package com.atlassian.confluence.user;

import com.atlassian.confluence.event.events.security.LoginEvent;
import com.atlassian.confluence.event.events.security.LoginFailedEvent;
import com.atlassian.confluence.impl.security.recovery.RecoveryUtil;
import com.atlassian.confluence.impl.seraph.AuthenticatorMetrics;
import com.atlassian.confluence.security.seraph.ConfluenceAuthenticatorUtils;
import com.atlassian.confluence.security.seraph.ConfluenceUserPrincipal;
import com.atlassian.confluence.util.MemoizingComponentReference;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
import com.atlassian.crowd.integration.rest.service.factory.RestCrowdHttpAuthenticationFactory;
import com.atlassian.crowd.integration.seraph.CrowdAuthenticator;
import com.atlassian.event.EventManager;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.service.rememberme.RememberMeService;
import com.atlassian.spring.container.ContainerManager;
import com.google.common.annotations.VisibleForTesting;
import io.atlassian.fugue.Suppliers;
import java.security.Principal;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/atlassian/confluence/user/ConfluenceCrowdSSOAuthenticator.class */
public class ConfluenceCrowdSSOAuthenticator extends CrowdAuthenticator {

    @Deprecated
    private final Supplier<EventManager> eventManagerRef;
    private final Supplier<EventPublisher> eventPublisherRef;
    private final Supplier<UserAccessor> userAccessorRef;
    private final Supplier<RememberMeService> rememberMeServiceRef;
    private final ConfluenceAuthenticator simpleAuthenticator;
    private final Supplier<CrowdDirectoryService> crowdDirectoryServiceRef;

    public ConfluenceCrowdSSOAuthenticator() {
        this(RestCrowdHttpAuthenticationFactory.getAuthenticator(), componentSupplier("userAccessor"), componentSupplier("eventPublisher"), componentSupplier("crowdService"), componentSupplier("crowdDirectoryService"), Optional.empty(), new ConfluenceAuthenticator());
    }

    @VisibleForTesting
    ConfluenceCrowdSSOAuthenticator(CrowdHttpAuthenticator crowdHttpAuthenticator, Supplier<UserAccessor> supplier, Supplier<EventPublisher> supplier2, Supplier<CrowdService> supplier3, Supplier<CrowdDirectoryService> supplier4, Optional<RememberMeService> optional, ConfluenceAuthenticator confluenceAuthenticator) {
        super(crowdHttpAuthenticator, supplier3);
        this.eventManagerRef = componentSupplier("eventManager");
        this.userAccessorRef = supplier;
        this.eventPublisherRef = supplier2;
        this.crowdDirectoryServiceRef = supplier4;
        Supplier supplier5 = () -> {
            return super.getRememberMeService();
        };
        this.rememberMeServiceRef = () -> {
            return (RememberMeService) optional.orElseGet(supplier5);
        };
        this.simpleAuthenticator = confluenceAuthenticator;
    }

    public void init(Map<String, String> map, SecurityConfig securityConfig) {
        super.init(map, securityConfig);
        this.simpleAuthenticator.init(map, securityConfig);
    }

    public Principal getUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Principal principal;
        Supplier memoize = Suppliers.memoize(() -> {
            return this.simpleAuthenticator.getUser(httpServletRequest, httpServletResponse);
        });
        return (RecoveryUtil.isRecoveryMode() && (principal = (Principal) memoize.get()) != null && RecoveryUtil.isRecoveryAdmin(principal.getName())) ? principal : !isSSOEnabled() ? (Principal) memoize.get() : (Principal) AuthenticatorMetrics.measureGetUser(() -> {
            return super.getUser(httpServletRequest, httpServletResponse);
        });
    }

    protected void logoutUser(HttpServletRequest httpServletRequest) {
    }

    protected Principal getUser(String str) {
        return users().getUserByName(str);
    }

    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticatorException {
        if (!isSSOEnabled() || RecoveryUtil.isRecoveryAdmin(str)) {
            return this.simpleAuthenticator.login(httpServletRequest, httpServletResponse, str, str2, z);
        }
        boolean login = super.login(httpServletRequest, httpServletResponse, str, str2, z);
        if (!login) {
            fireLoginEvent(httpServletRequest, str, false);
        }
        return login;
    }

    private void fireLoginEvent(HttpServletRequest httpServletRequest, String str, boolean z) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String remoteHost = httpServletRequest.getRemoteHost();
        String id = httpServletRequest.getSession().getId();
        events().publish(z ? new LoginEvent(this, str, id, remoteHost, remoteAddr, LoginEvent.CROWD) : new LoginFailedEvent(this, str, id, remoteHost, remoteAddr));
    }

    private EventPublisher events() {
        return this.eventPublisherRef.get();
    }

    @Deprecated
    protected EventManager getEventManager() {
        return this.eventManagerRef.get();
    }

    @Deprecated
    protected UserAccessor getUserAccessor() {
        return users();
    }

    private UserAccessor users() {
        return this.userAccessorRef.get();
    }

    protected RememberMeService getRememberMeService() {
        return this.rememberMeServiceRef.get();
    }

    protected boolean authoriseUserAndEstablishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) {
        boolean authoriseUserAndEstablishSession = super.authoriseUserAndEstablishSession(httpServletRequest, httpServletResponse, principal);
        if (authoriseUserAndEstablishSession) {
            fireLoginEvent(httpServletRequest, principal.getName(), true);
        }
        return authoriseUserAndEstablishSession;
    }

    protected boolean isPrincipalAlreadyInSessionContext(HttpServletRequest httpServletRequest, Principal principal) {
        return ConfluenceAuthenticatorUtils.isPrincipalAlreadyInSessionContext(httpServletRequest, principal);
    }

    protected void putPrincipalInSessionContext(HttpServletRequest httpServletRequest, Principal principal) {
        super.putPrincipalInSessionContext(httpServletRequest, ConfluenceUserPrincipal.of(principal));
    }

    protected Principal refreshPrincipalObtainedFromSession(HttpServletRequest httpServletRequest, Principal principal) {
        return ConfluenceAuthenticatorUtils.refreshPrincipalObtainedFromSession(users(), principal);
    }

    private static <T> Supplier<T> componentSupplier(String str) {
        return MemoizingComponentReference.containerComponent(str);
    }

    @VisibleForTesting
    public boolean isCrowdSetup() {
        if (ContainerManager.isContainerSetup()) {
            return this.crowdDirectoryServiceRef.get().findAllDirectories().stream().anyMatch(directory -> {
                return directory.isActive() && directory.getType().equals(DirectoryType.CROWD);
            });
        }
        return false;
    }

    private boolean isSSOEnabled() {
        return isCrowdSetup();
    }
}
