package com.atlassian.stash.internal.auth;

import com.atlassian.bitbucket.auth.Authentication;
import com.atlassian.bitbucket.auth.AuthenticationException;
import com.atlassian.bitbucket.auth.AuthenticationService;
import com.atlassian.bitbucket.auth.HttpAuthenticationContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationHandler;
import com.atlassian.bitbucket.auth.HttpAuthenticationHandlerModuleDescriptor;
import com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException;
import com.atlassian.bitbucket.auth.SimpleAuthentication;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.NoSuchUserException;
import com.atlassian.bitbucket.util.ModuleDescriptorUtils;
import com.atlassian.plugin.PluginAccessor;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.permission.PermissionVoterFactory;
import com.atlassian.stash.internal.user.CaptchaService;
import com.atlassian.stash.internal.user.StashUserAuthenticationToken;
import com.atlassian.stash.internal.web.FakeHttpServletRequest;
import com.atlassian.stash.internal.web.FakeHttpServletResponse;
import java.io.Serializable;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional(propagation = Propagation.SUPPORTS, noRollbackFor = {AuthenticationException.class, NoSuchUserException.class})
@AvailableToPlugins(AuthenticationService.class)
@Component("authenticationService")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-5.16.0.jar:com/atlassian/stash/internal/auth/DefaultAuthenticationService.class */
public class DefaultAuthenticationService implements InternalAuthenticationService {
    private static final String CAPTCHA = "captcha";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultAuthenticationService.class);
    private final CaptchaService captchaService;
    private final I18nService i18nService;
    private final PluginAccessor pluginAccessor;
    private final PermissionVoterFactory voterFactory;

    @Autowired
    public DefaultAuthenticationService(CaptchaService captchaService, I18nService i18nService, PluginAccessor pluginAccessor, PermissionVoterFactory permissionVoterFactory) {
        this.captchaService = captchaService;
        this.i18nService = i18nService;
        this.pluginAccessor = pluginAccessor;
        this.voterFactory = permissionVoterFactory;
    }

    @Override // com.atlassian.bitbucket.auth.AuthenticationService
    @Nonnull
    @Unsecured("This needs to be available to unauthenticated contexts")
    public Authentication authenticate(@Nonnull String str, @Nonnull String str2) {
        return authenticateInternal(str, str2, false);
    }

    @Override // com.atlassian.stash.internal.auth.InternalAuthenticationService
    @Nonnull
    @Unsecured("This needs to be available to unauthenticated contexts")
    public Optional<StashUserAuthenticationToken> authenticate(@Nonnull HttpAuthenticationContext httpAuthenticationContext) {
        return authenticateInternal(httpAuthenticationContext, true);
    }

    @Override // com.atlassian.bitbucket.auth.AuthenticationService
    @Nonnull
    @Unsecured("This needs to be available to unauthenticated contexts")
    public Authentication authenticateWithCaptcha(@Nonnull String str, @Nonnull String str2) {
        return authenticateInternal(str, str2, true);
    }

    @Override // com.atlassian.bitbucket.auth.AuthenticationService
    @Nonnull
    public Authentication clear() {
        Authentication authentication = get();
        SecurityContextHolder.clearContext();
        return authentication;
    }

    @Override // com.atlassian.bitbucket.auth.AuthenticationService
    @Nonnull
    public Authentication get() {
        org.springframework.security.core.Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication instanceof Authentication ? (Authentication) authentication : Authentication.ANONYMOUS;
    }

    @Override // com.atlassian.bitbucket.auth.AuthenticationService
    @Nonnull
    public Authentication set(@Nonnull Authentication authentication) {
        StashUserAuthenticationToken build;
        Authentication authentication2 = get();
        if (authentication instanceof StashUserAuthenticationToken) {
            build = (StashUserAuthenticationToken) authentication;
        } else {
            build = new StashUserAuthenticationToken.Builder().properties(authentication.getProperties()).user(authentication.getUser().orElse(null)).voter(this.voterFactory.create(authentication)).build();
        }
        SecurityContextHolder.getContext().setAuthentication(build);
        return authentication2;
    }

    private Authentication authenticateInternal(String str, String str2, boolean z) {
        log.debug("Authenticating user: {}", str);
        return authenticateInternal(new DefaultHttpAuthenticationContext(new FakeHttpServletRequest(), new FakeHttpServletResponse(), (servletRequest, servletResponse) -> {
        }, "basic", str, str2), z).orElseThrow(this::badCredentials);
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0139  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x010f A[SYNTHETIC] */
    @javax.annotation.Nonnull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Optional<com.atlassian.stash.internal.user.StashUserAuthenticationToken> authenticateInternal(@javax.annotation.Nonnull com.atlassian.bitbucket.auth.HttpAuthenticationContext r6, boolean r7) {
        /*
            Method dump skipped, instructions count: 426
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.atlassian.stash.internal.auth.DefaultAuthenticationService.authenticateInternal(com.atlassian.bitbucket.auth.HttpAuthenticationContext, boolean):java.util.Optional");
    }

    private AuthenticationException badCredentials() {
        throw new IncorrectPasswordAuthenticationException(this.i18nService.createKeyedMessage("bitbucket.service.user.authenticationfailed", new Object[0]));
    }

    private StashUserAuthenticationToken createAuthenticationToken(@Nonnull ApplicationUser applicationUser, @Nonnull Map<String, Serializable> map) {
        return new StashUserAuthenticationToken.Builder().properties(map).user(applicationUser).voter(this.voterFactory.create(new SimpleAuthentication.Builder((ApplicationUser) Objects.requireNonNull(applicationUser, "user")).properties((Map) Objects.requireNonNull(map, "properties")).build())).build();
    }

    private CaptchaResponse extractCaptchaResponse(HttpAuthenticationContext httpAuthenticationContext) {
        HttpSession session = httpAuthenticationContext.getRequest().getSession(false);
        String id = session == null ? null : session.getId();
        String trimToNull = StringUtils.trimToNull(httpAuthenticationContext.getRequest().getParameter(CAPTCHA));
        if (!StringUtils.isNotEmpty(id) || trimToNull == null) {
            return null;
        }
        return new CaptchaResponse(id, trimToNull);
    }

    private Iterable<HttpAuthenticationHandlerModuleDescriptor> getSortedAuthenticationModuleDescriptors() {
        return (Iterable) this.pluginAccessor.getEnabledModuleDescriptorsByClass(HttpAuthenticationHandlerModuleDescriptor.class).stream().sorted().collect(Collectors.toList());
    }

    private HttpAuthenticationHandler instantiateModule(HttpAuthenticationHandlerModuleDescriptor httpAuthenticationHandlerModuleDescriptor) {
        return (HttpAuthenticationHandler) ModuleDescriptorUtils.toModule().apply(httpAuthenticationHandlerModuleDescriptor);
    }

    private boolean isCredentialsProvided(HttpAuthenticationContext httpAuthenticationContext) {
        Object credentials = httpAuthenticationContext.getCredentials();
        return StringUtils.isNotBlank(httpAuthenticationContext.getUsername()) && (credentials instanceof String) && StringUtils.isNotEmpty((String) credentials);
    }
}
