package com.atlassian.confluence.extra.webdav;

import com.atlassian.confluence.extra.webdav.util.WebdavConstants;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.util.SeraphUtils;
import com.atlassian.seraph.auth.Authenticator;
import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.user.User;
import com.opensymphony.webwork.ServletActionContext;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.webdav.DavException;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/confluence/extra/webdav/ConfluenceDavSessionProviderImpl.class */
public class ConfluenceDavSessionProviderImpl implements DavSessionProvider {
    private static Logger log = Logger.getLogger(ConfluenceDavSessionProviderImpl.class);
    private final UserAccessor userAccessor;
    private final ConfluenceDavSessionStore confluenceDavSessionStore;

    public ConfluenceDavSessionProviderImpl(UserAccessor userAccessor, ConfluenceDavSessionStore confluenceDavSessionStore) {
        this.userAccessor = userAccessor;
        this.confluenceDavSessionStore = confluenceDavSessionStore;
    }

    protected String[] getCredentialTokens(HttpServletRequest httpServletRequest) throws IOException, DavException {
        String[] split = StringUtils.split(StringUtils.trim(httpServletRequest.getHeader("Authorization")), ' ');
        if (null == split) {
            throw new DavException(401, "Need authentication");
        }
        if (split.length < 2) {
            throw new IOException("Malformed Authorization header: " + httpServletRequest.getHeader("Authorization"));
        }
        String str = split[1];
        if (StringUtils.isBlank(str)) {
            throw new IOException("Unable to read Authorization header.");
        }
        String str2 = new String(Base64.decodeBase64(str.getBytes("UTF-8")), "UTF-8");
        int indexOf = str2.indexOf(58);
        if (indexOf > 0) {
            return new String[]{str2.substring(0, indexOf), indexOf < str2.length() - 1 ? str2.substring(indexOf + 1) : ""};
        }
        return new String[0];
    }

    protected String getUserName(HttpServletRequest httpServletRequest) throws IOException, DavException {
        String[] credentialTokens = getCredentialTokens(httpServletRequest);
        if (credentialTokens.length == 2) {
            return credentialTokens[0];
        }
        return null;
    }

    protected String getPassword(HttpServletRequest httpServletRequest) throws IOException, DavException {
        String[] credentialTokens = getCredentialTokens(httpServletRequest);
        if (credentialTokens.length == 2) {
            return credentialTokens[1];
        }
        return null;
    }

    protected ConfluenceDavSession getConfluenceDavSession(HttpServletRequest httpServletRequest) throws DavException {
        try {
            ConfluenceDavSession confluenceDavSession = (ConfluenceDavSession) httpServletRequest.getSession().getAttribute(ConfluenceDavSession.class.getName());
            if (null == confluenceDavSession) {
                log.debug("ConfluenceDavSession not found in HttpSession. Trying AuthenticatedUserThreadLocal.");
                User user = AuthenticatedUserThreadLocal.getUser();
                if (user != null) {
                    log.debug("Found user " + user.getName() + " in AuthenticatedUserThreadLocal. Returning a new ConfluenceDavSession based on it.");
                    return new ConfluenceDavSession(user.getName());
                }
                try {
                    try {
                        String userName = getUserName(httpServletRequest);
                        String password = getPassword(httpServletRequest);
                        log.debug("Trying to find an existing session for " + userName + " with md5hex password " + DigestUtils.md5Hex(StringUtils.defaultString(password)));
                        if (StringUtils.isNotEmpty(userName) && StringUtils.isNotEmpty(password) && authenticateWithSeraphAuthenticator(userName, password)) {
                            confluenceDavSession = getConfluenceDavSessionFromSessionMap(userName);
                        }
                    } catch (AuthenticatorException e) {
                        log.error("Unable to authenticate using the configured Seraph authenticator.", e);
                        throw new DavException(500, e);
                    }
                } catch (IOException e2) {
                    log.error("Unable to get user name and/or password from the Authenticate header.", e2);
                    throw new DavException(500, e2);
                }
            }
            return confluenceDavSession;
        } catch (ClassCastException e3) {
            httpServletRequest.getSession().removeAttribute(ConfluenceDavSession.class.getName());
            return null;
        }
    }

    protected void setConfluenceDavSessionIntoHttpSession(HttpServletRequest httpServletRequest, ConfluenceDavSession confluenceDavSession) {
        httpServletRequest.getSession().setAttribute(ConfluenceDavSession.class.getName(), confluenceDavSession);
    }

    private boolean authenticateWithSeraphAuthenticator(String str, String str2) throws AuthenticatorException {
        SecurityConfig config = SeraphUtils.getConfig(ServletActionContext.getRequest());
        if (null == config) {
            log.error("Unable to get an Authenticator from Seraph.");
            return false;
        }
        Authenticator authenticator = config.getAuthenticator();
        boolean login = authenticator.login(ServletActionContext.getRequest(), ServletActionContext.getResponse(), str, str2);
        log.debug("Authenticating as " + str + " with md5hex password " + DigestUtils.md5Hex(StringUtils.defaultString(str2)) + " by " + authenticator.getClass().getName() + " results in " + login);
        return login;
    }

    private ConfluenceDavSession authenticate(HttpServletRequest httpServletRequest) throws DavException {
        try {
            String userName = getUserName(httpServletRequest);
            String password = getPassword(httpServletRequest);
            log.debug("User name: " + userName + ", password: " + DigestUtils.md5Hex(StringUtils.defaultString(password)));
            if (null == userName) {
                throw new DavException(401, "User name not specified.");
            }
            if (null == password) {
                throw new DavException(401, "Password not specified.");
            }
            if (authenticateWithSeraphAuthenticator(userName, password)) {
                return new ConfluenceDavSession(userName);
            }
            throw new DavException(401, "Bad user name or password.");
        } catch (AuthenticatorException e) {
            throw new DavException(500, (Throwable) e);
        } catch (IOException e2) {
            throw new DavException(500, e2);
        }
    }

    @Override // org.apache.jackrabbit.webdav.DavSessionProvider
    public boolean attachSession(WebdavRequest webdavRequest) throws DavException {
        ConfluenceDavSession confluenceDavSession = getConfluenceDavSession(webdavRequest);
        if (null == confluenceDavSession) {
            log.debug("Looks like this request is not authenticated. We'll try to authenticate our user now.");
            confluenceDavSession = authenticate(webdavRequest);
        }
        confluenceDavSession.setUserAgent(webdavRequest.getHeader(WebdavConstants.HEADER_USER_AGENT));
        confluenceDavSession.updateActivityTimestamp();
        confluenceDavSession.setCurrentlyBeingUsed(true);
        setConfluenceDavSessionIntoSessionMap(confluenceDavSession);
        setConfluenceDavSessionIntoHttpSession(webdavRequest, confluenceDavSession);
        webdavRequest.setDavSession(confluenceDavSession);
        AuthenticatedUserThreadLocal.setUser(this.userAccessor.getUser(confluenceDavSession.getUserName()));
        return true;
    }

    @Override // org.apache.jackrabbit.webdav.DavSessionProvider
    public void releaseSession(WebdavRequest webdavRequest) {
        ConfluenceDavSession confluenceDavSession = (ConfluenceDavSession) webdavRequest.getDavSession();
        if (null != confluenceDavSession) {
            confluenceDavSession.setCurrentlyBeingUsed(false);
            setConfluenceDavSessionIntoSessionMap(confluenceDavSession);
        }
        AuthenticatedUserThreadLocal.setUser((User) null);
        webdavRequest.setDavSession(null);
    }

    private void setConfluenceDavSessionIntoSessionMap(ConfluenceDavSession confluenceDavSession) {
        this.confluenceDavSessionStore.mapSession(confluenceDavSession, confluenceDavSession.getUserName());
    }

    protected ConfluenceDavSession getConfluenceDavSessionFromSessionMap(String str) {
        return this.confluenceDavSessionStore.getSession(str);
    }
}
