package com.atlassian.upm.license.internal.mac;

import com.atlassian.sal.usercompatibility.UserKey;
import com.atlassian.sal.usercompatibility.UserManager;
import com.atlassian.upm.UpmPluginAccessor;
import com.atlassian.upm.api.license.entity.LicenseError;
import com.atlassian.upm.api.license.entity.PluginLicense;
import com.atlassian.upm.api.util.Either;
import com.atlassian.upm.license.internal.PluginLicenseError;
import com.atlassian.upm.license.internal.PluginLicenseRepository;
import com.atlassian.upm.license.internal.PluginLicenseValidator;
import com.atlassian.upm.license.internal.mac.LicenseReceiptValidator;
import com.atlassian.user.configuration.Configuration;
import com.google.common.base.Preconditions;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-2.20.2.jar:com/atlassian/upm/license/internal/mac/LicenseReceiptHandler.class */
public class LicenseReceiptHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LicenseReceiptHandler.class);
    private final UpmPluginAccessor pluginAccessor;
    private final UserManager userManager;
    private final PluginLicenseValidator pluginLicenseValidator;
    private final PluginLicenseRepository pluginLicenseRepository;
    private final LicenseReceiptValidator licenseReceiptValidator;
    public static final String LICENSE_PARAM = "license";

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-2.20.2.jar:com/atlassian/upm/license/internal/mac/LicenseReceiptHandler$ErrorResult.class */
    public enum ErrorResult {
        BAD_REQUEST(false),
        BAD_REFERRER(true),
        NOT_AUTHENTICATED(true),
        MALFORMED_LICENSE(true),
        UNACCEPTABLE_LICENSE(true);

        private final boolean redirectable;

        ErrorResult(boolean z) {
            this.redirectable = z;
        }

        public boolean isRedirectable() {
            return this.redirectable;
        }
    }

    public LicenseReceiptHandler(UpmPluginAccessor upmPluginAccessor, UserManager userManager, PluginLicenseValidator pluginLicenseValidator, PluginLicenseRepository pluginLicenseRepository, LicenseReceiptValidator licenseReceiptValidator) {
        this.pluginAccessor = (UpmPluginAccessor) Preconditions.checkNotNull(upmPluginAccessor, "pluginAccessor");
        this.userManager = (UserManager) Preconditions.checkNotNull(userManager, Configuration.USERMANAGER);
        this.pluginLicenseValidator = (PluginLicenseValidator) Preconditions.checkNotNull(pluginLicenseValidator, "pluginLicenseValidator");
        this.pluginLicenseRepository = (PluginLicenseRepository) Preconditions.checkNotNull(pluginLicenseRepository, "pluginLicenseRepository");
        this.licenseReceiptValidator = (LicenseReceiptValidator) Preconditions.checkNotNull(licenseReceiptValidator, "licenseReceiptValidator");
    }

    public Either<ErrorResult, PluginLicense> handle(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getPathInfo().substring(httpServletRequest.getPathInfo().lastIndexOf(47) + 1);
        if (!StringUtils.isBlank(substring) && this.pluginAccessor.getPlugin(substring).isDefined()) {
            String parameter = httpServletRequest.getParameter("license");
            if (StringUtils.isBlank(parameter)) {
                return Either.left(ErrorResult.BAD_REQUEST);
            }
            if (!hasPermission()) {
                log.warn("Unable to store new license for \"" + substring + "\": not logged in as an administrator");
                return Either.left(ErrorResult.NOT_AUTHENTICATED);
            }
            String header = httpServletRequest.getHeader("Referer");
            if (header != null && !isFromMacDomain(header)) {
                log.warn("Refused a request that had an unexpected referrer: " + header);
                return Either.left(ErrorResult.BAD_REFERRER);
            }
            Either<PluginLicenseError, PluginLicense> validate = this.pluginLicenseValidator.validate(substring, parameter);
            Iterator<PluginLicenseError> it = validate.left().iterator();
            if (it.hasNext()) {
                logRejection(substring, "Could not decode license: " + it.next().getType().getSubCode());
                return Either.left(ErrorResult.MALFORMED_LICENSE);
            }
            Iterator<PluginLicense> it2 = validate.right().iterator();
            if (!it2.hasNext()) {
                return Either.left(ErrorResult.BAD_REQUEST);
            }
            PluginLicense next = it2.next();
            Iterator<LicenseError> it3 = next.getError().iterator();
            if (it3.hasNext()) {
                logRejection(substring, "License validation error: " + it3.next());
                return Either.left(ErrorResult.UNACCEPTABLE_LICENSE);
            }
            Iterator<LicenseReceiptValidator.ValidationError> it4 = this.licenseReceiptValidator.validateReceivedLicense(next, substring).iterator();
            if (!it4.hasNext()) {
                this.pluginLicenseRepository.setPluginLicense(substring, next.getRawLicense());
                return Either.right(next);
            }
            logRejection(substring, "License validation error: " + it4.next());
            return Either.left(ErrorResult.UNACCEPTABLE_LICENSE);
        }
        return Either.left(ErrorResult.BAD_REQUEST);
    }

    private boolean isFromMacDomain(String str) {
        String property = System.getProperty("mac.baseurl");
        try {
            return new URI(str).getHost().equals(new URI(property != null ? property : "https://my.atlassian.com").getHost());
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private boolean hasPermission() {
        UserKey remoteUserKey = this.userManager.getRemoteUserKey();
        if (remoteUserKey == null) {
            return false;
        }
        return this.userManager.isSystemAdmin(remoteUserKey) || this.userManager.isAdmin(remoteUserKey);
    }

    private void logRejection(String str, String str2) {
        log.warn("Unable to store new license for \"" + str + "\": " + str2);
    }
}
