package com.atlassian.applinks.trusted.auth;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TrustedAppsAuthenticationProvider;
import com.atlassian.applinks.core.ServletPathConstants;
import com.atlassian.applinks.core.auth.AbstractAdminOnlyAuthServlet;
import com.atlassian.applinks.core.auth.OrphanedTrustAwareAuthenticatorProviderPluginModule;
import com.atlassian.applinks.core.auth.OrphanedTrustCertificate;
import com.atlassian.applinks.core.util.Holder;
import com.atlassian.applinks.core.util.RequestUtil;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.HostApplication;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationException;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.spi.auth.AuthenticationDirection;
import com.atlassian.applinks.spi.auth.AuthenticationScenario;
import com.atlassian.applinks.spi.auth.IncomingTrustAuthenticationProviderPluginModule;
import com.atlassian.applinks.trusted.auth.TrustConfigurator;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.net.Response;
import com.atlassian.sal.api.net.ResponseException;
import com.atlassian.sal.api.net.ResponseHandler;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsManager;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import org.osgi.framework.Version;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-trustedapps-plugin-7.1.0.jar:com/atlassian/applinks/trusted/auth/TrustedAppsAuthenticationProviderPluginModule.class */
public class TrustedAppsAuthenticationProviderPluginModule implements OrphanedTrustAwareAuthenticatorProviderPluginModule, IncomingTrustAuthenticationProviderPluginModule {
    public static final String CONSUMER_SERVLET_LOCATION_UAL = ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/trusted/outbound-ual/";
    public static final String CONSUMER_SERVLET_LOCATION_LEGACY = ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/trusted/outbound-non-ual/";
    public static final String PROVIDER_SERVLET_LOCATION_UAL = ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/trusted/inbound-ual/";
    public static final String PROVIDER_SERVLET_LOCATION_LEGACY = ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/trusted/inbound-non-ual/";
    public static final String AUTOCONFIGURE_SERVLET_LOCATION = ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/trusted/autoconfig/";
    private final HostApplication hostApplication;
    private final AuthenticationConfigurationManager configurationManager;
    private final TrustedApplicationsManager trustedApplicationsManager;
    private final RequestFactory requestFactory;
    private final TrustConfigurator trustConfigurator;
    private final UserManager userManager;

    public TrustedAppsAuthenticationProviderPluginModule(HostApplication hostApplication, AuthenticationConfigurationManager authenticationConfigurationManager, TrustedApplicationsManager trustedApplicationsManager, RequestFactory requestFactory, TrustConfigurator trustConfigurator, UserManager userManager) {
        this.hostApplication = hostApplication;
        this.configurationManager = authenticationConfigurationManager;
        this.requestFactory = requestFactory;
        this.trustedApplicationsManager = trustedApplicationsManager;
        this.trustConfigurator = trustConfigurator;
        this.userManager = userManager;
    }

    @Override // com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule
    public AuthenticationProvider getAuthenticationProvider(ApplicationLink applicationLink) {
        TrustedAppsAuthenticationProvider trustedAppsAuthenticationProvider = null;
        if (this.configurationManager.isConfigured(applicationLink.getId(), getAuthenticationProviderClass())) {
            trustedAppsAuthenticationProvider = new TrustedAppsAuthenticationProvider() { // from class: com.atlassian.applinks.trusted.auth.TrustedAppsAuthenticationProviderPluginModule.1
                @Override // com.atlassian.applinks.api.auth.ImpersonatingAuthenticationProvider
                public ApplicationLinkRequestFactory getRequestFactory(String str) {
                    return new TrustedApplicationsRequestFactory(TrustedAppsAuthenticationProviderPluginModule.this.trustedApplicationsManager.getCurrentApplication(), TrustedAppsAuthenticationProviderPluginModule.this.requestFactory, TrustedAppsAuthenticationProviderPluginModule.this.userManager);
                }
            };
        }
        return trustedAppsAuthenticationProvider;
    }

    @Override // com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule
    public String getConfigUrl(ApplicationLink applicationLink, Version version, AuthenticationDirection authenticationDirection, HttpServletRequest httpServletRequest) {
        boolean z = version != null;
        switch (authenticationDirection) {
            case INBOUND:
                URI baseURLFromRequest = RequestUtil.getBaseURLFromRequest(httpServletRequest, this.hostApplication.getBaseUrl());
                String[] strArr = new String[1];
                strArr[0] = (z ? PROVIDER_SERVLET_LOCATION_UAL : PROVIDER_SERVLET_LOCATION_LEGACY) + applicationLink.getId().toString();
                return URIUtil.uncheckedConcatenate(baseURLFromRequest, strArr).toString();
            default:
                return z ? URIUtil.uncheckedConcatenate(applicationLink.getDisplayUrl(), PROVIDER_SERVLET_LOCATION_UAL + this.hostApplication.getId().toString()) + "?" + AbstractAdminOnlyAuthServlet.HOST_URL_PARAM + "=" + URIUtil.utf8Encode(RequestUtil.getBaseURLFromRequest(httpServletRequest, this.hostApplication.getBaseUrl())) : URIUtil.uncheckedConcatenate(RequestUtil.getBaseURLFromRequest(httpServletRequest, this.hostApplication.getBaseUrl()), CONSUMER_SERVLET_LOCATION_LEGACY + applicationLink.getId().toString()).toString();
        }
    }

    @Override // com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule
    public Class<? extends AuthenticationProvider> getAuthenticationProviderClass() {
        return TrustedAppsAuthenticationProvider.class;
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public void enable(RequestFactory requestFactory, ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        enableRemoteTrust(requestFactory, applicationLink);
        try {
            this.trustConfigurator.issueInboundTrust(applicationLink);
            this.trustConfigurator.issueOutboundTrust(applicationLink);
        } catch (TrustConfigurator.ConfigurationException e) {
            throw new AuthenticationConfigurationException("Error configuring Trusted Applications: " + e.getMessage(), e);
        }
    }

    private void enableRemoteTrust(RequestFactory<Request<Request<?, Response>, Response>> requestFactory, ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        configureRemoteTrust(requestFactory, applicationLink, Request.MethodType.PUT);
    }

    private void disableRemoteTrust(RequestFactory requestFactory, ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        configureRemoteTrust(requestFactory, applicationLink, Request.MethodType.DELETE);
    }

    private void configureRemoteTrust(RequestFactory<Request<Request<?, Response>, Response>> requestFactory, ApplicationLink applicationLink, Request.MethodType methodType) throws AuthenticationConfigurationException {
        final Holder holder = new Holder(false);
        final Holder holder2 = new Holder();
        try {
            Request<Request<?, Response>, Response> createRequest = requestFactory.createRequest(methodType, URIUtil.uncheckedConcatenate(applicationLink.getRpcUrl(), AUTOCONFIGURE_SERVLET_LOCATION + this.hostApplication.getId().toString()).toString());
            createRequest.addHeader("X-Atlassian-Token", "no-check");
            createRequest.execute(new ResponseHandler<Response>() { // from class: com.atlassian.applinks.trusted.auth.TrustedAppsAuthenticationProviderPluginModule.2
                @Override // com.atlassian.sal.api.net.ResponseHandler
                public void handle(Response response) throws ResponseException {
                    if (response.isSuccessful()) {
                        holder.set(true);
                    } else {
                        holder2.set(String.format("Response code: %d: %s", Integer.valueOf(response.getStatusCode()), response.getResponseBodyAsString()));
                    }
                }
            });
        } catch (ResponseException e) {
            holder2.set("Communication error: " + e.getMessage());
        }
        if (!((Boolean) holder.get()).booleanValue()) {
            throw new AuthenticationConfigurationException("Error configuring peer: " + ((String) holder2.get()));
        }
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public boolean isApplicable(AuthenticationScenario authenticationScenario, ApplicationLink applicationLink) {
        return false;
    }

    @Override // com.atlassian.applinks.core.auth.OrphanedTrustAwareAuthenticatorProviderPluginModule
    public boolean isApplicable(String str) {
        return OrphanedTrustCertificate.Type.TRUSTED_APPS.name().equals(str);
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public void disable(RequestFactory requestFactory, ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        this.trustConfigurator.revokeInboundTrust(applicationLink);
        this.trustConfigurator.revokeOutboundTrust(applicationLink);
        disableRemoteTrust(requestFactory, applicationLink);
    }

    @Override // com.atlassian.applinks.spi.auth.IncomingTrustAuthenticationProviderPluginModule
    public boolean incomingEnabled(ApplicationLink applicationLink) {
        return this.trustConfigurator.inboundTrustEnabled(applicationLink);
    }
}
