package com.atlassian.seraph.filter;

import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.auth.LoginReason;
import com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard;
import com.atlassian.seraph.interceptor.LoginInterceptor;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Category;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-auth-plugin-5.1.2.jar:META-INF/lib/atlassian-seraph-2.1.7-rc3.jar:com/atlassian/seraph/filter/PasswordBasedLoginFilter.class */
public abstract class PasswordBasedLoginFilter extends BaseLoginFilter {
    static final Category log = Category.getInstance(PasswordBasedLoginFilter.class);

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-refapp-auth-plugin-5.1.2.jar:META-INF/lib/atlassian-seraph-2.1.7-rc3.jar:com/atlassian/seraph/filter/PasswordBasedLoginFilter$UserPasswordPair.class */
    public static final class UserPasswordPair {
        final String userName;
        final String password;
        final boolean persistentLogin;

        /* JADX INFO: Access modifiers changed from: package-private */
        public UserPasswordPair(String str, String str2, boolean z) {
            this.userName = str;
            this.password = str2;
            this.persistentLogin = z;
        }
    }

    @Override // com.atlassian.seraph.filter.BaseLoginFilter
    public String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean isDebugEnabled = log.isDebugEnabled();
        String str = LOGIN_NOATTEMPT;
        UserPasswordPair extractUserPasswordPair = extractUserPasswordPair(httpServletRequest);
        if (extractUserPasswordPair == null || extractUserPasswordPair.userName == null || extractUserPasswordPair.password == null) {
            if (isDebugEnabled) {
                log.debug("login : No user name or password was returned. No authentication attempt will be made.  User may still be found via a SecurityFilter later.");
            }
            return str;
        }
        if (isDebugEnabled) {
            log.debug("login : '" + extractUserPasswordPair.userName + "' and password provided - remember me : " + extractUserPasswordPair.persistentLogin + " - attempting login request");
        }
        List<LoginInterceptor> interceptors = getSecurityConfig().getInterceptors(LoginInterceptor.class);
        try {
            try {
                runBeforeLoginInterceptors(httpServletRequest, httpServletResponse, extractUserPasswordPair, interceptors);
                str = runAuthentication(httpServletRequest, httpServletResponse, extractUserPasswordPair);
                runAfterLoginInterceptors(httpServletRequest, httpServletResponse, str, extractUserPasswordPair, interceptors);
            } catch (AuthenticatorException e) {
                if (isDebugEnabled) {
                    log.debug("login : An exception occurred authenticating : '" + extractUserPasswordPair.userName + "'", e);
                }
                str = BaseLoginFilter.LOGIN_FAILED;
                runAfterLoginInterceptors(httpServletRequest, httpServletResponse, str, extractUserPasswordPair, interceptors);
            }
            return str;
        } catch (Throwable th) {
            runAfterLoginInterceptors(httpServletRequest, httpServletResponse, str, extractUserPasswordPair, interceptors);
            throw th;
        }
    }

    private String runAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserPasswordPair userPasswordPair) throws AuthenticatorException {
        boolean isDebugEnabled = log.isDebugEnabled();
        ElevatedSecurityGuard elevatedSecurityGuard = getElevatedSecurityGuard();
        if (!elevatedSecurityGuard.performElevatedSecurityCheck(httpServletRequest, userPasswordPair.userName)) {
            if (isDebugEnabled) {
                log.debug("runAuthentication : '" + userPasswordPair.userName + "' failed elevated security check");
            }
            LoginReason.AUTHENTICATION_DENIED.stampRequestResponse(httpServletRequest, httpServletResponse);
            elevatedSecurityGuard.onFailedLoginAttempt(httpServletRequest, userPasswordPair.userName);
            return BaseLoginFilter.LOGIN_FAILED;
        }
        if (isDebugEnabled) {
            log.debug("runAuthentication : '" + userPasswordPair.userName + "' does not require elevated security check.  Attempting authentication...");
        }
        boolean login = getAuthenticator().login(httpServletRequest, httpServletResponse, userPasswordPair.userName, userPasswordPair.password, userPasswordPair.persistentLogin);
        if (isDebugEnabled) {
            log.debug("runAuthentication : '" + userPasswordPair.userName + "' was " + (login ? "successfully" : "UNSUCCESSFULLY") + " authenticated");
        }
        if (login) {
            LoginReason.OK.stampRequestResponse(httpServletRequest, httpServletResponse);
            elevatedSecurityGuard.onSuccessfulLoginAttempt(httpServletRequest, userPasswordPair.userName);
        } else {
            LoginReason.AUTHENTICATED_FAILED.stampRequestResponse(httpServletRequest, httpServletResponse);
            elevatedSecurityGuard.onFailedLoginAttempt(httpServletRequest, userPasswordPair.userName);
        }
        return login ? "success" : BaseLoginFilter.LOGIN_FAILED;
    }

    private void runBeforeLoginInterceptors(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserPasswordPair userPasswordPair, List<LoginInterceptor> list) {
        Iterator<LoginInterceptor> it = list.iterator();
        while (it.hasNext()) {
            it.next().beforeLogin(httpServletRequest, httpServletResponse, userPasswordPair.userName, userPasswordPair.password, userPasswordPair.persistentLogin);
        }
    }

    private void runAfterLoginInterceptors(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, UserPasswordPair userPasswordPair, List<LoginInterceptor> list) {
        Iterator<LoginInterceptor> it = list.iterator();
        while (it.hasNext()) {
            it.next().afterLogin(httpServletRequest, httpServletResponse, userPasswordPair.userName, userPasswordPair.password, userPasswordPair.persistentLogin, str);
        }
    }

    abstract UserPasswordPair extractUserPasswordPair(HttpServletRequest httpServletRequest);
}
