package com.atlassian.applinks.trusted.auth;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.core.auth.AbstractAdminOnlyAuthServlet;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.RendererContextBuilder;
import com.atlassian.applinks.core.util.RequestUtil;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.docs.DocumentationLinker;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.trusted.auth.TrustConfigurator;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.security.auth.trustedapps.IPAddressFormatException;
import com.atlassian.security.auth.trustedapps.RequestConditions;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsConfigurationManager;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsManager;
import com.atlassian.templaterenderer.TemplateRenderer;
import java.io.IOException;
import java.net.URI;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.abdera.model.Link;
import org.apache.batik.util.SVGConstants;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-trustedapps-plugin-9.0.6.jar:com/atlassian/applinks/trusted/auth/ProviderConfigurationServlet.class */
public class ProviderConfigurationServlet extends AbstractTrustedAppsServlet {
    private final WebSudoManager webSudoManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-trustedapps-plugin-9.0.6.jar:com/atlassian/applinks/trusted/auth/ProviderConfigurationServlet$InputValidationException.class */
    public static class InputValidationException extends RuntimeException {
        private final String field;

        private InputValidationException(String str, String str2) {
            super(str);
            this.field = str2;
        }

        public String getField() {
            return this.field;
        }
    }

    public ProviderConfigurationServlet(I18nResolver i18nResolver, TemplateRenderer templateRenderer, AdminUIAuthenticator adminUIAuthenticator, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, MessageFactory messageFactory, TrustedApplicationsConfigurationManager trustedApplicationsConfigurationManager, AuthenticationConfigurationManager authenticationConfigurationManager, TrustedApplicationsManager trustedApplicationsManager, InternalHostApplication internalHostApplication, TrustConfigurator trustConfigurator, LoginUriProvider loginUriProvider, DocumentationLinker documentationLinker, WebSudoManager webSudoManager, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator, UserManager userManager) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, adminUIAuthenticator, applicationLinkService, internalHostApplication, trustedApplicationsManager, authenticationConfigurationManager, trustedApplicationsConfigurationManager, trustConfigurator, loginUriProvider, documentationLinker, xsrfTokenAccessor, xsrfTokenValidator, userManager);
        this.webSudoManager = webSudoManager;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
            if (StringUtils.isBlank(httpServletRequest.getParameter("result"))) {
                render(getRequiredApplicationLink(httpServletRequest), httpServletRequest, httpServletResponse, emptyContext());
            } else {
                processPeerResponse(httpServletRequest, httpServletResponse, requiredApplicationLink);
            }
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    private void processPeerResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ApplicationLink applicationLink) throws IOException {
        RendererContextBuilder rendererContextBuilder = new RendererContextBuilder();
        if (!peerWasSuccessful(httpServletRequest)) {
            rendererContextBuilder.put("error", this.messageFactory.newI18nMessage("auth.trusted.config.consumer.save.peer.failed", httpServletRequest.getParameter("message")));
        }
        render(applicationLink, httpServletRequest, httpServletResponse, rendererContextBuilder.build());
    }

    private boolean peerWasSuccessful(HttpServletRequest httpServletRequest) {
        return "success".equals(getRequiredParameter(httpServletRequest, "result").toLowerCase());
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
            RendererContextBuilder rendererContextBuilder = new RendererContextBuilder();
            boolean z = false;
            try {
                configureLocalTrust(httpServletRequest, requiredApplicationLink);
            } catch (InputValidationException e) {
                rendererContextBuilder.put(e.getField(), e.getMessage());
            } catch (TrustConfigurator.ConfigurationException e2) {
                rendererContextBuilder.put("error", e2.getMessage());
            }
            if (peerHasUAL(httpServletRequest)) {
                httpServletResponse.sendRedirect(createRedirectURL(httpServletRequest, requiredApplicationLink));
                return;
            }
            z = true;
            if (!z && getAction(httpServletRequest) == Action.ENABLE) {
                rendererContextBuilder.put(SVGConstants.SVG_VIEW_TAG, Link.REL_EDIT);
            }
            render(requiredApplicationLink, httpServletRequest, httpServletResponse, rendererContextBuilder.build());
        } catch (WebSudoSessionException e3) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    private void configureLocalTrust(HttpServletRequest httpServletRequest, ApplicationLink applicationLink) throws TrustConfigurator.ConfigurationException {
        if (Action.ENABLE == getAction(httpServletRequest)) {
            issueLocalTrust(httpServletRequest, applicationLink);
        } else {
            this.trustConfigurator.revokeInboundTrust(applicationLink);
        }
    }

    private void issueLocalTrust(HttpServletRequest httpServletRequest, ApplicationLink applicationLink) throws TrustConfigurator.ConfigurationException, InputValidationException {
        RequestConditions.RulesBuilder builder = RequestConditions.builder();
        String parameter = httpServletRequest.getParameter("ipPatternsInput");
        String parameter2 = httpServletRequest.getParameter("urlPatternsInput");
        String parameter3 = httpServletRequest.getParameter("timeoutInput");
        if (!StringUtils.isBlank(parameter)) {
            try {
                builder.addIPPattern(StringUtils.split(parameter, "\n\r"));
            } catch (IPAddressFormatException e) {
                throw new InputValidationException(this.i18nResolver.getText("auth.trusted.config.error.ip.patterns", "<br>\"192.168.*.*<br>127.0.0.1\""), "ipPatternsInputErrorHtml");
            }
        }
        if (!StringUtils.isBlank(parameter2)) {
            try {
                builder.addURLPattern(StringUtils.split(parameter2, "\n\r"));
            } catch (IllegalArgumentException e2) {
                throw new InputValidationException(this.i18nResolver.getText("auth.trusted.config.error.url.patterns"), "urlPatternsInputError");
            }
        }
        if (StringUtils.isBlank(parameter3)) {
            builder.setCertificateTimeout(10000L);
        } else {
            try {
                builder.setCertificateTimeout(Long.parseLong(parameter3));
            } catch (IllegalArgumentException e3) {
                throw new InputValidationException(this.i18nResolver.getText("auth.trusted.config.error.timeout"), "timeoutInputError");
            }
        }
        this.trustConfigurator.updateInboundTrust(applicationLink, builder.build());
    }

    private String createRedirectURL(HttpServletRequest httpServletRequest, ApplicationLink applicationLink) throws IOException {
        URI create = !StringUtils.isEmpty(httpServletRequest.getParameter(HOST_URL_PARAM)) ? URI.create(httpServletRequest.getParameter(HOST_URL_PARAM)) : applicationLink.getDisplayUrl();
        return String.format("%s?callbackUrl=%s&action=%s", URIUtil.uncheckedConcatenate(create, TrustedAppsAuthenticationProviderPluginModule.CONSUMER_SERVLET_LOCATION_UAL + this.internalHostApplication.getId()).toString(), URIUtil.utf8Encode(URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(httpServletRequest, this.internalHostApplication.getBaseUrl()), httpServletRequest.getServletPath(), httpServletRequest.getPathInfo()) + "?" + HOST_URL_PARAM + "=" + URIUtil.utf8Encode(create)), getAction(httpServletRequest).name());
    }

    private void render(ApplicationLink applicationLink, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, Object> map) throws IOException {
        String str = (String) applicationLink.getProperty(TRUSTED_APPS_INCOMING_ID);
        boolean z = null != str;
        String name = applicationLink.getName();
        String text = this.i18nResolver.getText(applicationLink.getType().getI18nKey());
        String name2 = this.internalHostApplication.getName();
        String text2 = this.i18nResolver.getText(this.internalHostApplication.getType().getI18nKey());
        RendererContextBuilder put = new RendererContextBuilder(map).put("urlPatternsInput", httpServletRequest.getParameter("urlPatternsInput")).put("ipPatternsInput", httpServletRequest.getParameter("ipPatternsInput")).put("timeoutInput", httpServletRequest.getParameter("timeoutInput")).put("hostUrl", httpServletRequest.getParameter(AbstractAdminOnlyAuthServlet.HOST_URL_PARAM));
        if (z) {
            RequestConditions requestConditions = this.trustedApplicationsManager.getTrustedApplication(str).getRequestConditions();
            put.put("urlPatterns", join(requestConditions.getURLPatterns(), '\n')).put("ipPatterns", join(requestConditions.getIPPatterns(), '\n')).put("timeout", Long.toString(requestConditions.getCertificateTimeout()));
        }
        render(httpServletRequest, httpServletResponse, name, text, name2, text2, z, put.build());
    }

    private String join(Iterable<String> iterable, char c) {
        return StringUtils.join(iterable.iterator(), c);
    }
}
