByName(directory2.getId().longValue(), str);
                            directory = directory2;
                            JIRAAuthenticatorHook.this.logger.debug("Found user {} in directory {}", user.getName(), directory2.getName());
                        } catch (UserNotFoundException e) {
                            JIRAAuthenticatorHook.this.logger.debug("User was not found in {}.", directory2.getName());
                        } catch (Exception e2) {
                            JIRAAuthenticatorHook.this.logger.error("Finding the user in directory {} failed", directory2.getName(), e2);
                            e2.printStackTrace();
                        }
                    } else {
                        JIRAAuthenticatorHook.this.logger.debug("Already found user {}, skipping directory {}", str, directory2.getName());
                    }
                }
                User user2 = user;
                List<String> emptyList = Collections.emptyList();
                if (directory != null && directory.getType() == DirectoryType.CONNECTOR) {
                    String value = directory.getValue("autoAddGroups");
                    JIRAAuthenticatorHook.this.logger.debug("autoAddGroups for directory {} are {}", directory.getName(), value);
                    if (value != null && !value.trim().isEmpty()) {
                        emptyList = Arrays.asList(value.split(Defaults.LIST_SEPARATOR));
                    }
                }
                if (user2 == null || !user2.isActive()) {
                    JIRAAuthenticatorHook.this.logger.warn("User {} was not found in any configured user directory", str);
                    return null;
                }
                for (String str2 : emptyList) {
                    JIRAAuthenticatorHook.this.logger.trace("Checking whether user ins member of {}", str2);
                    if (str2.trim().isEmpty()) {
                        JIRAAuthenticatorHook.this.logger.warn("groupName is empty, skipping");
                    } else {
                        Group group = JIRAAuthenticatorHook.this.crowdService.getGroup(str2);
                        if (group != null && !JIRAAuthenticatorHook.this.crowdService.isUserMemberOfGroup(user2, group)) {
                            try {
                                if (JIRAAuthenticatorHook.this.crowdService.addUserToGroup(user2, group)) {
                                    JIRAAuthenticatorHook.this.logger.debug("added {} to group {}", user2.getName(), group.getName());
                                }
                            } catch (Exception e3) {
                                throw new AuthenticatorHookException("Adding " + user2.getName() + " to group " + group.getName() + " failed", e3);
                            }
                        }
                    }
                }
                return user2;
            }
        });
    }

    @Override // com.resolution.atlasplugins.samlsso.AbstractAuthenticatorHook
    protected DefaultAuthenticator getAuthenticator() {
        return this.authenticator;
    }
}
