package com.atlassian.confluence.authenticator.siteminder;

import com.atlassian.confluence.event.events.security.LoginEvent;
import com.atlassian.confluence.event.events.security.LoginFailedEvent;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.ConfluenceAuthenticator;
import com.atlassian.crowd.directory.DelegatedAuthenticationDirectory;
import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.exception.DirectoryInstantiationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.user.EntityException;
import com.atlassian.user.Group;
import com.atlassian.user.GroupManager;
import com.atlassian.user.User;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataAccessException;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionTemplate;

/* loaded from: input_file:com/atlassian/confluence/authenticator/siteminder/SiteMinderAuthenticator.class */
public class SiteMinderAuthenticator extends ConfluenceAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(SiteMinderAuthenticator.class);
    private static final String USER_HEADER_PARAM = "user.header";
    private static final String DEFAULT_USER_HEADER = "remote_user";
    private static final String DEFAULT_CONFLUENCE_GROUP = "confluence-users";
    private GroupManager groupManager;
    private PermissionManager permissionManager;
    private DirectoryManager directoryManager;
    private DirectoryInstanceLoader directoryInstanceLoader;
    private String userHeader = DEFAULT_USER_HEADER;

    public void init(Map<String, String> map, SecurityConfig securityConfig) {
        super.init(map, securityConfig);
        this.userHeader = map.containsKey(USER_HEADER_PARAM) ? map.get(USER_HEADER_PARAM) : DEFAULT_USER_HEADER;
    }

    public Principal getUser(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        log.debug("Starting SiteMinder Authentication for: {}", httpServletRequest.getRequestURI());
        final HttpSession session = httpServletRequest.getSession(false);
        if (session != null && session.getAttribute("seraph_defaultauthenticator_user") != null) {
            Principal principal = (Principal) session.getAttribute("seraph_defaultauthenticator_user");
            log.debug("{} is already logged in.", principal.getName());
            return principal;
        }
        if (log.isDebugEnabled()) {
            Iterator it = Collections.list(httpServletRequest.getHeaderNames()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                log.debug("Request header: {}: {}", str, httpServletRequest.getHeader(str));
            }
        }
        final String header = httpServletRequest.getHeader(this.userHeader);
        if (header != null && header.length() > 0) {
            return (Principal) new TransactionTemplate(getTransactionManager()).execute(new TransactionCallback() { // from class: com.atlassian.confluence.authenticator.siteminder.SiteMinderAuthenticator.1
                /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
                public Principal m1doInTransaction(TransactionStatus transactionStatus) {
                    String remoteAddr = httpServletRequest.getRemoteAddr();
                    String remoteHost = httpServletRequest.getRemoteHost();
                    User user = SiteMinderAuthenticator.this.getUser(header);
                    if (user == null) {
                        SiteMinderAuthenticator.this.authenticationFailure(header, session != null ? session.getId() : null, remoteHost, remoteAddr);
                        return null;
                    }
                    HttpSession session2 = httpServletRequest.getSession();
                    session2.setAttribute("seraph_defaultauthenticator_user", user);
                    session2.setAttribute("seraph_defaultauthenticator_logged_out_user", (Object) null);
                    SiteMinderAuthenticator.this.authenticationSuccessful(user, session2.getId(), remoteHost, remoteAddr);
                    return user;
                }
            });
        }
        log.error("User was null or empty, cannot perform authentication");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authenticationSuccessful(User user, String str, String str2, String str3) {
        String name = user.getName();
        getEventPublisher().publish(new LoginEvent(this, name, str, str2, str3));
        log.info("{} logged into Confluence.", name);
        addUserToGroup(user, DEFAULT_CONFLUENCE_GROUP);
    }

    public void authenticationFailure(String str, String str2, String str3, String str4) {
        getEventPublisher().publish(new LoginFailedEvent(this, str, str2, str3, str4));
        log.info("{} failed to log into Confluence.", str);
    }

    protected void addUserToGroup(User user, String str) {
        log.debug("Checking whether user has permission to access Confluence already: {}", user.getName());
        if (getPermissionManager().hasPermission(user, Permission.VIEW, PermissionManager.TARGET_APPLICATION)) {
            log.debug("User already has USE permission: {}", user.getName());
            return;
        }
        try {
            log.debug("Adding user {} to group {}", user.getName(), str);
            Group group = getGroupManager().getGroup(str);
            if (!getGroupManager().hasMembership(group, user)) {
                getGroupManager().addMembership(group, user);
            }
            log.debug("User added successfully");
        } catch (EntityException e) {
            log.error("Failed to add " + user + " to " + str + ": " + e.getMessage(), e);
        }
    }

    protected Principal getUser(final String str) {
        return (Principal) new TransactionTemplate(getTransactionManager()).execute(new TransactionCallback() { // from class: com.atlassian.confluence.authenticator.siteminder.SiteMinderAuthenticator.2
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Principal m2doInTransaction(TransactionStatus transactionStatus) {
                for (DelegatedAuthenticationDirectory delegatedAuthenticationDirectory : SiteMinderAuthenticator.this.getDelegatedAuthenticationDirectories()) {
                    try {
                        SiteMinderAuthenticator.log.debug("Adding/updating user [ {} ] from delegated LDAP directory: {}", str, delegatedAuthenticationDirectory);
                        delegatedAuthenticationDirectory.addOrUpdateLdapUser(str);
                    } catch (OperationFailedException e) {
                        SiteMinderAuthenticator.log.warn("Couldn't access LDAP server to update user details: " + str + ": " + e.getMessage());
                    } catch (UserNotFoundException e2) {
                        SiteMinderAuthenticator.log.warn("User not found in LDAP: {}", str);
                    } catch (DataAccessException e3) {
                        SiteMinderAuthenticator.log.error("Error when checking delegated LDAP directories for user: " + str + ": " + e3.getMessage());
                    }
                }
                return SiteMinderAuthenticator.super.getUser(str);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<DelegatedAuthenticationDirectory> getDelegatedAuthenticationDirectories() {
        ArrayList newArrayList = Lists.newArrayList();
        for (Directory directory : getActiveDelegatingDirectories()) {
            try {
                DelegatedAuthenticationDirectory directory2 = getDirectoryInstanceLoader().getDirectory(directory);
                if (directory2 instanceof DelegatedAuthenticationDirectory) {
                    newArrayList.add(directory2);
                }
            } catch (DirectoryInstantiationException e) {
                log.debug("Directory couldn't be instantiated. Ignoring. {}", directory);
            }
        }
        return newArrayList;
    }

    private List<Directory> getActiveDelegatingDirectories() {
        List<Directory> findAllDirectories = getDirectoryManager().findAllDirectories();
        ImmutableList.Builder builder = ImmutableList.builder();
        for (Directory directory : findAllDirectories) {
            if (directory.isActive() && directory.getType() == DirectoryType.DELEGATING) {
                builder.add(directory);
            }
        }
        return builder.build();
    }

    private DirectoryManager getDirectoryManager() {
        if (this.directoryManager == null) {
            this.directoryManager = (DirectoryManager) ContainerManager.getInstance().getContainerContext().getComponent("crowdDirectoryManager");
        }
        return this.directoryManager;
    }

    private DirectoryInstanceLoader getDirectoryInstanceLoader() {
        if (this.directoryInstanceLoader == null) {
            this.directoryInstanceLoader = (DirectoryInstanceLoader) ContainerManager.getInstance().getContainerContext().getComponent("directoryInstanceLoader");
        }
        return this.directoryInstanceLoader;
    }

    protected PermissionManager getPermissionManager() {
        if (this.permissionManager == null) {
            this.permissionManager = (PermissionManager) ContainerManager.getComponent("permissionManager");
        }
        return this.permissionManager;
    }

    protected GroupManager getGroupManager() {
        if (this.groupManager == null) {
            this.groupManager = (GroupManager) ContainerManager.getComponent("groupManager");
        }
        return this.groupManager;
    }

    private PlatformTransactionManager getTransactionManager() {
        return (PlatformTransactionManager) ContainerManager.getComponent("transactionManager");
    }
}
