package com.atlassian.crowd.integration.jive;

import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.integration.http.HttpAuthenticatorFactory;
import com.atlassian.crowd.integration.model.RemotePrincipalConstants;
import com.jivesoftware.base.AuthFactory;
import com.jivesoftware.base.AuthToken;
import com.jivesoftware.base.JiveGlobals;
import com.jivesoftware.base.Log;
import com.jivesoftware.base.UnauthorizedException;
import com.jivesoftware.base.UserNotFoundException;
import com.jivesoftware.base.ban.BanDAO;
import com.jivesoftware.base.ban.BanDAOFactory;
import com.jivesoftware.base.ban.BanLevel;
import com.jivesoftware.base.database.ConnectionManager;
import com.jivesoftware.base.registration.RegistrationManager;
import com.jivesoftware.base.registration.RegistrationManagerImpl;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/integration/jive/CrowdAuthFactory.class */
public class CrowdAuthFactory extends AuthFactory {
    private static final Logger LOGGER = Logger.getLogger(CrowdAuthFactory.class);
    private static final String FIND_USER_ID = "SELECT userID FROM jiveUser WHERE username=?";
    private RegistrationManager jiveRegistrationManager;
    private BanDAO jiveBanDAO;
    private final HttpAuthenticator httpAuthenticator;

    public CrowdAuthFactory(HttpAuthenticator httpAuthenticator) {
        this.jiveRegistrationManager = RegistrationManagerImpl.getInstance();
        this.jiveBanDAO = BanDAOFactory.getInstance();
        LOGGER.debug("Creating a new CrowdAuthFactory.");
        this.httpAuthenticator = httpAuthenticator;
    }

    public CrowdAuthFactory() {
        this(HttpAuthenticatorFactory.getHttpAuthenticator());
    }

    protected AuthToken createAuthToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnauthorizedException {
        LOGGER.debug(">> createAuthToken(req, resp)");
        String str = null;
        try {
            if (this.httpAuthenticator.isAuthenticated(httpServletRequest, httpServletResponse)) {
                str = this.httpAuthenticator.getPrincipal(httpServletRequest).getName();
            } else {
                String parameter = httpServletRequest.getParameter(RemotePrincipalConstants.USERNAME);
                this.httpAuthenticator.authenticate(httpServletRequest, httpServletResponse, parameter, httpServletRequest.getParameter("password"));
                str = parameter;
            }
        } catch (Exception e) {
            LOGGER.debug("Error occurred while trying to authenticate request", e);
        }
        if (str == null) {
            LOGGER.debug("Request is not authenticated with Crowd");
            throw new UnauthorizedException("User could not be authenticated");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Request is authenticated with Crowd for user " + str);
        }
        AuthToken authToken = (AuthToken) httpServletRequest.getSession().getAttribute("jive.authToken");
        if (authToken instanceof CrowdAuthToken) {
            LOGGER.debug("Request has associated Jive session");
            if (str.equals(((CrowdAuthToken) authToken).getUsername())) {
                LOGGER.debug("Jive session principal matches Crowd principal. Returning Jive session's stored CrowdAuthToken");
                return authToken;
            }
            LOGGER.debug("Jive session principal does not match Crowd principal");
        } else {
            LOGGER.debug("Request has no associated Jive session");
        }
        CrowdAuthToken authenticateCrowdPrincipalWithJive = authenticateCrowdPrincipalWithJive(str, httpServletRequest);
        LOGGER.debug("Adding new CrowdAuthToken to associated Jive session and returning the CrowdAuthToken");
        httpServletRequest.getSession().setAttribute("jive.authToken", authenticateCrowdPrincipalWithJive);
        return authenticateCrowdPrincipalWithJive;
    }

    private long findOrCreateCrowdPrincipalInJive(String str) throws UnauthorizedException {
        boolean z = false;
        long j = -1;
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Searching for user " + str + " in Jive's DB");
        }
        try {
            try {
                Connection connection = ConnectionManager.getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(FIND_USER_ID);
                prepareStatement.setString(1, str == null ? "" : str.toLowerCase());
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    j = executeQuery.getLong(1);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Found userID " + j + " based on query: " + FIND_USER_ID + ", using username: " + str);
                    }
                } else {
                    LOGGER.debug("Could not find user in Jive's DB");
                    z = true;
                }
                ConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                if (z) {
                    LOGGER.debug("Creating user in Jive's DB");
                    try {
                        j = new CrowdUser(str).getID();
                        LOGGER.debug("Created Crowd user in Jive DB");
                    } catch (UserNotFoundException e) {
                        LOGGER.debug("Exception while retrieving user info from the Jive DB.");
                        throw new UnauthorizedException(e);
                    }
                }
                return j;
            } catch (Exception e2) {
                LOGGER.debug("Exception while retrieving user info from the Jive DB.");
                throw new UnauthorizedException(e2);
            }
        } catch (Throwable th) {
            ConnectionManager.closeConnection((ResultSet) null, (Statement) null, (Connection) null);
            throw th;
        }
    }

    private CrowdAuthToken authenticateCrowdPrincipalWithJive(String str, HttpServletRequest httpServletRequest) throws UnauthorizedException {
        long findOrCreateCrowdPrincipalInJive = findOrCreateCrowdPrincipalInJive(str);
        if (!isAllowedToLoginToJive(findOrCreateCrowdPrincipalInJive, httpServletRequest.getRemoteAddr())) {
            LOGGER.debug("User is not allowed to log into Jive (on a ban list or account validation failed)");
            throw new UnauthorizedException("User is not allowed to log into Jive (on a ban list or account validation failed)");
        }
        LOGGER.debug("User is allowed to log into Jive (isn't on any ban list)");
        CrowdAuthToken crowdAuthToken = new CrowdAuthToken(findOrCreateCrowdPrincipalInJive, str);
        httpServletRequest.getSession().setAttribute("jive.authToken", crowdAuthToken);
        LOGGER.debug("CrowdAuthToken created and associated with Jive session. Returning new token.");
        return crowdAuthToken;
    }

    private boolean isAllowedToLoginToJive(long j, String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Checking if userID " + j + " with address " + str + " is allowed to login to Jive");
        }
        try {
            if (!this.jiveRegistrationManager.isAccountValidated(j)) {
                LOGGER.debug("Jive's account validation failed for user. User not allowed to login");
                return false;
            }
            if (!JiveGlobals.getJiveBooleanProperty("banneduser.enabled")) {
                return true;
            }
            if (this.jiveBanDAO.getBan(j, BanLevel.BAN_LOGIN) != null) {
                LOGGER.debug("User appears on Jive's ban list. User not allowed to login");
                return false;
            }
            if (this.jiveBanDAO.getBan(str, BanLevel.BAN_LOGIN) == null) {
                return true;
            }
            LOGGER.debug("Remote address appears on Jive's ban list. User not allowed to login");
            return false;
        } catch (UserNotFoundException e) {
            Log.debug("Unexpected UserNotFoundException. User not allowed to login", e);
            return false;
        }
    }

    protected AuthToken createSessionUserInfo(String str, String str2, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnauthorizedException {
        LOGGER.debug("Authenticating user to Crowd and Jive");
        if (str == null || str2 == null) {
            throw new UnauthorizedException("Username or password is null");
        }
        try {
            this.httpAuthenticator.authenticate(httpServletRequest, httpServletResponse, str, str2);
            LOGGER.debug("Authentication to Crowd successful");
            CrowdAuthToken authenticateCrowdPrincipalWithJive = authenticateCrowdPrincipalWithJive(str, httpServletRequest);
            LOGGER.debug("Authentication to Jive successful");
            return authenticateCrowdPrincipalWithJive;
        } catch (Exception e) {
            LOGGER.debug("Error authenticating user by using explicitly provided username/password", e);
            throw new UnauthorizedException("Error authenticating user by using explicitly provided username/password", e);
        }
    }

    protected void clearSessionUserInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super.clearSessionUserInfo(httpServletRequest, httpServletResponse);
        try {
            this.httpAuthenticator.logoff(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            LOGGER.warn("Could log out of Crowd", e);
        }
    }

    public AuthToken createAuthToken(String str, String str2) throws UnauthorizedException {
        LOGGER.debug(">> createAuthToken(username, password)");
        try {
            LOGGER.debug("Authenticating user with Crowd: " + str);
            this.httpAuthenticator.verifyAuthentication(str, str2);
            LOGGER.debug("Finding/creating Crowd user in Jive: " + str);
            long findOrCreateCrowdPrincipalInJive = findOrCreateCrowdPrincipalInJive(str);
            LOGGER.debug("Generating non-SSO token for user: " + str);
            return new CrowdAuthToken(findOrCreateCrowdPrincipalInJive, str);
        } catch (Exception e) {
            LOGGER.debug("Non-SSO authentication failed for user: " + str, e);
            throw new UnauthorizedException(e);
        }
    }

    public AuthToken createAnonymousAuthToken() {
        return new CrowdAuthToken(-1L, null);
    }
}
