package com.atlassian.jira.rpc.auth;

import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheManager;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.core.util.DateUtils;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.event.api.EventListener;
import com.atlassian.jira.bc.security.login.LoginReason;
import com.atlassian.jira.bc.security.login.LoginResult;
import com.atlassian.jira.bc.security.login.LoginService;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.rpc.exception.RemoteAuthenticationException;
import com.atlassian.jira.rpc.exception.RemoteException;
import com.atlassian.jira.rpc.exception.RemotePermissionException;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import com.google.common.annotations.VisibleForTesting;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

@Deprecated
/* loaded from: input_file:com/atlassian/jira/rpc/auth/TokenManagerImpl.class */
public class TokenManagerImpl implements TokenManager {

    @VisibleForTesting
    static final String UNKNOWN_USER_MESSAGE = "User not authenticated yet, or session timed out.";
    private final Cache<String, String> userTokens;
    private PermissionManager permissionManager;
    private final LoginService loginService;
    private final JiraAuthenticationContext authenticationContext;
    private final UserManager userManager;
    private static final String TRUSTED_APPS_TOKEN = "trustedappstoken";
    public static final String __PARANAMER_DATA = "<init> com.atlassian.jira.security.PermissionManager,com.atlassian.jira.bc.security.login.LoginService,com.atlassian.jira.security.JiraAuthenticationContext,com.atlassian.jira.user.util.UserManager,com.atlassian.cache.CacheManager permissionManager,loginService,authenticationContext,userManager,cacheManager \n<init> long,com.atlassian.jira.security.PermissionManager,com.atlassian.jira.bc.security.login.LoginService,com.atlassian.jira.security.JiraAuthenticationContext,com.atlassian.jira.user.util.UserManager,com.atlassian.cache.CacheManager timeout,permissionManager,loginService,authenticationContext,userManager,cacheManager \nlogout java.lang.String token \nretrieveUser java.lang.String token \nretrieveUserNoPermissionCheck java.lang.String token \nlogin java.lang.String,java.lang.String username,password \nonClearCache com.atlassian.jira.event.ClearCacheEvent event \n";
    public static long DEFAULT_TIMEOUT = 30 * DateUtils.MINUTE_MILLIS;
    private static final Logger log = Logger.getLogger(TokenManagerImpl.class);

    public TokenManagerImpl(PermissionManager permissionManager, LoginService loginService, JiraAuthenticationContext jiraAuthenticationContext, UserManager userManager, CacheManager cacheManager) {
        this(DEFAULT_TIMEOUT, permissionManager, loginService, jiraAuthenticationContext, userManager, cacheManager);
    }

    TokenManagerImpl(long j, PermissionManager permissionManager, LoginService loginService, JiraAuthenticationContext jiraAuthenticationContext, UserManager userManager, CacheManager cacheManager) {
        this.permissionManager = permissionManager;
        this.loginService = loginService;
        this.authenticationContext = jiraAuthenticationContext;
        this.userManager = userManager;
        this.userTokens = cacheManager.getCache(TokenManagerImpl.class.getName() + ".userCache", (CacheLoader) null, new CacheSettingsBuilder().replicateViaCopy().expireAfterAccess(j, TimeUnit.MILLISECONDS).build());
    }

    @Override // com.atlassian.jira.rpc.auth.TokenManager
    public String login(String str, String str2) throws RemoteException {
        if (this.authenticationContext.getLoggedInUser() != null) {
            log.debug("User '" + this.authenticationContext.getLoggedInUser().getName() + "' already authenticated, not attempting authentication.");
            return TRUSTED_APPS_TOKEN;
        }
        User userObject = this.userManager.getUserObject(str);
        if (userObject != null) {
            LoginResult authenticate = this.loginService.authenticate(userObject, str2);
            if (authenticate.getReason() == LoginReason.AUTHENTICATION_DENIED) {
                throw new RemoteAuthenticationException("Attempt to log in user '" + str + "' failed. The maximum number of failed login attempts has been reached. Please log into the application through the web interface to reset the number of failed login attempts.");
            }
            if (authenticate.isOK()) {
                return createToken(userObject);
            }
        }
        throw new RemoteAuthenticationException("Invalid username or password.");
    }

    @Override // com.atlassian.jira.rpc.auth.TokenManager
    public boolean logout(String str) {
        if (str == null) {
            return true;
        }
        this.userTokens.remove(str);
        return true;
    }

    private String generateTokenString() {
        return DefaultSecureTokenGenerator.getInstance().generateToken();
    }

    private String createToken(User user) throws RemoteException {
        String str;
        int i = 0;
        String generateTokenString = generateTokenString();
        while (true) {
            str = generateTokenString;
            if (this.userTokens.get(str) == null) {
                break;
            }
            int i2 = i;
            i++;
            if (i2 >= 10) {
                break;
            }
            generateTokenString = generateTokenString();
        }
        if (i >= 10) {
            throw new RemoteException("Error generating authentication token after 10 attempts?");
        }
        this.userTokens.put(str, user.getName());
        return str;
    }

    @Override // com.atlassian.jira.rpc.auth.TokenManager
    public User retrieveUser(String str) throws RemoteAuthenticationException, RemotePermissionException {
        User userFromToken = getUserFromToken(str);
        if (this.permissionManager.hasPermission(1, userFromToken)) {
            return userFromToken;
        }
        throw new RemotePermissionException("No permission to perform operation.");
    }

    @Override // com.atlassian.jira.rpc.auth.TokenManager
    public User retrieveUserNoPermissionCheck(String str) throws RemoteAuthenticationException, RemotePermissionException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return getUserFromToken(str);
    }

    private User getUserFromToken(String str) throws RemoteAuthenticationException {
        User loggedInUser = this.authenticationContext.getLoggedInUser();
        if (loggedInUser != null) {
            log.debug("Ignoring token '" + str + "' because user '" + loggedInUser.getName() + "' is already in the AuthenticationContext.");
            return loggedInUser;
        }
        String str2 = (String) this.userTokens.get(str);
        if (StringUtils.isNotBlank(str2)) {
            loggedInUser = this.userManager.getUserObject(str2);
        }
        if (loggedInUser == null) {
            throw new RemoteAuthenticationException(UNKNOWN_USER_MESSAGE);
        }
        return loggedInUser;
    }

    @EventListener
    public void onClearCache(ClearCacheEvent clearCacheEvent) {
        this.userTokens.removeAll();
    }
}
