package com.atlassian.applinks.core.rest;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.EntityType;
import com.atlassian.applinks.api.TypeNotInstalledException;
import com.atlassian.applinks.core.InternalTypeAccessor;
import com.atlassian.applinks.core.rest.model.PermissionCodeEntity;
import com.atlassian.applinks.core.rest.permission.PermissionCode;
import com.atlassian.applinks.core.rest.util.RestUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.rest.interceptor.NoCacheHeaderInterceptor;
import com.atlassian.applinks.spi.application.TypeId;
import com.atlassian.applinks.spi.link.MutableApplicationLink;
import com.atlassian.applinks.spi.link.MutatingApplicationLinkService;
import com.atlassian.applinks.spi.link.MutatingEntityLinkService;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.plugins.rest.common.interceptor.InterceptorChain;
import com.atlassian.plugins.rest.common.util.RestUrlBuilder;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.net.ResponseException;
import com.atlassian.sal.api.net.ReturningResponseHandler;
import com.atlassian.sal.api.user.UserManager;
import java.net.URI;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("permission")
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
@InterceptorChain({NoCacheHeaderInterceptor.class})
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-5.2.2.jar:com/atlassian/applinks/core/rest/PermissionResource.class */
public class PermissionResource extends AbstractResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PermissionResource.class);
    private final UserManager userManager;
    private final AdminUIAuthenticator uiAuthenticator;
    private final MutatingApplicationLinkService applicationLinkService;
    private final InternalHostApplication internalHostApplication;
    private final MutatingEntityLinkService entityLinkService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-5.2.2.jar:com/atlassian/applinks/core/rest/PermissionResource$RestMethodUrlProvider.class */
    public interface RestMethodUrlProvider {
        String getRestMethodUrl(ApplicationLink applicationLink);
    }

    public PermissionResource(UserManager userManager, AdminUIAuthenticator adminUIAuthenticator, MutatingApplicationLinkService mutatingApplicationLinkService, InternalHostApplication internalHostApplication, MutatingEntityLinkService mutatingEntityLinkService, InternalTypeAccessor internalTypeAccessor, RestUrlBuilder restUrlBuilder, RequestFactory requestFactory) {
        super(restUrlBuilder, internalTypeAccessor, requestFactory, mutatingApplicationLinkService);
        this.userManager = userManager;
        this.uiAuthenticator = adminUIAuthenticator;
        this.applicationLinkService = mutatingApplicationLinkService;
        this.internalHostApplication = internalHostApplication;
        this.entityLinkService = mutatingEntityLinkService;
    }

    @GET
    @Path("delete-application/{id}")
    public Response canDeleteApplicationLink(@PathParam("id") ApplicationId applicationId) {
        return response(hasPermissionToModify(applicationId));
    }

    @GET
    @Path("reciprocate-application-delete/{id}")
    public Response canDeleteReciprocalApplicationLink(@PathParam("id") ApplicationId applicationId) {
        return checkPermissionFor(applicationId, new RestMethodUrlProvider() { // from class: com.atlassian.applinks.core.rest.PermissionResource.1
            @Override // com.atlassian.applinks.core.rest.PermissionResource.RestMethodUrlProvider
            public String getRestMethodUrl(ApplicationLink applicationLink) {
                return ((PermissionResource) PermissionResource.this.getUrlFor(RestUtil.getBaseRestUri(applicationLink), PermissionResource.class)).canDeleteApplicationLink(PermissionResource.this.internalHostApplication.getId()).toString();
            }
        });
    }

    @GET
    @Path("create-entity/{id}")
    public Response canCreateEntityLink(@PathParam("id") ApplicationId applicationId) {
        return response(hasPermissionToModify(applicationId));
    }

    @GET
    @Path("reciprocate-entity-create/{id}")
    public Response canCreateReciprocalEntityLink(@PathParam("id") ApplicationId applicationId) {
        return checkPermissionFor(applicationId, new RestMethodUrlProvider() { // from class: com.atlassian.applinks.core.rest.PermissionResource.2
            @Override // com.atlassian.applinks.core.rest.PermissionResource.RestMethodUrlProvider
            public String getRestMethodUrl(ApplicationLink applicationLink) {
                return ((PermissionResource) PermissionResource.this.getUrlFor(RestUtil.getBaseRestUri(applicationLink), PermissionResource.class)).canCreateEntityLink(PermissionResource.this.internalHostApplication.getId()).toString();
            }
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    @GET
    @Path("delete-entity/{id}/{localType}/{localKey}/{remoteType}/{remoteKey}")
    public Response canDeleteEntityLink(@PathParam("id") ApplicationId applicationId, @PathParam("localType") TypeId typeId, @PathParam("localKey") String str, @PathParam("remoteType") TypeId typeId2, @PathParam("remoteKey") String str2) {
        PermissionCode hasPermissionToModify = hasPermissionToModify(applicationId);
        if (hasPermissionToModify != PermissionCode.ALLOWED) {
            return response(hasPermissionToModify);
        }
        EntityType loadEntityType = this.typeAccessor.loadEntityType(typeId);
        if (loadEntityType == null) {
            return RestUtil.typeNotInstalled(typeId);
        }
        EntityType loadEntityType2 = this.typeAccessor.loadEntityType(typeId2);
        return loadEntityType2 == null ? RestUtil.typeNotInstalled(typeId2) : this.entityLinkService.getEntityLink(str, loadEntityType.getClass(), str2, loadEntityType2.getClass(), applicationId) == null ? response(PermissionCode.MISSING) : response(PermissionCode.ALLOWED);
    }

    @GET
    @Path("reciprocate-entity-delete/{id}/{localType}/{localKey}/{remoteType}/{remoteKey}")
    public Response canDeleteReciprocalEntityLink(@PathParam("id") ApplicationId applicationId, @PathParam("localType") final TypeId typeId, @PathParam("localKey") final String str, @PathParam("remoteType") final TypeId typeId2, @PathParam("remoteKey") final String str2) {
        return checkPermissionFor(applicationId, new RestMethodUrlProvider() { // from class: com.atlassian.applinks.core.rest.PermissionResource.3
            @Override // com.atlassian.applinks.core.rest.PermissionResource.RestMethodUrlProvider
            public String getRestMethodUrl(ApplicationLink applicationLink) {
                return ((PermissionResource) PermissionResource.this.getUrlFor(RestUtil.getBaseRestUri(applicationLink), PermissionResource.class)).canDeleteEntityLink(PermissionResource.this.internalHostApplication.getId(), typeId2, str2, typeId, str).toString();
            }
        });
    }

    private PermissionCode hasPermissionToModify(ApplicationId applicationId) {
        if (this.userManager.getRemoteUsername() == null) {
            return PermissionCode.NO_AUTHENTICATION;
        }
        if (!this.uiAuthenticator.isCurrentUserAdmin()) {
            return PermissionCode.NO_PERMISSION;
        }
        MutableApplicationLink mutableApplicationLink = null;
        try {
            mutableApplicationLink = this.applicationLinkService.getApplicationLink(applicationId);
        } catch (TypeNotInstalledException e) {
        }
        return mutableApplicationLink == null ? PermissionCode.MISSING : PermissionCode.ALLOWED;
    }

    private Response checkPermissionFor(ApplicationId applicationId, RestMethodUrlProvider restMethodUrlProvider) {
        PermissionCode permissionCode;
        MutableApplicationLink mutableApplicationLink = null;
        try {
            mutableApplicationLink = this.applicationLinkService.getApplicationLink(applicationId);
        } catch (TypeNotInstalledException e) {
        }
        if (mutableApplicationLink == null) {
            return RestUtil.notFound(String.format("No link found with id %s", applicationId));
        }
        final MutableApplicationLink mutableApplicationLink2 = mutableApplicationLink;
        ApplicationLinkRequestFactory createAuthenticatedRequestFactory = mutableApplicationLink2.createAuthenticatedRequestFactory();
        try {
            permissionCode = (PermissionCode) createAuthenticatedRequestFactory.createRequest(Request.MethodType.GET, restMethodUrlProvider.getRestMethodUrl(mutableApplicationLink2)).executeAndReturn(new ReturningResponseHandler<com.atlassian.sal.api.net.Response, PermissionCode>() { // from class: com.atlassian.applinks.core.rest.PermissionResource.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // com.atlassian.sal.api.net.ReturningResponseHandler
                public PermissionCode handle(com.atlassian.sal.api.net.Response response) throws ResponseException {
                    if (response.getStatusCode() == 200) {
                        try {
                            return ((PermissionCodeEntity) response.getEntity(PermissionCodeEntity.class)).getCode();
                        } catch (Exception e2) {
                            throw new ResponseException(String.format("Permission check failed, exception encountered processing response: %s", e2));
                        }
                    }
                    if (response.getStatusCode() != 401) {
                        throw new ResponseException(String.format("Permission check failed, received %s", Integer.valueOf(response.getStatusCode())));
                    }
                    ApplicationLinkRequestFactory createImpersonatingAuthenticatedRequestFactory = mutableApplicationLink2.createImpersonatingAuthenticatedRequestFactory();
                    if (createImpersonatingAuthenticatedRequestFactory == null) {
                        createImpersonatingAuthenticatedRequestFactory = mutableApplicationLink2.createNonImpersonatingAuthenticatedRequestFactory();
                    }
                    if (createImpersonatingAuthenticatedRequestFactory != null) {
                        PermissionResource.LOG.warn("Authentication failed for application link " + mutableApplicationLink2 + ". Response headers: " + response.getHeaders().toString() + " body: " + response.getResponseBodyAsString());
                    } else if (PermissionResource.LOG.isDebugEnabled()) {
                        PermissionResource.LOG.debug("Authentication failed for application link " + mutableApplicationLink2 + ". Response headers: " + response.getHeaders().toString() + " body: " + response.getResponseBodyAsString());
                    }
                    return PermissionCode.AUTHENTICATION_FAILED;
                }
            });
        } catch (CredentialsRequiredException e2) {
            permissionCode = PermissionCode.CREDENTIALS_REQUIRED;
        } catch (ResponseException e3) {
            LOG.error(String.format("Failed to perform permission check for %s", mutableApplicationLink2.getRpcUrl()), (Throwable) e3);
            permissionCode = PermissionCode.NO_CONNECTION;
        }
        switch (permissionCode) {
            case CREDENTIALS_REQUIRED:
            case AUTHENTICATION_FAILED:
            case NO_AUTHENTICATION:
                return response(permissionCode, createAuthenticatedRequestFactory.getAuthorisationURI());
            default:
                return response(permissionCode);
        }
    }

    private Response response(PermissionCode permissionCode) {
        return RestUtil.ok(new PermissionCodeEntity(permissionCode));
    }

    private Response response(PermissionCode permissionCode, URI uri) {
        return RestUtil.ok(new PermissionCodeEntity(permissionCode, uri));
    }
}
