package com.atlassian.oauth.serviceprovider.internal.servlet;

import com.atlassian.oauth.serviceprovider.internal.util.UserAgentUtil;
import com.atlassian.oauth.util.RequestAnnotations;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.auth.AuthenticationController;
import com.atlassian.sal.api.auth.AuthenticationListener;
import com.atlassian.sal.api.auth.Authenticator;
import com.atlassian.sal.api.auth.OAuthRequestVerifier;
import com.atlassian.sal.api.auth.OAuthRequestVerifierFactory;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import net.oauth.OAuthMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-oauth-service-provider-plugin-1.9.10.jar:com/atlassian/oauth/serviceprovider/internal/servlet/OAuthFilter.class */
public class OAuthFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OAuthFilter.class);
    private final Authenticator authenticator;
    private final AuthenticationListener authenticationListener;
    private final AuthenticationController authenticationController;
    private final ApplicationProperties applicationProperties;
    private final OAuthRequestVerifierFactory verifierFactory;

    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-oauth-service-provider-plugin-1.9.10.jar:com/atlassian/oauth/serviceprovider/internal/servlet/OAuthFilter$OAuthWWWAuthenticateAddingResponse.class */
    private static final class OAuthWWWAuthenticateAddingResponse extends HttpServletResponseWrapper {
        private final ApplicationProperties applicationProperties;

        public OAuthWWWAuthenticateAddingResponse(HttpServletResponse httpServletResponse, ApplicationProperties applicationProperties) {
            super(httpServletResponse);
            this.applicationProperties = (ApplicationProperties) Preconditions.checkNotNull(applicationProperties, "applicationProperties");
        }

        public void sendError(int i, String str) throws IOException {
            if (i == 401) {
                addOAuthAuthenticateHeader();
            }
            super.sendError(i, str);
        }

        public void sendError(int i) throws IOException {
            if (i == 401) {
                addOAuthAuthenticateHeader();
            }
            super.sendError(i);
        }

        public void setStatus(int i, String str) {
            if (i == 401) {
                addOAuthAuthenticateHeader();
            }
            super.setStatus(i, str);
        }

        public void setStatus(int i) {
            if (i == 401) {
                addOAuthAuthenticateHeader();
            }
            super.setStatus(i);
        }

        private void addOAuthAuthenticateHeader() {
            try {
                super.addHeader("WWW-Authenticate", new OAuthMessage(null, null, null).getAuthorizationHeader(this.applicationProperties.getBaseUrl()));
            } catch (IOException e) {
                throw new RuntimeException("Somehow the OAuth.net library threw an IOException, even though it's not doing any IO operations", e);
            }
        }
    }

    public OAuthFilter(Authenticator authenticator, AuthenticationListener authenticationListener, AuthenticationController authenticationController, ApplicationProperties applicationProperties, OAuthRequestVerifierFactory oAuthRequestVerifierFactory) {
        this.authenticator = (Authenticator) Preconditions.checkNotNull(authenticator, "authenticator");
        this.authenticationListener = (AuthenticationListener) Preconditions.checkNotNull(authenticationListener, "authenticationListener");
        this.authenticationController = (AuthenticationController) Preconditions.checkNotNull(authenticationController, "authenticationController");
        this.applicationProperties = (ApplicationProperties) Preconditions.checkNotNull(applicationProperties, "applicationProperties");
        this.verifierFactory = (OAuthRequestVerifierFactory) Preconditions.checkNotNull(oAuthRequestVerifierFactory, "oAuthRequestVerifierFactory");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("User-Agent");
        if (UserAgentUtil.isOsxFinder(header) || UserAgentUtil.isMicrosoftMiniRedirector(header)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        OAuthWWWAuthenticateAddingResponse oAuthWWWAuthenticateAddingResponse = new OAuthWWWAuthenticateAddingResponse((HttpServletResponse) servletResponse, this.applicationProperties);
        OAuthRequestVerifier oAuthRequestVerifierFactory = this.verifierFactory.getInstance(servletRequest);
        boolean isVerified = oAuthRequestVerifierFactory.isVerified();
        if (!mayProceed(httpServletRequest, oAuthWWWAuthenticateAddingResponse, oAuthRequestVerifierFactory)) {
            LOG.debug("OAuth blocked the request [{}]", httpServletRequest.getRequestURL());
            return;
        }
        try {
            filterChain.doFilter(httpServletRequest, oAuthWWWAuthenticateAddingResponse);
            if (isVerified) {
                oAuthRequestVerifierFactory.setVerified(true);
            } else {
                oAuthRequestVerifierFactory.clear();
            }
            if (!OAuthRequestUtils.isOAuthAccessAttempt(httpServletRequest) || httpServletRequest.getSession(false) == null) {
                return;
            }
            httpServletRequest.getSession().invalidate();
            LOG.debug("OAuth invalidated the session for an OAuth request [{}]", httpServletRequest.getRequestURL());
        } catch (Throwable th) {
            if (isVerified) {
                oAuthRequestVerifierFactory.setVerified(true);
            } else {
                oAuthRequestVerifierFactory.clear();
            }
            if (OAuthRequestUtils.isOAuthAccessAttempt(httpServletRequest) && httpServletRequest.getSession(false) != null) {
                httpServletRequest.getSession().invalidate();
                LOG.debug("OAuth invalidated the session for an OAuth request [{}]", httpServletRequest.getRequestURL());
            }
            throw th;
        }
    }

    private boolean mayProceed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthRequestVerifier oAuthRequestVerifier) {
        if (!this.authenticationController.shouldAttemptAuthentication(httpServletRequest)) {
            this.authenticationListener.authenticationNotAttempted(httpServletRequest, httpServletResponse);
            return true;
        }
        if (!OAuthRequestUtils.isOAuthAccessAttempt(httpServletRequest)) {
            this.authenticationListener.authenticationNotAttempted(httpServletRequest, httpServletResponse);
            return true;
        }
        Authenticator.Result authenticate = this.authenticator.authenticate(httpServletRequest, httpServletResponse);
        if (authenticate.getStatus() == Authenticator.Result.Status.FAILED) {
            this.authenticationListener.authenticationFailure(authenticate, httpServletRequest, httpServletResponse);
            OAuthProblemUtils.logOAuthRequest(httpServletRequest, "OAuth authentication FAILED.", LOG);
            return false;
        }
        if (authenticate.getStatus() == Authenticator.Result.Status.ERROR) {
            this.authenticationListener.authenticationError(authenticate, httpServletRequest, httpServletResponse);
            OAuthProblemUtils.logOAuthRequest(httpServletRequest, "OAuth authentication ERRORED.", LOG);
            return false;
        }
        this.authenticationListener.authenticationSuccess(authenticate, httpServletRequest, httpServletResponse);
        RequestAnnotations.markAsOAuthRequest(httpServletRequest);
        OAuthProblemUtils.logOAuthRequest(httpServletRequest, "OAuth authentication successful. Request marked as OAuth.", LOG);
        oAuthRequestVerifier.setVerified(true);
        OAuthProblemUtils.logOAuthRequest(httpServletRequest, "OAuth authentication successful. Thread marked as Verified.", LOG);
        return true;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
