package com.atlassian.crowd.openid.server.manager.openid;

import com.atlassian.crowd.integration.soap.SOAPPrincipal;
import com.atlassian.crowd.openid.server.manager.property.OpenIDPropertyManager;
import com.atlassian.crowd.openid.server.manager.property.OpenIDPropertyManagerException;
import com.atlassian.crowd.openid.server.manager.site.SiteManager;
import com.atlassian.crowd.openid.server.manager.site.SiteManagerException;
import com.atlassian.crowd.openid.server.manager.user.UserManager;
import com.atlassian.crowd.openid.server.model.EntityObject;
import com.atlassian.crowd.openid.server.model.approval.SiteApproval;
import com.atlassian.crowd.openid.server.model.record.AuthAction;
import com.atlassian.crowd.openid.server.model.record.AuthRecord;
import com.atlassian.crowd.openid.server.model.record.AuthRecordDAO;
import com.atlassian.crowd.openid.server.model.site.Site;
import com.atlassian.crowd.openid.server.model.user.User;
import com.atlassian.crowd.openid.server.provider.OpenIDAuthRequest;
import com.atlassian.crowd.openid.server.provider.OpenIDAuthResponse;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Locale;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/crowd/openid/server/manager/openid/OpenIDAuthenticationManagerGeneric.class */
public class OpenIDAuthenticationManagerGeneric implements OpenIDAuthenticationManager {
    private static final Logger logger = Logger.getLogger(OpenIDAuthenticationManagerGeneric.class);
    private SiteManager siteManager;
    private OpenIDPropertyManager openIDPropertyManager;
    private AuthRecordDAO authRecordDAO;
    private UserManager userManager;

    @Override // com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager
    public void validateRequest(User user, OpenIDAuthRequest openIDAuthRequest) throws InvalidRequestException, SiteDisallowedException, IdentifierViolationException {
        if (openIDAuthRequest == null) {
            throw new InvalidRequestException("Authentication request not found");
        }
        try {
            URL url = new URL(openIDAuthRequest.getReturnToURL());
            if (!openIDAuthRequest.getIdentifier().replaceFirst(".*/", "").equals(user.getUsername())) {
                throw new IdentifierViolationException("User " + user.getUsername() + " cannot verify another user's OpenID: " + openIDAuthRequest.getIdentifier());
            }
            try {
            } catch (OpenIDPropertyManagerException e) {
                logger.error(e);
            }
            if (!this.openIDPropertyManager.isEnableStatelessMode().booleanValue() && !openIDAuthRequest.hasAssocHandle()) {
                throw new SiteDisallowedException("Site is making a stateless authentication request. This has been disabled by your administrator");
            }
            if (!this.siteManager.isSiteAllowedToAuthenticate(url)) {
                throw new SiteDisallowedException("Site has been globally disallowed by blacklist/whitelist: " + url);
            }
            if (StringUtils.contains(url.getHost(), "localhost") || StringUtils.contains(url.getHost(), "127.0.0.1")) {
                try {
                    if (this.openIDPropertyManager.isEnableRelyingPartyLocalhostMode().booleanValue()) {
                    } else {
                        throw new SiteDisallowedException("Localhost relying-parties have been disallowed: " + url);
                    }
                } catch (OpenIDPropertyManagerException e2) {
                    logger.error(e2);
                }
            }
        } catch (MalformedURLException e3) {
            throw new InvalidRequestException("Malformed return_to URL in OpenID request", e3);
        }
    }

    @Override // com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager
    public OpenIDAuthResponse checkImmediate(SOAPPrincipal sOAPPrincipal, Locale locale, OpenIDAuthRequest openIDAuthRequest) {
        try {
            User user = this.userManager.getUser(sOAPPrincipal, locale);
            validateRequest(user, openIDAuthRequest);
            return autoAllowRequest(user, openIDAuthRequest);
        } catch (Exception e) {
            return new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), false);
        }
    }

    @Override // com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager
    public OpenIDAuthResponse autoAllowRequest(User user, OpenIDAuthRequest openIDAuthRequest) {
        OpenIDAuthResponse openIDAuthResponse;
        SiteApproval siteApproval = this.siteManager.getSiteApproval(user, openIDAuthRequest.getReturnToURL());
        if (siteApproval == null || !siteApproval.isAlwaysAllow()) {
            openIDAuthResponse = new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), false);
        } else {
            createAuthRecord(user, siteApproval.getSite(), AuthAction.ALLOW_ALWAYS_AUTO);
            openIDAuthResponse = new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), true);
            openIDAuthResponse.setAttributes(siteApproval.getProfile().getAttributesAsMap());
        }
        return openIDAuthResponse;
    }

    @Override // com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager
    public OpenIDAuthResponse denyRequest(User user, OpenIDAuthRequest openIDAuthRequest) {
        createAuthRecord(user, this.siteManager.getSite(openIDAuthRequest.getReturnToURL()), AuthAction.DENY);
        return new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), false);
    }

    @Override // com.atlassian.crowd.openid.server.manager.openid.OpenIDAuthenticationManager
    public OpenIDAuthResponse allowRequest(User user, long j, OpenIDAuthRequest openIDAuthRequest, boolean z) {
        OpenIDAuthResponse openIDAuthResponse;
        try {
            SiteApproval siteApproval = this.siteManager.setSiteApproval(user, openIDAuthRequest.getReturnToURL(), j, z);
            createAuthRecord(user, siteApproval.getSite(), z ? AuthAction.ALLOW_ALWAYS : AuthAction.ALLOW_ONCE);
            openIDAuthResponse = new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), true);
            openIDAuthResponse.setAttributes(siteApproval.getProfile().getAttributesAsMap());
        } catch (SiteManagerException e) {
            openIDAuthResponse = new OpenIDAuthResponse(openIDAuthRequest.getIdentifier(), false);
        }
        return openIDAuthResponse;
    }

    protected void createAuthRecord(User user, Site site, AuthAction authAction) {
        this.authRecordDAO.update((EntityObject) new AuthRecord(user, site, authAction));
    }

    public SiteManager getSiteManager() {
        return this.siteManager;
    }

    public void setSiteManager(SiteManager siteManager) {
        this.siteManager = siteManager;
    }

    public OpenIDPropertyManager getOpenIDPropertyManager() {
        return this.openIDPropertyManager;
    }

    public void setOpenIDPropertyManager(OpenIDPropertyManager openIDPropertyManager) {
        this.openIDPropertyManager = openIDPropertyManager;
    }

    public AuthRecordDAO getAuthRecordDAO() {
        return this.authRecordDAO;
    }

    public void setAuthRecordDAO(AuthRecordDAO authRecordDAO) {
        this.authRecordDAO = authRecordDAO;
    }

    public UserManager getUserManager() {
        return this.userManager;
    }

    public void setUserManager(UserManager userManager) {
        this.userManager = userManager;
    }
}
