package com.atlassian.confluence.user.actions;

import com.atlassian.confluence.event.events.security.LogoutEvent;
import com.atlassian.confluence.util.SeraphUtils;
import com.atlassian.event.EventManager;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.opensymphony.webwork.ServletActionContext;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/user/actions/AuthenticationHelper.class */
public class AuthenticationHelper {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationHelper.class);

    public static boolean logout(Principal principal, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, EventManager eventManager, Object obj) {
        try {
            if (!SecurityConfigFactory.getInstance().getAuthenticator().logout(httpServletRequest, httpServletResponse)) {
                return false;
            }
            if (principal != null) {
                publishLogoutEvent(principal, httpServletRequest, eventManager, obj);
            }
            invalidateSession(httpServletRequest);
            return true;
        } catch (Exception e) {
            log.error(e.getMessage());
            return false;
        }
    }

    private static void publishLogoutEvent(Principal principal, HttpServletRequest httpServletRequest, EventManager eventManager, Object obj) {
        HttpSession session = httpServletRequest.getSession();
        try {
            eventManager.publishEvent(new LogoutEvent(obj, principal.getName(), session.getId(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemoteAddr()));
        } catch (IllegalStateException e) {
            log.debug("Failed to publish logout event due to invalid session");
        }
    }

    private static void invalidateSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        clearUnsafeValuesFromSession(session);
        if (Boolean.getBoolean("com.atlassian.logout.invalidatesession")) {
            log.warn("System property 'com.atlassian.logout.invalidatesession' no longer has any effect. Sessions are invalidated by default. You can remove it from your configuration.");
        }
        if (Boolean.getBoolean("com.atlassian.logout.disable.session.invalidation")) {
            return;
        }
        try {
            session.invalidate();
        } catch (IllegalStateException e) {
            log.debug("Cannot invalidate already invalid session");
        }
    }

    private static void clearUnsafeValuesFromSession(HttpSession httpSession) {
        try {
            Stream<String> stream = getNonSeraphAttributeKeys(httpSession).stream();
            httpSession.getClass();
            stream.forEach(httpSession::removeAttribute);
        } catch (IllegalStateException e) {
            log.debug("Failed to clear unsafe values from session - session is already invalid");
        }
    }

    private static List<String> getNonSeraphAttributeKeys(HttpSession httpSession) {
        return (List) Collections.list(httpSession.getAttributeNames()).stream().filter(str -> {
            if (str.startsWith("seraph")) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("Not removing seraph value from session on logout: " + str + " value: " + httpSession.getAttribute(str));
                return false;
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Removing value from session on logout: " + str + " value: " + httpSession.getAttribute(str));
            return true;
        }).collect(Collectors.toList());
    }

    public static String getLoginUrl() {
        HttpServletRequest request = ServletActionContext.getRequest();
        String defaultString = StringUtils.defaultString(request.getContextPath());
        String loginURL = SeraphUtils.getLoginURL(request);
        if (log.isDebugEnabled()) {
            log.debug("Seraph login.url is " + loginURL);
        }
        if (StringUtils.isNotEmpty(defaultString) && StringUtils.defaultString(loginURL).startsWith(defaultString)) {
            loginURL = loginURL.substring(defaultString.length());
        }
        return loginURL;
    }
}
