package com.atlassian.plugin.connect.plugin.lifecycle;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.httpclient.api.HttpClient;
import com.atlassian.httpclient.api.Request;
import com.atlassian.httpclient.api.Response;
import com.atlassian.jwt.JwtConstants;
import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.consumer.ConsumerService;
import com.atlassian.oauth.util.RSAKeys;
import com.atlassian.plugin.PluginState;
import com.atlassian.plugin.connect.api.ConnectAddonAccessor;
import com.atlassian.plugin.connect.api.auth.AuthorizationGenerator;
import com.atlassian.plugin.connect.api.auth.ReKeyableAuthorizationGenerator;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonDisableException;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonEnableException;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonInitException;
import com.atlassian.plugin.connect.api.lifecycle.ConnectAddonInstallException;
import com.atlassian.plugin.connect.api.request.HttpHeaderNames;
import com.atlassian.plugin.connect.api.request.HttpMethod;
import com.atlassian.plugin.connect.api.request.RemotablePluginAccessorFactory;
import com.atlassian.plugin.connect.modules.beans.AuthenticationBean;
import com.atlassian.plugin.connect.modules.beans.AuthenticationType;
import com.atlassian.plugin.connect.modules.beans.ConnectAddonBean;
import com.atlassian.plugin.connect.modules.beans.ConnectAddonEventData;
import com.atlassian.plugin.connect.modules.beans.OAuthClient;
import com.atlassian.plugin.connect.modules.beans.builder.ConnectAddonEventDataBuilder;
import com.atlassian.plugin.connect.modules.beans.nested.ScopeName;
import com.atlassian.plugin.connect.modules.gson.ConnectModulesGsonFactory;
import com.atlassian.plugin.connect.plugin.AddonSettings;
import com.atlassian.plugin.connect.plugin.ConnectAddonInformationProvider;
import com.atlassian.plugin.connect.plugin.ConnectAddonRegistry;
import com.atlassian.plugin.connect.plugin.auth.applinks.ConnectApplinkManager;
import com.atlassian.plugin.connect.plugin.auth.oauth2.OAuthClientManager;
import com.atlassian.plugin.connect.plugin.descriptor.ConnectAddonBeanFactory;
import com.atlassian.plugin.connect.plugin.descriptor.InvalidDescriptorException;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonDisabledEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonEnableFailedEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonEnabledEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonInstalledEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonUninstallFailedEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.ConnectAddonUninstalledEvent;
import com.atlassian.plugin.connect.plugin.lifecycle.event.LifecycleCallbackBadResponseException;
import com.atlassian.plugin.connect.plugin.lifecycle.upm.LicenseRetriever;
import com.atlassian.plugin.connect.plugin.request.ConnectHttpClientFactory;
import com.atlassian.plugin.connect.plugin.util.SystemPropertyService;
import com.atlassian.plugin.connect.spi.ProductAccessor;
import com.atlassian.plugin.connect.spi.auth.user.ConnectUserService;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.features.DarkFeatureManager;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserProfile;
import com.atlassian.upm.spi.PluginInstallException;
import com.atlassian.uri.Uri;
import com.atlassian.uri.UriBuilder;
import com.atlassian.webhooks.WebhookConstants;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import java.io.Serializable;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.net.ssl.SSLException;
import org.apache.commons.lang3.StringUtils;
import org.osgi.framework.BundleContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/lifecycle/ConnectAddonManager.class */
public class ConnectAddonManager {
    private static final String HTTP_ERROR_I18N_KEY_PREFIX = "connect.install.error.remote.host.bad.response.";
    private static final String DARK_FEATURE_DISABLE_SIGN_INSTALL_WITH_PREV_KEY = "connect.lifecycle.install.sign_with_prev_key.disable";

    @VisibleForTesting
    public static final String DARK_FEATURE_OAUTH2_IMPERSONATION = "connect.authentication.oauth2.impersonation";
    private static final String USER_KEY = "user_key";
    private final SystemPropertyService systemPropertyService;
    private final UserManager userManager;
    private final RemotablePluginAccessorFactory remotablePluginAccessorFactory;
    private final ConnectAddonAccessor connectAddonAccessor;
    private HttpClient httpClient;
    private final ConnectAddonRegistry addonRegistry;
    private final BeanToModuleRegistrar beanToModuleRegistrar;
    private final ConnectUserService connectUserService;
    private final EventPublisher eventPublisher;
    private final ConsumerService consumerService;
    private final ApplicationProperties applicationProperties;
    private final LicenseRetriever licenseRetriever;
    private final ProductAccessor productAccessor;
    private final BundleContext bundleContext;
    private final ConnectApplinkManager connectApplinkManager;
    private final I18nResolver i18nResolver;
    private final ConnectAddonBeanFactory connectAddonBeanFactory;
    private final DarkFeatureManager darkFeatureManager;
    private final ConnectAddonInformationProvider connectAddonInformationProvider;
    private final OAuthClientManager oauthClientManager;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConnectAddonManager.class);
    private static final List<Integer> OK_INSTALL_HTTP_CODES = Arrays.asList(200, 201, 204);
    private static final SigningAlgorithm JWT_ALGORITHM = SigningAlgorithm.HS256;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/lifecycle/ConnectAddonManager$SyncHandler.class */
    public enum SyncHandler {
        INSTALLED,
        UNINSTALLED,
        ENABLED,
        DISABLED
    }

    @Autowired
    public ConnectAddonManager(SystemPropertyService systemPropertyService, UserManager userManager, RemotablePluginAccessorFactory remotablePluginAccessorFactory, ConnectAddonRegistry connectAddonRegistry, BeanToModuleRegistrar beanToModuleRegistrar, ConnectUserService connectUserService, EventPublisher eventPublisher, ConsumerService consumerService, ApplicationProperties applicationProperties, LicenseRetriever licenseRetriever, ProductAccessor productAccessor, BundleContext bundleContext, ConnectApplinkManager connectApplinkManager, I18nResolver i18nResolver, ConnectAddonBeanFactory connectAddonBeanFactory, OAuthClientManager oAuthClientManager, ConnectHttpClientFactory connectHttpClientFactory, DarkFeatureManager darkFeatureManager, ConnectAddonAccessor connectAddonAccessor, ConnectAddonInformationProvider connectAddonInformationProvider) {
        this.systemPropertyService = systemPropertyService;
        this.userManager = userManager;
        this.remotablePluginAccessorFactory = remotablePluginAccessorFactory;
        this.connectAddonAccessor = connectAddonAccessor;
        this.httpClient = connectHttpClientFactory.getInstance();
        this.addonRegistry = connectAddonRegistry;
        this.beanToModuleRegistrar = beanToModuleRegistrar;
        this.connectUserService = connectUserService;
        this.eventPublisher = eventPublisher;
        this.consumerService = consumerService;
        this.applicationProperties = applicationProperties;
        this.licenseRetriever = licenseRetriever;
        this.productAccessor = productAccessor;
        this.bundleContext = bundleContext;
        this.connectApplinkManager = connectApplinkManager;
        this.i18nResolver = i18nResolver;
        this.connectAddonBeanFactory = connectAddonBeanFactory;
        this.oauthClientManager = oAuthClientManager;
        this.darkFeatureManager = darkFeatureManager;
        this.connectAddonInformationProvider = connectAddonInformationProvider;
    }

    public boolean hasDescriptor(String str) {
        return this.addonRegistry.hasDescriptor(str);
    }

    public Iterable<String> getAllAddonKeys() {
        return this.addonRegistry.getAllAddonKeys();
    }

    @VisibleForTesting
    public void installConnectAddon(String str, PluginState pluginState, Optional<String> optional, boolean z, AddonSettings addonSettings) throws ConnectAddonInstallException {
        long currentTimeMillis = System.currentTimeMillis();
        ConnectAddonBean fromJson = this.connectAddonBeanFactory.fromJson(str);
        String key = fromJson.getKey();
        String descriptor = this.addonRegistry.getDescriptor(key);
        AuthenticationType type = fromJson.getAuthentication().getType();
        boolean addonUsesSymmetricSharedSecret = addonUsesSymmetricSharedSecret(type, JWT_ALGORITHM);
        Optional<OAuthClient> updatedOAuthClient = getUpdatedOAuthClient(key, z ? optional : Optional.empty(), addonUsesSymmetricSharedSecret, addonSettings);
        String publicKey = addonUsesSymmetricSharedSecret ? (String) updatedOAuthClient.map((v0) -> {
            return v0.getSharedSecret();
        }).orElse(null) : fromJson.getAuthentication().getPublicKey();
        String provisionUserIfNecessary = provisionUserIfNecessary(fromJson, descriptor);
        this.addonRegistry.storeAddonSettings(key, new AddonSettings().setAuth(type.name()).setOAuthClient(updatedOAuthClient).setBaseUrl(fromJson.getBaseUrl()).setDescriptor(str).setRestartState(PluginState.DISABLED).setSecret(publicKey).setUserKey(provisionUserIfNecessary));
        this.connectApplinkManager.createAppLink(fromJson, fromJson.getBaseUrl(), type, publicKey, provisionUserIfNecessary);
        if (!Strings.isNullOrEmpty(fromJson.getLifecycle().getInstalled())) {
            if (this.darkFeatureManager.isFeatureEnabledForAllUsers(DARK_FEATURE_DISABLE_SIGN_INSTALL_WITH_PREV_KEY)) {
                requestInstallCallback(fromJson, updatedOAuthClient, true);
            } else if (optional.isPresent() && addonUsesSymmetricSharedSecret) {
                requestInstallCallback(fromJson, updatedOAuthClient, optional.get());
            } else {
                requestInstallCallback(fromJson, updatedOAuthClient, false);
            }
        }
        this.eventPublisher.publish(new ConnectAddonInstalledEvent(key));
        log.info("Connect addon '" + fromJson.getKey() + "' installed in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
        if (PluginState.ENABLED == pluginState) {
            try {
                enableConnectAddon(key);
            } catch (ConnectAddonEnableException e) {
                log.error("Could not enable add-on " + e.getAddonKey() + " during its installation: " + e.getMessage(), (Throwable) e);
            }
        }
    }

    private Optional<OAuthClient> getUpdatedOAuthClient(String str, Optional<String> optional, boolean z, AddonSettings addonSettings) {
        if (!z) {
            return Optional.empty();
        }
        Optional<OAuthClient> oAuthClient = addonSettings.getOAuthClient();
        Optional<U> map = oAuthClient.map((v0) -> {
            return v0.getClientId();
        });
        return map.isPresent() ? optional.isPresent() ? Optional.of(new OAuthClient((String) map.get(), optional.get())) : Optional.of(this.oauthClientManager.updateSecret(oAuthClient.get())) : optional.isPresent() ? Optional.of(this.oauthClientManager.createNewClientWithExistingSecret(str, optional.get())) : Optional.of(this.oauthClientManager.createNewClient(str));
    }

    private static boolean addonRequiresAuth(ConnectAddonBean connectAddonBean) {
        return (connectAddonBean.getAuthentication() == null || AuthenticationType.NONE.equals(connectAddonBean.getAuthentication().getType())) ? false : true;
    }

    public String provisionUserIfNecessary(ConnectAddonBean connectAddonBean, String str) throws ConnectAddonInstallException {
        if (addonRequiresAuth(connectAddonBean)) {
            return provisionAddonUserAndScopes(connectAddonBean, str);
        }
        return null;
    }

    public void enableConnectAddon(String str) throws ConnectAddonInitException, ConnectAddonEnableException {
        long currentTimeMillis = System.currentTimeMillis();
        this.remotablePluginAccessorFactory.remove(str);
        if (!this.addonRegistry.hasDescriptor(str)) {
            this.eventPublisher.publish(new ConnectAddonEnableFailedEvent(str, "Tried to enable add-on before it was installed."));
            throw new ConnectAddonEnableException(str, "Tried to enable add-on before it was installed.");
        }
        try {
            ConnectAddonBean connectAddonBean = this.connectAddonAccessor.getAddon(str).get();
            this.beanToModuleRegistrar.registerDescriptorsForBeans(connectAddonBean);
            if (addonRequiresAuth(connectAddonBean)) {
                enableAddonUser(connectAddonBean);
            }
            this.addonRegistry.storeRestartState(str, PluginState.ENABLED);
            try {
                this.eventPublisher.publish(new ConnectAddonEnabledEvent(str, createEventData(str, SyncHandler.ENABLED.name().toLowerCase())));
            } catch (Exception e) {
                log.warn(String.format("Could not fire enabled webhook event for add-on %s, continuing anyway", str), (Throwable) e);
            }
            log.info("Connect addon '" + connectAddonBean.getKey() + "' enabled in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
        } catch (InvalidDescriptorException | ConnectModuleRegistrationException e2) {
            this.eventPublisher.publish(new ConnectAddonEnableFailedEvent(str, e2.getMessage()));
            throw new ConnectAddonEnableException(str, "Module registration failed while enabling add-on, skipping.", e2);
        }
    }

    public void disableConnectAddon(String str) throws ConnectAddonDisableException {
        disableConnectAddon(str, true, true);
    }

    public void disableConnectAddonWithoutPersistingState(String str) throws ConnectAddonDisableException {
        disableConnectAddon(str, false, true);
    }

    private void disableConnectAddon(String str, boolean z, boolean z2) throws ConnectAddonDisableException {
        long currentTimeMillis = System.currentTimeMillis();
        this.remotablePluginAccessorFactory.remove(str);
        if (this.addonRegistry.hasDescriptor(str)) {
            if (z2 && !PluginState.DISABLED.equals(this.addonRegistry.getRestartState(str))) {
                this.eventPublisher.publish(new ConnectAddonDisabledEvent(str, createEventData(str, SyncHandler.DISABLED.name().toLowerCase())));
            }
            disableAddonUser(str);
            this.beanToModuleRegistrar.unregisterDescriptorsForAddon(str);
            if (z) {
                this.addonRegistry.storeRestartState(str, PluginState.DISABLED);
            }
            log.info("Connect addon '" + str + "' disabled in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
        }
    }

    public boolean isEnabled(String str) {
        return this.addonRegistry.hasDescriptor(str) && this.addonRegistry.getRestartState(str) == PluginState.ENABLED;
    }

    public boolean isInstalled(String str) {
        return this.addonRegistry.hasDescriptor(str);
    }

    public void uninstallConnectAddon(String str) throws ConnectAddonDisableException {
        uninstallConnectAddon(str, true);
    }

    public void uninstallConnectAddonQuietly(String str) {
        try {
            uninstallConnectAddon(str, false);
        } catch (ConnectAddonDisableException e) {
        }
    }

    private void uninstallConnectAddon(String str, boolean z) throws ConnectAddonDisableException {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.addonRegistry.hasDescriptor(str)) {
            String descriptor = this.addonRegistry.getDescriptor(str);
            Optional<String> empty = Optional.empty();
            ConnectAddonBean connectAddonBean = null;
            try {
                try {
                    connectAddonBean = this.connectAddonAccessor.getAddon(str).get();
                } catch (InvalidDescriptorException e) {
                    String str2 = "Tried to publish plugin uninstalled event for connect addon ['" + str + "'], but got a null ConnectAddonBean when trying to deserialize it's stored descriptor. Ignoring...";
                    if (z) {
                        this.eventPublisher.publish(new ConnectAddonUninstallFailedEvent(str, str2));
                    }
                    log.warn(str2);
                }
                disableConnectAddon(str, false, z);
                if (null != connectAddonBean) {
                    if (z && !Strings.isNullOrEmpty(connectAddonBean.getLifecycle().getUninstalled())) {
                        try {
                            URI uri = getURI(connectAddonBean.getBaseUrl(), connectAddonBean.getLifecycle().getUninstalled());
                            callSyncHandler(connectAddonBean.getKey(), addonUsesJwtAuthentication(connectAddonBean), uri, createEventDataForUninstallation(str, connectAddonBean), getAuthHeader(uri, this.remotablePluginAccessorFactory.get(connectAddonBean.getKey()).getAuthorizationGenerator()));
                        } catch (LifecycleCallbackException e2) {
                            log.warn("Failed to notify remote host that add-on was uninstalled.", (Throwable) e2);
                        }
                    }
                    if (z) {
                        this.eventPublisher.publish(new ConnectAddonUninstalledEvent(str));
                    }
                    if (addonUsesSymmetricSharedSecret(connectAddonBean, JWT_ALGORITHM)) {
                        empty = this.connectAddonInformationProvider.getSharedSecret(str);
                    }
                    this.connectApplinkManager.deleteAppLink(connectAddonBean);
                }
            } finally {
                this.addonRegistry.removeAll(str);
                this.connectAddonBeanFactory.remove(descriptor);
                if (empty.isPresent()) {
                    AddonSettings addonSettings = new AddonSettings();
                    addonSettings.setSecret(empty.get());
                    addonSettings.setRestartState(PluginState.UNINSTALLED);
                    this.addonRegistry.storeAddonSettings(str, addonSettings);
                }
            }
        }
        log.info("Connect addon '" + str + "' uninstalled in " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
    }

    private void requestInstallCallback(ConnectAddonBean connectAddonBean, Optional<OAuthClient> optional, boolean z) throws ConnectAddonInstallException {
        URI uri = getURI(connectAddonBean.getBaseUrl(), connectAddonBean.getLifecycle().getInstalled());
        requestInstallCallback(connectAddonBean, optional, uri, z ? getAuthHeader(uri, this.remotablePluginAccessorFactory.get(connectAddonBean.getKey()).getAuthorizationGenerator()) : Optional.empty());
    }

    private void requestInstallCallback(ConnectAddonBean connectAddonBean, Optional<OAuthClient> optional, String str) throws ConnectAddonInstallException {
        URI uri = getURI(connectAddonBean.getBaseUrl(), connectAddonBean.getLifecycle().getInstalled());
        requestInstallCallback(connectAddonBean, optional, uri, Optional.of(getAuthHeader(uri, this.remotablePluginAccessorFactory.get(connectAddonBean.getKey()).getAuthorizationGenerator(), str)));
    }

    private void requestInstallCallback(ConnectAddonBean connectAddonBean, Optional<OAuthClient> optional, URI uri, Optional<String> optional2) throws ConnectAddonInstallException {
        try {
            callSyncHandler(connectAddonBean.getKey(), addonUsesJwtAuthentication(connectAddonBean), uri, createEventDataForInstallation(connectAddonBean.getKey(), optional, connectAddonBean), optional2);
        } catch (LifecycleCallbackException e) {
            throw new ConnectAddonInstallException(e.getMessage(), e, e.getI18nKey(), e.getParams() != null ? e.getParams() : new Serializable[0]);
        }
    }

    private void disableAddonUser(String str) throws ConnectAddonDisableException {
        ApplicationLink appLink = this.connectApplinkManager.getAppLink(str);
        if (null != appLink) {
            appLink.removeProperty(JwtConstants.AppLinks.ADD_ON_USER_KEY_PROPERTY_NAME);
        }
        this.connectUserService.disableAddonUser(str);
    }

    private void enableAddonUser(ConnectAddonBean connectAddonBean) throws ConnectAddonInitException {
        String orCreateAddonUserName = this.connectUserService.getOrCreateAddonUserName(connectAddonBean.getKey(), connectAddonBean.getName());
        ApplicationLink appLink = this.connectApplinkManager.getAppLink(connectAddonBean.getKey());
        if (null != appLink) {
            appLink.putProperty(JwtConstants.AppLinks.ADD_ON_USER_KEY_PROPERTY_NAME, orCreateAddonUserName);
        } else {
            log.error("Unable to set the ApplicationLink user key property for add-on '{}' because the add-on has no ApplicationLink!", connectAddonBean.getKey());
        }
    }

    private void callSyncHandler(String str, boolean z, URI uri, String str2, Optional<String> optional) throws LifecycleCallbackException {
        if (!this.systemPropertyService.isDevMode() && !this.systemPropertyService.isHttpAllowedMode() && z && !uri.getScheme().toLowerCase().startsWith("https")) {
            throw new LifecycleCallbackException(String.format("Cannot issue callback except via HTTPS. Current URL = '%s'", uri), "connect.remote.upm.install.exception");
        }
        Response syncHandlerResponse = getSyncHandlerResponse(str, uri, str2, optional);
        int statusCode = syncHandlerResponse.getStatusCode();
        if (OK_INSTALL_HTTP_CODES.contains(Integer.valueOf(statusCode))) {
            return;
        }
        String statusText = syncHandlerResponse.getStatusText();
        String entity = syncHandlerResponse.getEntity();
        log.error("Error contacting remote application at " + uri + " " + statusCode + ":[" + statusText + "]:" + entity);
        throw new LifecycleCallbackHttpCodeException("Error contacting remote application " + statusCode + ":[" + statusText + "]:" + entity, findI18nKeyForHttpErrorCode(statusCode), statusCode);
    }

    private static boolean addonUsesJwtAuthentication(ConnectAddonBean connectAddonBean) {
        return null != connectAddonBean.getAuthentication() && AuthenticationType.JWT.equals(connectAddonBean.getAuthentication().getType());
    }

    private static Optional<String> getAuthHeader(URI uri, AuthorizationGenerator authorizationGenerator) {
        return authorizationGenerator.generate(HttpMethod.POST, uri, Collections.emptyMap());
    }

    private static String getAuthHeader(URI uri, ReKeyableAuthorizationGenerator reKeyableAuthorizationGenerator, String str) {
        return reKeyableAuthorizationGenerator.generate(HttpMethod.POST, uri, Collections.emptyMap(), str);
    }

    private Response getSyncHandlerResponse(String str, URI uri, String str2, Optional<String> optional) throws LifecycleCallbackException {
        try {
            Request.Builder newRequest = this.httpClient.newRequest(uri);
            newRequest.setAttribute("purpose", "web-hook-notification");
            newRequest.setAttribute(WebhookConstants.CONFIG_PLUGIN_KEY, str);
            newRequest.setContentType2("application/json");
            newRequest.setEntity2(str2);
            if (optional.isPresent()) {
                newRequest.setHeader2("Authorization", optional.get());
            }
            newRequest.setHeader2(HttpHeaderNames.ATLASSIAN_CONNECT_VERSION, getConnectPluginVersion());
            return newRequest.execute(Request.Method.POST).claim();
        } catch (Exception e) {
            log.error("Error contacting remote application at " + uri + "  [" + e.getMessage() + "]", (Throwable) e);
            String str3 = "Error contacting remote application [" + e.getMessage() + "]";
            Throwable cause = e.getCause();
            if (cause instanceof UnknownHostException) {
                throw new LifecycleCallbackBadResponseException(str3, "connect.install.error.remote.host.bad.domain", uri.getHost());
            }
            if (cause instanceof SocketTimeoutException) {
                throw new LifecycleCallbackBadResponseException(str3, "connect.install.error.remote.host.timeout", removeQuery(uri));
            }
            if (cause instanceof SSLException) {
                throw new LifecycleCallbackBadResponseException(str3, "connect.install.error.remote.host.ssl", removeQuery(uri), cause.getMessage());
            }
            throw new LifecycleCallbackException(str3, "connect.remote.upm.install.exception");
        }
    }

    private String removeQuery(URI uri) {
        String uri2 = uri.toString();
        String query = uri.getQuery();
        if (query != null) {
            uri2 = uri2.replace(query, "");
        }
        return uri2.endsWith("?") ? uri2.substring(0, uri2.length() - 1) : uri2;
    }

    private String findI18nKeyForHttpErrorCode(int i) {
        String str = HTTP_ERROR_I18N_KEY_PREFIX + i;
        String rawText = this.i18nResolver.getRawText(str);
        if (StringUtils.isEmpty(rawText) || str.equals(rawText)) {
            str = "connect.remote.upm.install.exception";
        }
        return str;
    }

    @VisibleForTesting
    URI getURI(String str, String str2) {
        UriBuilder uriBuilder = new UriBuilder(Uri.parse(str + str2));
        UserProfile remoteUser = this.userManager.getRemoteUser();
        if (null != remoteUser) {
            uriBuilder.addQueryParameter(USER_KEY, remoteUser.getUserKey().getStringValue());
        }
        return uriBuilder.toUri().toJavaUri();
    }

    @VisibleForTesting
    String createEventData(String str, String str2) {
        return createEventDataInternal(str, str2, Optional.empty());
    }

    String createEventDataForInstallation(String str, Optional<OAuthClient> optional, ConnectAddonBean connectAddonBean) {
        return createEventDataInternal(str, SyncHandler.INSTALLED.name().toLowerCase(), optional);
    }

    String createEventDataForUninstallation(String str, ConnectAddonBean connectAddonBean) {
        return createEventDataInternal(str, SyncHandler.UNINSTALLED.name().toLowerCase(), Optional.empty());
    }

    private String createEventDataInternal(String str, String str2, Optional<OAuthClient> optional) {
        Consumer consumer = (Consumer) Preconditions.checkNotNull(this.consumerService.getConsumer());
        ConnectAddonEventDataBuilder newConnectAddonEventData = ConnectAddonEventData.newConnectAddonEventData();
        newConnectAddonEventData.withBaseUrl(Strings.nullToEmpty(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL))).withPluginKey(str).withClientKey(Strings.nullToEmpty(consumer.getKey())).withPublicKey(Strings.nullToEmpty(RSAKeys.toPemEncoding(consumer.getPublicKey()))).withPluginsVersion(Strings.nullToEmpty(getConnectPluginVersion())).withServerVersion(Strings.nullToEmpty(this.applicationProperties.getBuildNumber())).withServiceEntitlementNumber(Strings.nullToEmpty(this.licenseRetriever.getServiceEntitlementNumber(str))).withProductType(Strings.nullToEmpty(this.productAccessor.getKey())).withDescription(Strings.nullToEmpty(consumer.getDescription())).withEventType(str2);
        if (this.darkFeatureManager.isFeatureEnabledForCurrentUser(DARK_FEATURE_OAUTH2_IMPERSONATION)) {
            newConnectAddonEventData.withOauthClient(optional);
        } else {
            newConnectAddonEventData.withSharedSecret((String) optional.map((v0) -> {
                return v0.getSharedSecret();
            }).orElse(null));
        }
        return ConnectModulesGsonFactory.toJson(newConnectAddonEventData.build());
    }

    private String getConnectPluginVersion() {
        String str = this.bundleContext.getBundle().getHeaders().get("Bundle-Version");
        if (str == null) {
            return null;
        }
        return str.toString();
    }

    private boolean addonUsesSymmetricSharedSecret(ConnectAddonBean connectAddonBean, SigningAlgorithm signingAlgorithm) {
        AuthenticationBean authentication = connectAddonBean.getAuthentication();
        return null != authentication && addonUsesSymmetricSharedSecret(authentication.getType(), signingAlgorithm);
    }

    private boolean addonUsesSymmetricSharedSecret(AuthenticationType authenticationType, SigningAlgorithm signingAlgorithm) {
        return AuthenticationType.JWT.equals(authenticationType) && signingAlgorithm.requiresSharedSecret();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String provisionAddonUserAndScopes(ConnectAddonBean connectAddonBean, String str) throws PluginInstallException, ConnectAddonInstallException {
        Set newHashSet = Sets.newHashSet();
        Set<ScopeName> scopes = connectAddonBean.getScopes();
        if (StringUtils.isNotBlank(str)) {
            newHashSet = this.connectAddonBeanFactory.fromJson(str).getScopes();
        }
        try {
            return this.connectUserService.provisionAddonUserWithScopes(connectAddonBean, newHashSet, scopes);
        } catch (ConnectAddonInitException e) {
            throw new ConnectAddonInstallException(e.getMessage(), e, e.getI18nKey(), connectAddonBean.getName());
        }
    }
}
