package com.atlassian.plugins.authentication.impl.web.saml;

import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugin.webresource.WebResourceUrlProvider;
import com.atlassian.plugins.authentication.impl.config.saml.SamlConfigService;
import com.atlassian.plugins.authentication.impl.util.ApplicationStateValidator;
import com.atlassian.plugins.authentication.impl.util.PluginData;
import com.atlassian.plugins.authentication.impl.web.AuthenticationHandler;
import com.atlassian.plugins.authentication.impl.web.saml.provider.SamlProvider;
import com.atlassian.plugins.authentication.impl.web.saml.provider.SamlRequest;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.soy.renderer.SoyTemplateRenderer;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.net.URI;
import java.util.UUID;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-authentication-plugin-2.1.0.jar:com/atlassian/plugins/authentication/impl/web/saml/SamlAuthenticationHandler.class */
public class SamlAuthenticationHandler implements AuthenticationHandler {
    public static final int COOKIE_WITH_FRAGMENT_MAXIMUM_AGE = 5;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SamlAuthenticationHandler.class);
    private final SamlProvider samlProvider;
    private final SessionDataService sessionDataService;
    private final ApplicationStateValidator applicationStateValidator;
    private final SamlConfigService samlConfigService;
    private final SoyTemplateRenderer soyTemplateRenderer;
    private final WebResourceUrlProvider webResourceUrlProvider;
    private final ApplicationProperties applicationProperties;

    @Inject
    public SamlAuthenticationHandler(SamlProvider samlProvider, SamlConfigService samlConfigService, SessionDataService sessionDataService, ApplicationStateValidator applicationStateValidator, SoyTemplateRenderer soyTemplateRenderer, @ComponentImport WebResourceUrlProvider webResourceUrlProvider, @ComponentImport ApplicationProperties applicationProperties) {
        this.samlProvider = samlProvider;
        this.samlConfigService = samlConfigService;
        this.sessionDataService = sessionDataService;
        this.applicationStateValidator = applicationStateValidator;
        this.soyTemplateRenderer = soyTemplateRenderer;
        this.webResourceUrlProvider = webResourceUrlProvider;
        this.applicationProperties = applicationProperties;
    }

    @Override // com.atlassian.plugins.authentication.impl.web.AuthenticationHandler
    public void processAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable URI uri) throws IOException {
        this.applicationStateValidator.checkCanProcessAuthenticationRequest();
        this.sessionDataService.ensureSessionExists(httpServletRequest);
        String uuid = UUID.randomUUID().toString();
        SamlRequest createSamlSingleSignOnRequest = this.samlProvider.createSamlSingleSignOnRequest(httpServletRequest, httpServletResponse, uuid, isPermissionViolation(httpServletRequest));
        this.sessionDataService.setSessionData(httpServletRequest, uuid, new SessionData(createSamlSingleSignOnRequest, uri));
        if (uri != null) {
            renderFragmentSavingPage(httpServletResponse, createSamlSingleSignOnRequest);
        } else {
            httpServletResponse.sendRedirect(createSamlSingleSignOnRequest.getLoginRequestUrl());
        }
    }

    private void renderFragmentSavingPage(HttpServletResponse httpServletResponse, SamlRequest samlRequest) throws IOException {
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding("utf-8");
        this.soyTemplateRenderer.render(httpServletResponse.getWriter(), "com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment", "AuthenticationPlugin.SaveHash.display", ImmutableMap.of("idpRequest", samlRequest.getLoginRequestUrl(), "cookieName", PluginData.FRAGMENT_COOKIE_NAME + samlRequest.getRelayState(), "cookiePath", this.applicationProperties.getBaseUrl(UrlMode.RELATIVE), "cookieExpirationTimeInMinutesFromNow", (String) 5, "jsCookieLibraryUrl", this.webResourceUrlProvider.getStaticPluginResourceUrl("com.atlassian.plugins.authentication.atlassian-authentication-plugin:save-fragment", PluginData.JS_COOKIE_LIBRARY_RESOURCE_NAME, com.atlassian.plugin.webresource.UrlMode.RELATIVE)));
    }

    private boolean isPermissionViolation(HttpServletRequest httpServletRequest) {
        if (!this.sessionDataService.isUserLoggedInWithSaml(httpServletRequest)) {
            return false;
        }
        log.info("User is already logged in. Looks like permissions violation. Force re-authentication in IDP");
        return true;
    }

    @Override // com.atlassian.plugins.authentication.impl.web.AuthenticationHandler
    public boolean isConfigured() {
        return this.samlConfigService.getSamlConfig().isConfigured();
    }
}
