package com.atlassian.bamboo.agent.classserver;

import com.atlassian.bamboo.agent.AgentSecurityTokenService;
import com.atlassian.bamboo.agent.PerAgentTokenService;
import com.atlassian.bamboo.buildqueue.RemoteAgentAuthentication;
import com.atlassian.bamboo.buildqueue.manager.RemoteAgentAuthenticationManager;
import com.atlassian.bamboo.buildqueue.manager.RemoteAgentManager;
import com.atlassian.bamboo.util.UrlBuilder;
import com.atlassian.bamboo.utils.BambooFunctions;
import com.atlassian.bamboo.utils.EscapeChars;
import com.atlassian.bamboo.utils.ServletUtils;
import com.atlassian.bamboo.ww2.BambooActionSupport;
import com.atlassian.bamboo.ww2.aware.permissions.GlobalBypassSecurityAware;
import com.atlassian.security.utils.ConstantTimeComparison;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import java.util.HashMap;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/bamboo/agent/classserver/GetFingerprintAction.class */
public class GetFingerprintAction extends BambooActionSupport implements GlobalBypassSecurityAware, ServletRequestAware, ServletResponseAware {
    private static final Logger log = Logger.getLogger(GetFingerprintAction.class);
    private static final String ELASTIC = "elastic";
    private static final String EPHEMERAL = "ephemeral";
    private static final String APPROVAL_REQUIRED_HEADER = "ApprovalRequired";

    @Autowired
    private AgentServerManager agentServerManager;

    @Autowired
    private RemoteAgentManager remoteAgentManager;

    @Autowired
    private RemoteAgentAuthenticationManager authenticationManager;

    @Autowired
    private AgentSecurityTokenService agentSecurityTokenService;

    @Autowired
    private PerAgentTokenService perAgentTokenService;
    private String hostName;
    private String agentType;
    private String instanceId;
    private String version;
    private String uuid;
    private String agentId;
    private String fingerprintSentByElasticAgent;
    private String securityToken;
    private String forKey;
    private String errorMessage;
    private HttpServletRequest httpServletRequest;
    private HttpServletResponse httpServletResponse;

    public String execute() throws Exception {
        if (usesPerAgentToken()) {
            if (StringUtils.isEmpty(this.securityToken)) {
                log.warn(String.format("Per Agent Security token not provided (uuid: %s, host: %s, version: %s)", this.uuid, this.hostName, this.version));
                this.errorMessage = "Per Agent Security token is required for preliminary authentication, but none was provided.";
                this.httpServletResponse.setStatus(403);
                return "error";
            }
            if (!successfullyAuthenticatedWithPerAgentToken()) {
                log.warn(String.format("Invalid per agent token provided by agent (uuid: %s, host: %s, version: %s)", this.uuid, this.hostName, this.version));
                this.errorMessage = "Per agent security token verification failed.";
                this.httpServletResponse.setStatus(403);
                return "error";
            }
        } else if (requiresSecurityToken()) {
            if (StringUtils.isEmpty(this.securityToken)) {
                log.warn(String.format("Security token not provided by remote agent (uuid: %s, host: %s, version: %s)", this.uuid, this.hostName, this.version));
                this.errorMessage = "Security token is required for preliminary authentication, but none was provided. Please obtain the token from " + getSecurityTokenUrl();
                this.httpServletResponse.setStatus(400);
                return "error";
            }
            if (!this.agentSecurityTokenService.getSecurityToken().equals(this.securityToken)) {
                log.warn(String.format("Invalid token provided by remote agent (uuid: %s, host: %s, version: %s)", this.uuid, this.hostName, this.version));
                this.errorMessage = "Security token verification failed. Please obtain the correct token from " + getSecurityTokenUrl();
                this.httpServletResponse.setStatus(401);
                return "error";
            }
        }
        if (!isAuthenticated()) {
            this.httpServletResponse.setStatus(401);
            return "error";
        }
        if (isElastic()) {
            this.remoteAgentManager.bootstrappingElastic(getHostIdentification(), this.instanceId);
            return "success";
        }
        if (isEphemeral()) {
            this.remoteAgentManager.bootstrappingEphemeral(getHostIdentification());
            return "success";
        }
        this.remoteAgentManager.bootstrapping(getHostIdentification());
        return "success";
    }

    private boolean successfullyAuthenticatedWithPerAgentToken() {
        return Integer.parseInt(this.version) < 5 ? this.perAgentTokenService.isValidForAnyResultKey(this.securityToken) : StringUtils.isNotBlank(this.forKey) && this.perAgentTokenService.isValid(this.forKey, this.securityToken);
    }

    private boolean isElastic() {
        return ELASTIC.equals(this.agentType);
    }

    private boolean isEphemeral() {
        return EPHEMERAL.equals(this.agentType);
    }

    private boolean usesPerAgentToken() {
        return isEphemeral();
    }

    private boolean requiresSecurityToken() {
        return !isElastic() && this.administrationConfigurationAccessor.getAdministrationConfiguration().isSecurityTokenRequiredFromAgents();
    }

    private boolean isAuthenticated() {
        return isElastic() ? ConstantTimeComparison.isEqual((String) Preconditions.checkNotNull(this.fingerprintSentByElasticAgent, "The elastic agent did not send a fingerprint. You probably need to rebuild Bamboo"), this.agentServerManager.getFingerprint().getServerFingerprint()) : usesPerAgentToken() || !this.authenticationManager.isRemoteAgentAuthenticationEnabled() || isAgentAuthenticationApproved();
    }

    private boolean isAgentAuthenticationApproved() {
        String agentIps = getAgentIps();
        Preconditions.checkState(agentIps != null, "IP address of the connecting agent was null");
        if (this.uuid == null) {
            this.errorMessage = "UUID not received in request. This should not occur. Please contact us at http://support.atlassian.com.";
            return false;
        }
        UUID parseUuid = parseUuid();
        if (parseUuid == null) {
            this.errorMessage = "UUID '" + this.uuid + "' is invalid. This should not occur. Please contact us at http://support.atlassian.com.";
            return false;
        }
        try {
            Pair orCreatePendingAuthentication = this.authenticationManager.getOrCreatePendingAuthentication(parseUuid, agentIps, NumberUtils.isCreatable(this.agentId) ? Long.valueOf(Long.parseLong(this.agentId)) : null, Integer.parseInt(this.version) >= 4);
            if (((Boolean) orCreatePendingAuthentication.getRight()).booleanValue() && ((RemoteAgentAuthentication) orCreatePendingAuthentication.getLeft()).isApproved()) {
                return true;
            }
            this.errorMessage = "Approve this agent at '" + getApproveAgentUrl((RemoteAgentAuthentication) orCreatePendingAuthentication.getLeft()) + "'. Check that the IP is correct. ";
            this.httpServletResponse.setHeader(APPROVAL_REQUIRED_HEADER, "true");
            return false;
        } catch (Exception e) {
            this.errorMessage = e.getMessage();
            return false;
        }
    }

    private String getApproveAgentUrl(RemoteAgentAuthentication remoteAgentAuthentication) {
        return new UrlBuilder().setUrlBase(getBaseUrl()).addPath("admin/agent/viewAgents.action").setParameter("selectedTab", getText("agent.remote.authentication.tab")).setParameter("focusUuid", remoteAgentAuthentication.getUuid().toString()).toString();
    }

    private String getSecurityTokenUrl() {
        return new UrlBuilder().setUrlBase(getBaseUrl()).addPath("admin/agent/addRemoteAgent.action").toString();
    }

    @Nullable
    private UUID parseUuid() {
        try {
            return UUID.fromString(this.uuid);
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    @Nullable
    private String getHostIdentification() {
        String remoteAddr = this.httpServletRequest.getRemoteAddr();
        return this.hostName != null ? remoteAddr == null ? this.hostName : this.hostName + " (" + remoteAddr + ")" : remoteAddr;
    }

    @VisibleForTesting
    String getAgentIps() {
        return Joiner.on(',').join((Iterable) ServletUtils.getAllRequestIpAddresses(this.httpServletRequest).stream().map((v0) -> {
            return v0.getHostAddress();
        }).collect(Collectors.toList()));
    }

    public void setAgentType(String str) {
        this.agentType = str;
    }

    public void setHostName(String str) {
        this.hostName = str;
    }

    public void setVersion(String str) {
        this.version = str;
    }

    public void setAgentUuid(String str) {
        this.uuid = str;
    }

    public void setAgentId(String str) {
        this.agentId = str;
    }

    public void setSecurityToken(String str) {
        this.securityToken = str;
    }

    public void setForKey(String str) {
        this.forKey = str;
    }

    public String getFormEncodedServerFingerprint() {
        return EscapeChars.forFormSubmission(this.agentServerManager.getFingerprint().getServerFingerprint());
    }

    public String getFormEncodedInstanceFingerprint() {
        return EscapeChars.forFormSubmission(Long.toString(this.agentServerManager.getFingerprint().getInstanceFingerprint()));
    }

    public String getFormEncodedAgentClassName() {
        return EscapeChars.forFormSubmission(this.agentServerManager.getAgentClass(this.agentType, this.version).getName());
    }

    public String getFormEncodedUserProperties() {
        return (String) new HashMap(this.agentServerManager.getUserProperties()).entrySet().stream().map(BambooFunctions.liftToEntryFunction((str, str2) -> {
            return EscapeChars.forFormSubmission("userProperty." + str) + "=" + EscapeChars.forFormSubmission(str2);
        })).collect(Collectors.joining("&"));
    }

    public void setInstanceId(String str) {
        this.instanceId = str;
    }

    public void setFingerprint(String str) {
        this.fingerprintSentByElasticAgent = str;
    }

    public String getErrorMessage() {
        return this.errorMessage;
    }

    public void setServletRequest(HttpServletRequest httpServletRequest) {
        this.httpServletRequest = httpServletRequest;
    }

    public void setServletResponse(HttpServletResponse httpServletResponse) {
        this.httpServletResponse = httpServletResponse;
    }
}
