package com.atlassian.applinks.ui.auth;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.api.TypeNotInstalledException;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.core.plugin.AuthenticationProviderModuleDescriptor;
import com.atlassian.applinks.core.util.Message;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.RendererContextBuilder;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.docs.DocumentationLinker;
import com.atlassian.applinks.spi.Manifest;
import com.atlassian.applinks.spi.auth.AuthenticationDirection;
import com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule;
import com.atlassian.applinks.spi.manifest.ManifestNotFoundException;
import com.atlassian.applinks.spi.manifest.ManifestRetriever;
import com.atlassian.applinks.ui.AbstractAppLinksAdminOnlyServlet;
import com.atlassian.applinks.ui.AbstractApplinksServlet;
import com.atlassian.plugin.PluginAccessor;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.atlassian.troubleshooting.stp.action.impl.TabsAction;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-6.0.2.jar:com/atlassian/applinks/ui/auth/AuthenticatorContainerServlet.class */
public class AuthenticatorContainerServlet extends AbstractAppLinksAdminOnlyServlet {
    private static final String APPLICATION_ID = "applicationId";
    private static final String DIRECTION = "direction";
    private static final String SUCCESS_TEMPLATE = "com/atlassian/applinks/ui/auth_container.vm";
    private final ApplicationLinkService applicationLinkService;
    private final ManifestRetriever manifestRetriever;
    private final PluginAccessor pluginAccessor;
    private final WebSudoManager webSudoManager;
    private final UserManager userManager;
    private static final Set<String> TWO_LO_MODULE_KEYS = ImmutableSet.of("TwoLeggedOAuthAuthenticatorProviderPluginModule", "TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule");
    private static final Predicate<Class<? extends AuthenticationProvider>> IS_OAUTH = new Predicate<Class<? extends AuthenticationProvider>>() { // from class: com.atlassian.applinks.ui.auth.AuthenticatorContainerServlet.1
        @Override // com.google.common.base.Predicate
        public boolean apply(Class<? extends AuthenticationProvider> cls) {
            return OAuthAuthenticationProvider.class.isAssignableFrom(cls);
        }
    };

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-6.0.2.jar:com/atlassian/applinks/ui/auth/AuthenticatorContainerServlet$ConfigTab.class */
    public static class ConfigTab {
        private final Message name;
        private final String url;
        private final String id;
        private final String cssClass;

        public ConfigTab(Message message, String str, String str2, String str3) {
            this.name = message;
            this.url = str;
            this.id = str2;
            this.cssClass = str3;
        }

        public Message getName() {
            return this.name;
        }

        public String getUrl() {
            return this.url;
        }

        public String getId() {
            return this.id;
        }

        public String getCssClass() {
            return this.cssClass;
        }
    }

    public AuthenticatorContainerServlet(I18nResolver i18nResolver, MessageFactory messageFactory, TemplateRenderer templateRenderer, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, InternalHostApplication internalHostApplication, ManifestRetriever manifestRetriever, PluginAccessor pluginAccessor, AdminUIAuthenticator adminUIAuthenticator, LoginUriProvider loginUriProvider, DocumentationLinker documentationLinker, WebSudoManager webSudoManager, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator, UserManager userManager) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, adminUIAuthenticator, documentationLinker, loginUriProvider, internalHostApplication, xsrfTokenAccessor, xsrfTokenValidator);
        this.applicationLinkService = applicationLinkService;
        this.manifestRetriever = manifestRetriever;
        this.pluginAccessor = pluginAccessor;
        this.webSudoManager = webSudoManager;
        this.userManager = userManager;
    }

    @Override // com.atlassian.applinks.ui.AbstractApplinksServlet
    protected List<String> getRequiredWebResources() {
        return ImmutableList.of("com.atlassian.applinks.applinks-plugin:auth-container");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v67, types: [java.util.Set] */
    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            ApplicationId applicationId = new ApplicationId(getRequiredParameter(httpServletRequest, "applicationId"));
            try {
                ApplicationLink applicationLink = this.applicationLinkService.getApplicationLink(applicationId);
                if (applicationLink == null) {
                    this.logger.error("Couldn't find application link with id " + applicationId);
                    throw new AbstractApplinksServlet.NotFoundException(this.messageFactory.newI18nMessage("auth.oauth.config.error.link.id", applicationId.toString()));
                }
                AuthenticationDirection valueOf = AuthenticationDirection.valueOf(getRequiredParameter(httpServletRequest, "direction"));
                try {
                    Manifest manifest = this.manifestRetriever.getManifest(applicationLink.getRpcUrl(), applicationLink.getType());
                    Sets.SetView intersection = valueOf == AuthenticationDirection.INBOUND ? Sets.intersection(Sets.newHashSet(this.internalHostApplication.getSupportedInboundAuthenticationTypes()), manifest.getOutboundAuthenticationTypes()) : Sets.intersection(Sets.newHashSet(this.internalHostApplication.getSupportedOutboundAuthenticationTypes()), manifest.getInboundAuthenticationTypes());
                    ArrayList arrayList = new ArrayList();
                    ArrayList<AuthenticationProviderModuleDescriptor> newArrayList = Lists.newArrayList(this.pluginAccessor.getEnabledModuleDescriptorsByClass(AuthenticationProviderModuleDescriptor.class));
                    Collections.sort(newArrayList, AuthenticationProviderModuleDescriptor.BY_WEIGHT);
                    if (!this.userManager.isSystemAdmin(this.userManager.getRemoteUsername())) {
                        intersection = Sets.filter(intersection, IS_OAUTH);
                    }
                    HashSet hashSet = new HashSet();
                    for (AuthenticationProviderModuleDescriptor authenticationProviderModuleDescriptor : newArrayList) {
                        AuthenticationProviderPluginModule module = authenticationProviderModuleDescriptor.getModule();
                        if (intersection.contains(module.getAuthenticationProviderClass())) {
                            String name = module.getAuthenticationProviderClass().getName();
                            String substring = name.substring(name.lastIndexOf(".") + 1);
                            String configUrl = module.getConfigUrl(applicationLink, manifest.getAppLinksVersion(), valueOf, httpServletRequest);
                            if (configUrl != null && !TWO_LO_MODULE_KEYS.contains(authenticationProviderModuleDescriptor.getKey())) {
                                arrayList.add(new ConfigTab(this.messageFactory.newI18nMessage(authenticationProviderModuleDescriptor.getI18nNameKey(), new Serializable[0]), configUrl, authenticationProviderModuleDescriptor.getKey(), substring));
                                hashSet.add(module.getAuthenticationProviderClass());
                            }
                        }
                    }
                    RendererContextBuilder createContextBuilder = createContextBuilder(applicationLink);
                    createContextBuilder.put(TabsAction.ACTION_NAME, arrayList).put("direction", valueOf.name());
                    render(SUCCESS_TEMPLATE, createContextBuilder.build(), httpServletRequest, httpServletResponse);
                } catch (ManifestNotFoundException e) {
                    this.logger.error("Failed to retrieve manifest for application link '" + applicationLink + "'.");
                    throw new AbstractApplinksServlet.NotFoundException(this.messageFactory.newI18nMessage("auth.config.manifest.missing", applicationLink.getName()));
                }
            } catch (TypeNotInstalledException e2) {
                throw new IllegalStateException(String.format("Failed to load application %s as the %s type is not installed", applicationId, e2.getType()));
            }
        } catch (WebSudoSessionException e3) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }
}
