package com.atlassian.applinks.oauth.rest;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.TypeNotInstalledException;
import com.atlassian.applinks.api.application.generic.GenericApplicationType;
import com.atlassian.applinks.core.InternalTypeAccessor;
import com.atlassian.applinks.core.rest.auth.AdminApplicationLinksInterceptor;
import com.atlassian.applinks.core.rest.context.ContextInterceptor;
import com.atlassian.applinks.core.rest.model.ApplicationLinkAuthenticationEntity;
import com.atlassian.applinks.core.rest.model.AuthenticationProviderEntity;
import com.atlassian.applinks.core.rest.model.ConsumerEntity;
import com.atlassian.applinks.core.rest.model.ConsumerEntityListEntity;
import com.atlassian.applinks.core.rest.util.RestUtil;
import com.atlassian.applinks.core.v1.rest.ApplicationLinkResource;
import com.atlassian.applinks.internal.common.auth.oauth.ServiceProviderStoreService;
import com.atlassian.applinks.internal.rest.interceptor.NoCacheHeaderInterceptor;
import com.atlassian.applinks.oauth.auth.OAuthHelper;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule;
import com.atlassian.applinks.spi.link.MutatingApplicationLinkService;
import com.atlassian.applinks.spi.manifest.ManifestRetriever;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.consumer.ConsumerService;
import com.atlassian.oauth.util.RSAKeys;
import com.atlassian.plugin.PluginAccessor;
import com.atlassian.plugins.rest.common.Link;
import com.atlassian.plugins.rest.common.interceptor.InterceptorChain;
import com.atlassian.plugins.rest.common.util.RestUrlBuilder;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.net.ResponseException;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import com.google.common.collect.Lists;
import com.sun.jersey.spi.resource.Singleton;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;

@Singleton
@Path(ApplicationLinkResource.CONTEXT)
@Consumes({"application/xml", "application/json"})
@Produces({"application/xml", "application/json"})
@WebSudoRequired
@InterceptorChain({ContextInterceptor.class, AdminApplicationLinksInterceptor.class, NoCacheHeaderInterceptor.class})
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-9.0.12.jar:com/atlassian/applinks/oauth/rest/OAuthApplicationLinkResource.class */
public class OAuthApplicationLinkResource extends ApplicationLinkResource {
    private final PluginAccessor pluginAccessor;
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ServiceProviderStoreService serviceProviderStoreService;
    private final ConsumerService consumerService;

    public OAuthApplicationLinkResource(MutatingApplicationLinkService mutatingApplicationLinkService, I18nResolver i18nResolver, InternalTypeAccessor internalTypeAccessor, ManifestRetriever manifestRetriever, RestUrlBuilder restUrlBuilder, RequestFactory requestFactory, UserManager userManager, PluginAccessor pluginAccessor, AuthenticationConfigurationManager authenticationConfigurationManager, ServiceProviderStoreService serviceProviderStoreService, ConsumerService consumerService) {
        super(mutatingApplicationLinkService, i18nResolver, internalTypeAccessor, manifestRetriever, restUrlBuilder, requestFactory, userManager);
        this.pluginAccessor = pluginAccessor;
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.serviceProviderStoreService = serviceProviderStoreService;
        this.consumerService = consumerService;
    }

    @GET
    @Path("{id}/authentication")
    public Response getAuthentication(@PathParam("id") String str) throws TypeNotInstalledException, URISyntaxException {
        ApplicationLink findApplicationLink = findApplicationLink(str);
        if (findApplicationLink == null) {
            return RestUtil.notFound(this.i18nResolver.getText("applinks.notfound", str));
        }
        List<AuthenticationProviderEntity> configuredProviders = getConfiguredProviders(findApplicationLink);
        Iterable<Consumer> findConsumers = findConsumers(findApplicationLink, configuredProviders);
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<Consumer> it = findConsumers.iterator();
        while (it.hasNext()) {
            newArrayList.add(ConsumerEntityBuilder.consumer(it.next()).self(new URI("applicationlink/" + str + "/authentication/consumer")).build());
        }
        return RestUtil.ok(new ApplicationLinkAuthenticationEntity(Link.self(new URI("applicationlink/" + str + "/authentication")), newArrayList, configuredProviders));
    }

    @GET
    @Path("{id}/authentication/consumer")
    public Response getConsumer(@PathParam("id") String str) throws TypeNotInstalledException, URISyntaxException {
        ApplicationLink findApplicationLink = findApplicationLink(str);
        if (findApplicationLink == null) {
            return RestUtil.notFound(this.i18nResolver.getText("applinks.notfound", str));
        }
        List<AuthenticationProviderEntity> configuredProviders = getConfiguredProviders(findApplicationLink);
        Iterable<Consumer> findConsumers = findConsumers(findApplicationLink, configuredProviders);
        if (!findConsumers.iterator().hasNext() && (findApplicationLink.getType() instanceof GenericApplicationType) && configuredProviders.size() == 0) {
            return RestUtil.notFound(this.i18nResolver.getText("applinks.generic.consumer.needs.authenticationprovider", str));
        }
        if (!findConsumers.iterator().hasNext()) {
            return RestUtil.notFound(this.i18nResolver.getText("applinks.consumer.notfound", str));
        }
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<Consumer> it = findConsumers.iterator();
        while (it.hasNext()) {
            newArrayList.add(ConsumerEntityBuilder.consumer(it.next()).self(new URI("applicationlink/" + str + "/authentication/consumer")).build());
        }
        return RestUtil.ok(new ConsumerEntityListEntity(newArrayList));
    }

    @Path("{id}/authentication/consumer")
    @PUT
    public Response putConsumer(@PathParam("id") String str, @QueryParam("autoConfigure") Boolean bool, ConsumerEntity consumerEntity) throws TypeNotInstalledException, URISyntaxException {
        ApplicationLink findApplicationLink = findApplicationLink(str);
        if (findApplicationLink == null) {
            return RestUtil.notFound(this.i18nResolver.getText("applinks.notfound", str));
        }
        if (bool != null && bool.booleanValue()) {
            try {
                Consumer fetchConsumerInformation = OAuthHelper.fetchConsumerInformation(findApplicationLink);
                this.serviceProviderStoreService.addConsumer(new Consumer.InstanceBuilder(fetchConsumerInformation.getKey()).name(fetchConsumerInformation.getName()).description(fetchConsumerInformation.getDescription()).publicKey(fetchConsumerInformation.getPublicKey()).signatureMethod(fetchConsumerInformation.getSignatureMethod()).callback(fetchConsumerInformation.getCallback()).twoLOAllowed(consumerEntity.isTwoLOAllowed()).executingTwoLOUser(consumerEntity.getExecutingTwoLOUser()).twoLOImpersonationAllowed(consumerEntity.isTwoLOImpersonationAllowed()).build(), findApplicationLink);
                return RestUtil.created(Link.self(new URI("applicationlink/" + str + "/authentication/consumer")));
            } catch (ResponseException e) {
                return RestUtil.serverError(this.i18nResolver.getText("applinks.consumer.autoconfigure.consumerInfo.notfound"));
            }
        }
        if (findApplicationLink.getType() instanceof GenericApplicationType) {
            List<String> validate3rdPartyConsumer = validate3rdPartyConsumer(consumerEntity);
            if (validate3rdPartyConsumer.size() > 0) {
                return RestUtil.badRequest((String[]) validate3rdPartyConsumer.toArray(new String[validate3rdPartyConsumer.size()]));
            }
            if (consumerEntity.isOutgoing()) {
                add3rdPartyOutgoingConsumer(consumerEntity);
            } else {
                try {
                    this.serviceProviderStoreService.addConsumer(createBasicConsumer(consumerEntity, findApplicationLink), findApplicationLink);
                } catch (NoSuchAlgorithmException e2) {
                    return RestUtil.badRequest(this.i18nResolver.getText("applinks.invalid.consumer.publickey", str));
                } catch (InvalidKeySpecException e3) {
                    return RestUtil.badRequest(this.i18nResolver.getText("applinks.invalid.consumer.publickey", str));
                }
            }
        } else {
            List<String> validateAtlassianConsumer = validateAtlassianConsumer(consumerEntity);
            if (validateAtlassianConsumer.size() > 0) {
                return RestUtil.badRequest((String[]) validateAtlassianConsumer.toArray(new String[validateAtlassianConsumer.size()]));
            }
            try {
                Consumer createBasicConsumer = createBasicConsumer(consumerEntity, findApplicationLink);
                this.serviceProviderStoreService.addConsumer(new Consumer.InstanceBuilder(createBasicConsumer.getKey()).name(createBasicConsumer.getName()).description(createBasicConsumer.getDescription()).publicKey(createBasicConsumer.getPublicKey()).signatureMethod(createBasicConsumer.getSignatureMethod()).callback(createBasicConsumer.getCallback()).twoLOAllowed(consumerEntity.isTwoLOAllowed()).executingTwoLOUser(consumerEntity.getExecutingTwoLOUser()).twoLOImpersonationAllowed(consumerEntity.isTwoLOImpersonationAllowed()).build(), findApplicationLink);
            } catch (NoSuchAlgorithmException e4) {
                return RestUtil.badRequest(this.i18nResolver.getText("applinks.invalid.consumer.publickey", str));
            } catch (InvalidKeySpecException e5) {
                return RestUtil.badRequest(this.i18nResolver.getText("applinks.invalid.consumer.publickey", str));
            }
        }
        return RestUtil.created(Link.self(new URI("applicationlink/" + str + "/authentication/consumer")));
    }

    private Consumer add3rdPartyOutgoingConsumer(ConsumerEntity consumerEntity) {
        Consumer build = Consumer.key(consumerEntity.getKey()).name(consumerEntity.getName()).signatureMethod(Consumer.SignatureMethod.HMAC_SHA1).description(consumerEntity.getDescription()).build();
        this.consumerService.add(build.getName(), build, consumerEntity.getSharedSecret());
        return build;
    }

    private Consumer createBasicConsumer(ConsumerEntity consumerEntity, ApplicationLink applicationLink) throws InvalidKeySpecException, NoSuchAlgorithmException, URISyntaxException {
        return Consumer.key(consumerEntity.getKey()).name(consumerEntity.getName()).publicKey(RSAKeys.fromPemEncodingToPublicKey(consumerEntity.getPublicKey())).description(consumerEntity.getDescription()).callback(consumerEntity.getCallback()).build();
    }

    private List<String> validate3rdPartyConsumer(ConsumerEntity consumerEntity) {
        ArrayList newArrayList = Lists.newArrayList();
        if (StringUtils.isEmpty(consumerEntity.getKey())) {
            newArrayList.add(this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.key.is.required"));
        }
        if (consumerEntity.isOutgoing()) {
            if (StringUtils.isEmpty(consumerEntity.getName())) {
                newArrayList.add(this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.name.is.required"));
            }
            if (StringUtils.isEmpty(consumerEntity.getSharedSecret())) {
                newArrayList.add(this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.shared.secret.is.required"));
            }
        } else if (StringUtils.isEmpty(consumerEntity.getPublicKey())) {
            newArrayList.add(this.i18nResolver.getText("auth.oauth.config.serviceprovider.missing.public.key"));
        }
        return newArrayList;
    }

    private List<String> validateAtlassianConsumer(ConsumerEntity consumerEntity) {
        ArrayList newArrayList = Lists.newArrayList();
        if (StringUtils.isEmpty(consumerEntity.getKey())) {
            newArrayList.add(this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.key.is.required"));
        }
        if (StringUtils.isEmpty(consumerEntity.getName())) {
            newArrayList.add(this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.name.is.required"));
        }
        if (StringUtils.isEmpty(consumerEntity.getPublicKey())) {
            newArrayList.add(this.i18nResolver.getText("applinks.consumer.publickey.required"));
        }
        return newArrayList;
    }

    private List<AuthenticationProviderEntity> getConfiguredProviders(ApplicationLink applicationLink) throws URISyntaxException {
        return getConfiguredProviders(applicationLink, this.pluginAccessor.getEnabledModulesByClass(AuthenticationProviderPluginModule.class));
    }

    private List<AuthenticationProviderEntity> getConfiguredProviders(ApplicationLink applicationLink, Iterable<AuthenticationProviderPluginModule> iterable) throws URISyntaxException {
        ArrayList arrayList = new ArrayList();
        for (AuthenticationProviderPluginModule authenticationProviderPluginModule : iterable) {
            if (authenticationProviderPluginModule.getAuthenticationProvider(applicationLink) != null) {
                arrayList.add(new AuthenticationProviderEntity(Link.self(new URI("applicationlink/" + applicationLink.getId().toString() + "/authentication/provider")), authenticationProviderPluginModule.getClass().getName(), authenticationProviderPluginModule.getAuthenticationProviderClass().getName(), this.authenticationConfigurationManager.getConfiguration(applicationLink.getId(), authenticationProviderPluginModule.getAuthenticationProviderClass())));
            }
        }
        return arrayList;
    }

    private ApplicationLink findApplicationLink(String str) throws TypeNotInstalledException {
        try {
            return this.applicationLinkService.getApplicationLink(new ApplicationId(str));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    private Iterable<Consumer> findConsumers(ApplicationLink applicationLink, List<AuthenticationProviderEntity> list) {
        Consumer consumerByKey;
        ArrayList newArrayList = Lists.newArrayList();
        Consumer consumer = this.serviceProviderStoreService.getConsumer(applicationLink);
        if (consumer != null) {
            newArrayList.add(consumer);
        }
        if (applicationLink.getType() instanceof GenericApplicationType) {
            for (AuthenticationProviderEntity authenticationProviderEntity : list) {
                if (applicationLink.getType() instanceof GenericApplicationType) {
                    String str = authenticationProviderEntity.getConfig().get("consumerKey.outbound");
                    if (!StringUtils.isEmpty(str) && (consumerByKey = this.consumerService.getConsumerByKey(str)) != null) {
                        newArrayList.add(consumerByKey);
                    }
                }
            }
        }
        return newArrayList;
    }
}
