package com.atlassian.security.auth.trustedapps.filter;

import com.atlassian.security.auth.trustedapps.CurrentApplication;
import com.atlassian.security.auth.trustedapps.Null;
import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsManager;
import com.atlassian.security.auth.trustedapps.UserResolver;
import com.atlassian.security.auth.trustedapps.filter.Authenticator;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
import java.security.PublicKey;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.util.encoders.Base64;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter.class
  input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter.class
 */
@Deprecated
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter.class */
public class TrustedApplicationsFilter implements Filter {
    private final CertificateServer certificateServer;
    private final Authenticator authenticator;
    private FilterConfig filterConfig;
    private final AuthenticationController authenticationController;
    private final AuthenticationListener authenticationListener;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServer.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServer.class
     */
    @Deprecated
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServer.class */
    public interface CertificateServer {
        void writeCertificate(Writer writer) throws IOException;
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServerImpl.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServerImpl.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$CertificateServerImpl.class */
    public static class CertificateServerImpl implements CertificateServer {
        final TrustedApplicationsManager appManager;

        public CertificateServerImpl(TrustedApplicationsManager trustedApplicationsManager) {
            this.appManager = trustedApplicationsManager;
        }

        @Override // com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.CertificateServer
        public void writeCertificate(Writer writer) throws IOException {
            CurrentApplication currentApplication = this.appManager.getCurrentApplication();
            PublicKey publicKey = currentApplication.getPublicKey();
            try {
                writer.write(currentApplication.getID());
                writer.write("\n");
                writer.write(new String(Base64.encode(publicKey.getEncoded()), "utf-8"));
                writer.write("\n");
                writer.write(TrustedApplicationUtils.getProtocolVersionInUse().toString());
                writer.write("\n");
                writer.write(TrustedApplicationUtils.Constant.MAGIC);
                writer.flush();
            } catch (UnsupportedEncodingException e) {
                throw new AssertionError(e);
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$Status.class
      input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-trusted-apps-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$Status.class
     */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-sal-trust-plugin-3.0.0-m247.jar:META-INF/lib/atlassian-trusted-apps-core-4.1.0.jar:com/atlassian/security/auth/trustedapps/filter/TrustedApplicationsFilter$Status.class */
    static final class Status {
        static final String ERROR = "ERROR";
        static final String OK = "OK";

        Status() {
        }
    }

    public TrustedApplicationsFilter(TrustedApplicationsManager trustedApplicationsManager, UserResolver userResolver, AuthenticationController authenticationController, AuthenticationListener authenticationListener) {
        this(new CertificateServerImpl(trustedApplicationsManager), new TrustedApplicationFilterAuthenticator(trustedApplicationsManager, userResolver, authenticationController), authenticationController, authenticationListener);
    }

    protected TrustedApplicationsFilter(CertificateServer certificateServer, Authenticator authenticator, AuthenticationController authenticationController, AuthenticationListener authenticationListener) {
        this.filterConfig = null;
        Null.not("certificateServer", certificateServer);
        Null.not("authenticator", authenticator);
        Null.not("authenticationController", authenticationController);
        Null.not("authenticationListener", authenticationListener);
        this.certificateServer = certificateServer;
        this.authenticator = authenticator;
        this.authenticationController = authenticationController;
        this.authenticationListener = authenticationListener;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (getPathInfo(httpServletRequest).endsWith(TrustedApplicationUtils.Constant.CERTIFICATE_URL_PATH)) {
            httpServletResponse.setContentType("text/plain");
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpServletResponse.getOutputStream());
            this.certificateServer.writeCertificate(outputStreamWriter);
            outputStreamWriter.flush();
            return;
        }
        boolean authenticate = authenticate(httpServletRequest, httpServletResponse);
        try {
            filterChain.doFilter(httpServletRequest, servletResponse);
            if (!authenticate || httpServletRequest.getSession(false) == null) {
                return;
            }
            httpServletRequest.getSession().invalidate();
        } catch (Throwable th) {
            if (authenticate && httpServletRequest.getSession(false) != null) {
                httpServletRequest.getSession().invalidate();
            }
            throw th;
        }
    }

    boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.authenticationController.shouldAttemptAuthentication(httpServletRequest)) {
            this.authenticationListener.authenticationNotAttempted(httpServletRequest, httpServletResponse);
            return false;
        }
        Authenticator.Result authenticate = this.authenticator.authenticate(httpServletRequest, httpServletResponse);
        if (authenticate.getStatus() == Authenticator.Result.Status.SUCCESS) {
            this.authenticationListener.authenticationSuccess(authenticate, httpServletRequest, httpServletResponse);
            httpServletResponse.setHeader("X-Seraph-Trusted-App-Status", "OK");
            return true;
        }
        if (authenticate.getStatus() == Authenticator.Result.Status.FAILED) {
            this.authenticationListener.authenticationFailure(authenticate, httpServletRequest, httpServletResponse);
            return false;
        }
        this.authenticationListener.authenticationError(authenticate, httpServletRequest, httpServletResponse);
        return false;
    }

    protected String getPathInfo(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        return (contextPath == null || contextPath.length() <= 0) ? requestURI : requestURI.substring(contextPath.length());
    }

    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    public void destroy() {
        this.filterConfig = null;
    }

    public FilterConfig getFilterConfig() {
        return this.filterConfig;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        if (filterConfig != null) {
            init(filterConfig);
        }
    }
}
