package com.atlassian.applinks.oauth.auth.servlets.serviceprovider;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.RendererContextBuilder;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.auth.oauth.ServiceProviderStoreService;
import com.atlassian.applinks.internal.common.docs.DocumentationLinker;
import com.atlassian.applinks.ui.AbstractApplinksServlet;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.util.RSAKeys;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.soy.impl.functions.ContextFunction;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-6.0.2.jar:com/atlassian/applinks/oauth/auth/servlets/serviceprovider/AddConsumerManuallyServlet.class */
public class AddConsumerManuallyServlet extends AbstractConsumerServlet {
    private final ServiceProviderStoreService providerStoreService;
    private final WebSudoManager webSudoManager;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AddConsumerManuallyServlet.class);
    private static final String INCOMING_NON_APPLINKS_TEMPLATE = "com/atlassian/applinks/oauth/auth/incoming_nonapplinks.vm";
    private static final String CONSUMER = "consumer";
    private static final String PUBLIC_KEY = "publicKey";

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-6.0.2.jar:com/atlassian/applinks/oauth/auth/servlets/serviceprovider/AddConsumerManuallyServlet$FormFields.class */
    public static class FormFields {
        public String key;
        public String name;
        public String description;
        public String publicKey;
        public String callback;
        public boolean twoLOAllowed;
        public String executingTwoLOUser;
        public boolean twoLOImpersonationAllowed;

        public FormFields(HttpServletRequest httpServletRequest) {
            this.key = httpServletRequest.getParameter("key");
            this.name = httpServletRequest.getParameter("consumerName");
            this.description = httpServletRequest.getParameter("description");
            this.publicKey = httpServletRequest.getParameter("publicKey");
            this.callback = httpServletRequest.getParameter("callback");
            this.twoLOAllowed = Boolean.parseBoolean(httpServletRequest.getParameter("two-lo-enabled"));
            this.executingTwoLOUser = httpServletRequest.getParameter("two-lo-execute-as");
            this.twoLOImpersonationAllowed = Boolean.parseBoolean(httpServletRequest.getParameter("two-lo-impersonation-enabled"));
        }

        public String getKey() {
            return this.key;
        }

        public String getName() {
            return this.name;
        }

        public String getDescription() {
            return this.description;
        }

        public String getPublicKey() {
            return this.publicKey;
        }

        public String getCallback() {
            return this.callback;
        }

        public boolean isTwoLOAllowed() {
            return this.twoLOAllowed;
        }

        public String getExecutingTwoLOUser() {
            return this.executingTwoLOUser;
        }

        public boolean isTwoLOImpersonationAllowed() {
            return this.twoLOImpersonationAllowed;
        }
    }

    protected AddConsumerManuallyServlet(I18nResolver i18nResolver, MessageFactory messageFactory, TemplateRenderer templateRenderer, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, AdminUIAuthenticator adminUIAuthenticator, RequestFactory requestFactory, ServiceProviderStoreService serviceProviderStoreService, InternalHostApplication internalHostApplication, LoginUriProvider loginUriProvider, DocumentationLinker documentationLinker, WebSudoManager webSudoManager, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator, UserManager userManager) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, applicationLinkService, adminUIAuthenticator, requestFactory, documentationLinker, loginUriProvider, internalHostApplication, xsrfTokenAccessor, xsrfTokenValidator, userManager);
        this.providerStoreService = serviceProviderStoreService;
        this.webSudoManager = webSudoManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
            Consumer consumer = this.providerStoreService.getConsumer(requiredApplicationLink);
            RendererContextBuilder createContextBuilder = createContextBuilder(requiredApplicationLink);
            createContextBuilder.put(ContextFunction.FUNCTION_NAME, httpServletRequest.getContextPath());
            createContextBuilder.put("message", getMessage(httpServletRequest));
            if (consumer != null) {
                createContextBuilder.put(CONSUMER, consumer);
                createContextBuilder.put("publicKey", RSAKeys.toPemEncoding(consumer.getPublicKey()));
            }
            createContextBuilder.put("isSysadmin", Boolean.valueOf(isSysadmin()));
            render(INCOMING_NON_APPLINKS_TEMPLATE, createContextBuilder.build(), httpServletRequest, httpServletResponse, requiredApplicationLink);
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
            HashMap hashMap = new HashMap();
            boolean parseBoolean = Boolean.parseBoolean(checkRequiredFormParameter(httpServletRequest, AbstractConsumerServlet.OAUTH_INCOMING_ENABLED, hashMap, "auth.oauth.config.error.enable"));
            addOrRemoveConsumer(httpServletRequest, requiredApplicationLink, hashMap, parseBoolean);
            if (hashMap.isEmpty()) {
                httpServletResponse.sendRedirect("./" + requiredApplicationLink.getId() + "?message=" + URIUtil.utf8Encode(parseBoolean ? this.i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.enabled") : this.i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.disabled")));
            } else {
                FormFields formFields = new FormFields(httpServletRequest);
                RendererContextBuilder createContextBuilder = createContextBuilder(requiredApplicationLink);
                createContextBuilder.put(ContextFunction.FUNCTION_NAME, httpServletRequest.getContextPath());
                createContextBuilder.put(CONSUMER, formFields);
                createContextBuilder.put("publicKey", formFields.getPublicKey());
                createContextBuilder.put("fieldErrorMessages", hashMap);
                createContextBuilder.put("isSysadmin", Boolean.valueOf(isSysadmin()));
                render(INCOMING_NON_APPLINKS_TEMPLATE, createContextBuilder.build(), httpServletRequest, httpServletResponse, requiredApplicationLink);
            }
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    private void addOrRemoveConsumer(HttpServletRequest httpServletRequest, ApplicationLink applicationLink, Map<String, String> map, boolean z) throws IOException {
        if (!z) {
            try {
                this.providerStoreService.removeConsumer(applicationLink);
                return;
            } catch (Exception e) {
                LOG.error("Failed to disable OAuth outgoing, when trying to remove the consumer for application link '" + applicationLink + "'", (Throwable) e);
                map.put("communication", this.i18nResolver.getText("auth.oauth.config.error.consumer.remove", e.getMessage()));
                return;
            }
        }
        String checkRequiredFormParameter = checkRequiredFormParameter(httpServletRequest, "key", map, "auth.oauth.config.serviceprovider.missing.consumer.key");
        String checkRequiredFormParameter2 = checkRequiredFormParameter(httpServletRequest, "consumerName", map, "auth.oauth.config.serviceprovider.missing.consumer.name");
        String parameter = httpServletRequest.getParameter("description");
        PublicKey publicKey = getPublicKey(httpServletRequest, map);
        URI callbackUri = getCallbackUri(httpServletRequest, map);
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter("two-lo-enabled"));
        if (parseBoolean && !isSysadmin()) {
            throw new AbstractApplinksServlet.ForbiddenException(this.messageFactory.newI18nMessage("applinks.error.only.sysadmin.operation", new Serializable[0]));
        }
        String str = null;
        if (parseBoolean) {
            str = checkRequiredFormParameter(httpServletRequest, "two-lo-execute-as", map, "auth.oauth.config.2lo.username.error");
            if (!StringUtils.isBlank(str) && this.userManager.resolve(str) == null) {
                map.put("two-lo-execute-as", this.i18nResolver.getText("auth.oauth.config.2lo.username.error"));
            }
        }
        boolean parseBoolean2 = Boolean.parseBoolean(httpServletRequest.getParameter("two-lo-impersonation-enabled"));
        if (map.isEmpty()) {
            try {
                this.providerStoreService.addConsumer(Consumer.key(checkRequiredFormParameter).name(checkRequiredFormParameter2).publicKey(publicKey).description(parameter).callback(callbackUri).twoLOAllowed(parseBoolean).executingTwoLOUser(str).twoLOImpersonationAllowed(parseBoolean2).build(), applicationLink);
            } catch (Exception e2) {
                LOG.error("Failed to store consumer key", (Throwable) e2);
                map.put("communication", this.i18nResolver.getText("auth.oauth.config.error.consumer.add", e2.getMessage()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.applinks.oauth.auth.servlets.AbstractOAuthConfigServlet, com.atlassian.applinks.core.auth.AbstractAdminOnlyAuthServlet, com.atlassian.applinks.ui.AbstractApplinksServlet
    public List<String> getRequiredWebResources() {
        return new ImmutableList.Builder().addAll((Iterable) super.getRequiredWebResources()).add((ImmutableList.Builder) "com.atlassian.applinks.applinks-oauth-plugin:oauth-2lo-config").build();
    }
}
