package com.atlassian.confluence.user;

import com.atlassian.confluence.event.events.security.LoginEvent;
import com.atlassian.confluence.event.events.security.LoginFailedEvent;
import com.atlassian.confluence.security.seraph.ConfluenceAuthenticatorUtils;
import com.atlassian.confluence.security.seraph.ConfluenceUserPrincipal;
import com.atlassian.confluence.setup.SetupContext;
import com.atlassian.crowd.exception.runtime.CommunicationException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.seraph.auth.AuthenticationContextAwareAuthenticator;
import com.atlassian.seraph.auth.AuthenticationErrorType;
import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.auth.DefaultAuthenticator;
import com.atlassian.spring.container.ContainerManager;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.PartialResultException;

@AuthenticationContextAwareAuthenticator
/* loaded from: input_file:com/atlassian/confluence/user/ConfluenceAuthenticator.class */
public class ConfluenceAuthenticator extends DefaultAuthenticator {
    private static final String DIRECT_LOGIN = "com.atlassian.confluence.login.direct";
    private static final Logger log = LoggerFactory.getLogger(ConfluenceAuthenticator.class);
    private EventPublisher eventPublisher;
    private UserAccessor userAccessor;

    public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticatorException {
        AuthenticatedUserThreadLocal.set(null);
        return super.logout(httpServletRequest, httpServletResponse);
    }

    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticatorException {
        if (str == null || SetupContext.isAvailable()) {
            return false;
        }
        httpServletRequest.setAttribute(DIRECT_LOGIN, true);
        boolean login = super.login(httpServletRequest, httpServletResponse, str, str2, z);
        if (!login) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            getEventPublisher().publish(new LoginFailedEvent(this, str, httpServletRequest.getSession().getId(), httpServletRequest.getRemoteHost(), remoteAddr));
        }
        return login;
    }

    protected boolean authenticate(Principal principal, String str) throws AuthenticatorException {
        String name = principal.getName();
        try {
            return getUserAccessor().authenticate(name, str);
        } catch (CommunicationException e) {
            log.warn("CommunicationException caught while authenticating user <" + name + ">", e);
            throw new AuthenticatorException(AuthenticationErrorType.CommunicationError);
        } catch (OperationFailedException e2) {
            String str2 = "OperationFailedException caught while authenticating user <" + name + ">. ";
            if (e2.getCause() instanceof PartialResultException) {
                str2 = str2 + "\n You may need to disable the 'Follow Referrals' option in your LDAP configuration. See http://confluence.atlassian.com/x/0QMMDg";
            }
            log.warn(str2, e2);
            throw new AuthenticatorException(AuthenticationErrorType.UnknownError);
        }
    }

    protected boolean isPrincipalAlreadyInSessionContext(HttpServletRequest httpServletRequest, Principal principal) {
        return ConfluenceAuthenticatorUtils.isPrincipalAlreadyInSessionContext(httpServletRequest, principal);
    }

    protected void putPrincipalInSessionContext(HttpServletRequest httpServletRequest, Principal principal) {
        super.putPrincipalInSessionContext(httpServletRequest, ConfluenceUserPrincipal.of(principal));
    }

    protected Principal refreshPrincipalObtainedFromSession(HttpServletRequest httpServletRequest, Principal principal) {
        return ConfluenceAuthenticatorUtils.refreshPrincipalObtainedFromSession(getUserAccessor(), principal);
    }

    protected EventPublisher getEventPublisher() {
        if (this.eventPublisher == null) {
            this.eventPublisher = (EventPublisher) ContainerManager.getInstance().getContainerContext().getComponent("eventPublisher");
        }
        return this.eventPublisher;
    }

    public void setUserAccessor(UserAccessor userAccessor) {
        this.userAccessor = userAccessor;
    }

    protected UserAccessor getUserAccessor() {
        if (this.userAccessor == null) {
            this.userAccessor = (UserAccessor) ContainerManager.getComponent("userAccessor");
        }
        return this.userAccessor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getUser, reason: merged with bridge method [inline-methods] */
    public ConfluenceUser m1367getUser(String str) {
        return getUserAccessor().getUserByName(str);
    }

    public Principal getUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return super.getUser(httpServletRequest, httpServletResponse);
    }

    protected boolean authoriseUserAndEstablishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) {
        boolean authoriseUserAndEstablishSession = super.authoriseUserAndEstablishSession(httpServletRequest, httpServletResponse, principal);
        if (authoriseUserAndEstablishSession) {
            Boolean bool = (Boolean) httpServletRequest.getAttribute(DIRECT_LOGIN);
            boolean z = bool != null && bool.booleanValue();
            String remoteAddr = httpServletRequest.getRemoteAddr();
            getEventPublisher().publish(new LoginEvent(this, principal.getName(), httpServletRequest.getSession().getId(), httpServletRequest.getRemoteHost(), remoteAddr, z ? LoginEvent.DIRECT : LoginEvent.COOKIE));
        }
        httpServletRequest.removeAttribute(DIRECT_LOGIN);
        return authoriseUserAndEstablishSession;
    }
}
