package com.atlassian.bamboo.user.authentication;

import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.user.LoginInformationManager;
import com.atlassian.config.util.BootstrapUtils;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard;
import com.atlassian.spring.container.ContainerManager;
import com.google.common.base.Supplier;
import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/user/authentication/BambooElevatedSecurityGuard.class */
public class BambooElevatedSecurityGuard implements ElevatedSecurityGuard {
    private static final String CAPTCHA_PARAM = "captcha";
    private static final Logger log = Logger.getLogger(BambooElevatedSecurityGuard.class);
    private static final String ELEVATED_SECURITY_CHECK_REQUIRED = BambooElevatedSecurityGuard.class.getName() + ".elevatedSecurityCheckRequired";
    private static final String ELEVATED_SECURITY_CHECK_FAILED = BambooElevatedSecurityGuard.class.getName() + ".elevatedSecurityCheckFailed";
    private static final Supplier<ImageCaptchaService> IMAGE_CAPTCHA_SERVICE = ComponentAccessor.newLazyComponentReference("imageCaptchaService");

    public boolean performElevatedSecurityCheck(HttpServletRequest httpServletRequest, String str) {
        LoginInformationManager loginInformationManager = getLoginInformationManager();
        if (loginInformationManager == null) {
            log.info("Login information manager not present");
            return false;
        }
        if (!loginInformationManager.isElevatedSecurityCheckRequired(str)) {
            httpServletRequest.removeAttribute(ELEVATED_SECURITY_CHECK_REQUIRED);
            return true;
        }
        httpServletRequest.setAttribute(ELEVATED_SECURITY_CHECK_REQUIRED, Boolean.TRUE);
        String parameter = httpServletRequest.getParameter(CAPTCHA_PARAM);
        if (parameter == null) {
            log.info("No CAPTCHA response in request");
            return captchaFailure(httpServletRequest);
        }
        String parameter2 = httpServletRequest.getParameter("atl_token");
        if (parameter2 == null) {
            log.warn("No atlToken for CAPTCHA");
            return captchaFailure(httpServletRequest);
        }
        if (!isCaptchaResponseValid(parameter2, parameter)) {
            return captchaFailure(httpServletRequest);
        }
        httpServletRequest.removeAttribute(ELEVATED_SECURITY_CHECK_FAILED);
        return true;
    }

    private boolean isCaptchaResponseValid(String str, String str2) {
        try {
            return Boolean.TRUE.equals(((ImageCaptchaService) IMAGE_CAPTCHA_SERVICE.get()).validateResponseForID(str, str2));
        } catch (CaptchaServiceException e) {
            log.warn("Error while validating CAPTCHA response", e);
            return false;
        }
    }

    private static boolean captchaFailure(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute(ELEVATED_SECURITY_CHECK_FAILED, Boolean.TRUE);
        return false;
    }

    public void onFailedLoginAttempt(HttpServletRequest httpServletRequest, String str) {
        log.trace("Failed login attempt, userName=" + str + ", IP=" + httpServletRequest.getRemoteAddr());
        LoginInformationManager loginInformationManager = getLoginInformationManager();
        if (loginInformationManager != null && loginInformationManager.incrementFailedCountAndCheckThreshold(str)) {
            httpServletRequest.setAttribute(ELEVATED_SECURITY_CHECK_REQUIRED, Boolean.TRUE);
        }
    }

    public void onSuccessfulLoginAttempt(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.removeAttribute(ELEVATED_SECURITY_CHECK_REQUIRED);
        LoginInformationManager loginInformationManager = getLoginInformationManager();
        if (loginInformationManager != null) {
            loginInformationManager.resetFailedLoginAttemptsCount(str);
        }
    }

    public void init(Map<String, String> map, SecurityConfig securityConfig) {
    }

    public static boolean isElevatedSecurityRequired(ServletRequest servletRequest) {
        return Boolean.TRUE.equals(servletRequest.getAttribute(ELEVATED_SECURITY_CHECK_REQUIRED));
    }

    public static boolean isElevatedSecurityFailed(ServletRequest servletRequest) {
        return Boolean.TRUE.equals(servletRequest.getAttribute(ELEVATED_SECURITY_CHECK_FAILED));
    }

    @Nullable
    private LoginInformationManager getLoginInformationManager() {
        if (!BootstrapUtils.getBootstrapManager().isSetupComplete()) {
            return null;
        }
        try {
            return (LoginInformationManager) ContainerManager.getComponent("loginInformationManager");
        } catch (Exception e) {
            log.warn("Authentication attempt with invalid context", e);
            return null;
        }
    }
}
