package com.atlassian.crowd.service.soap;

import com.atlassian.core.util.collection.EasyList;
import com.atlassian.crowd.authentication.TrustedProxyManager;
import com.atlassian.crowd.integration.authentication.AuthenticatedToken;
import com.atlassian.crowd.integration.authentication.ValidationFactor;
import com.atlassian.crowd.integration.exception.InvalidAuthorizationTokenException;
import com.atlassian.crowd.integration.exception.InvalidTokenException;
import com.atlassian.crowd.integration.exception.ObjectNotFoundException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.cache.CacheManager;
import com.atlassian.crowd.manager.cache.CacheManagerException;
import com.atlassian.crowd.manager.cache.NotInCacheException;
import com.atlassian.crowd.manager.license.CrowdLicenseManager;
import com.atlassian.crowd.manager.property.PropertyManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.RemoteAddress;
import com.atlassian.crowd.model.token.Token;
import com.atlassian.crowd.util.I18nHelper;
import com.atlassian.crowd.util.RemoteAddressHelper;
import java.rmi.RemoteException;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.codehaus.xfire.transport.http.XFireServletController;

/* loaded from: input_file:com/atlassian/crowd/service/soap/SOAPService.class */
public class SOAPService {
    private static final Logger logger = Logger.getLogger(SOAPService.class);
    private ApplicationService applicationService;
    private ApplicationManager applicationManager;
    private PropertyManager propertyManager;
    private CacheManager cacheManager;
    private CrowdLicenseManager crowdLicenseManager;
    private TrustedProxyManager trustedProxyManager;
    private I18nHelper i18nHelper;

    public ValidationFactor[] getApplicationClientValidationFactors(String str) {
        HttpServletRequest clientRequest = getClientRequest();
        String remoteAddr = clientRequest.getRemoteAddr();
        String remoteHost = clientRequest.getRemoteHost();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ValidationFactor("remote_address", remoteAddr));
        arrayList.add(new ValidationFactor("remote_host", remoteHost));
        arrayList.add(new ValidationFactor("NAME", str));
        String header = clientRequest.getHeader("X-Forwarded-For");
        if (header != null && !header.equals(remoteAddr)) {
            arrayList.add(new ValidationFactor("X-Forwarded-For", header));
        }
        return (ValidationFactor[]) arrayList.toArray(new ValidationFactor[arrayList.size()]);
    }

    public Application validateSOAPService(AuthenticatedToken authenticatedToken) throws RemoteException, InvalidAuthorizationTokenException {
        try {
            logger.debug("validating license key");
            validateLicense();
            logger.debug("validating application token: " + authenticatedToken.getToken());
            Token validateApplicationToken = this.applicationService.validateApplicationToken(authenticatedToken.getToken(), getApplicationClientValidationFactors(authenticatedToken.getName()));
            logger.debug("loading application: " + validateApplicationToken.getName());
            Application findByName = this.applicationManager.findByName(validateApplicationToken.getName());
            isValidRemoteAddress(findByName);
            return findByName;
        } catch (ObjectNotFoundException e) {
            throw new InvalidAuthorizationTokenException(this.i18nHelper.getText("soapservice.authenticationinvalid.exception"), e);
        } catch (InvalidTokenException e2) {
            throw new InvalidAuthorizationTokenException(this.i18nHelper.getText("soapservice.authenticationinvalid.exception"), e2);
        }
    }

    private HttpServletRequest getClientRequest() {
        return XFireServletController.getRequest();
    }

    private String getRemoteAddressOrTrustedXFF(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        return (header == null || !this.trustedProxyManager.isTrusted(remoteAddr)) ? remoteAddr : header;
    }

    private boolean isValidRemoteAddress(Application application) throws CacheManagerException, InvalidAuthorizationTokenException {
        HttpServletRequest clientRequest = getClientRequest();
        String remoteAddressOrTrustedXFF = getRemoteAddressOrTrustedXFF(clientRequest);
        String remoteHost = clientRequest.getRemoteHost();
        if (logger.isDebugEnabled()) {
            logger.debug("Client address: " + remoteAddressOrTrustedXFF);
            logger.debug("Client host: " + remoteHost);
        }
        boolean isCacheEnabled = this.propertyManager.isCacheEnabled();
        if (isCacheEnabled) {
            try {
                Boolean bool = (Boolean) this.cacheManager.get(Application.class.toString() + application.getName() + remoteAddressOrTrustedXFF);
                if (bool != null) {
                    if (bool.booleanValue()) {
                        return true;
                    }
                }
            } catch (NotInCacheException e) {
            }
            try {
                Boolean bool2 = (Boolean) this.cacheManager.get(Application.class.toString() + application.getName() + remoteHost);
                if (bool2 != null) {
                    if (bool2.booleanValue()) {
                        return true;
                    }
                }
            } catch (NotInCacheException e2) {
            }
        }
        RemoteAddress remoteAddress = new RemoteAddress(remoteAddressOrTrustedXFF);
        RemoteAddress remoteAddress2 = new RemoteAddress(remoteHost);
        for (RemoteAddress remoteAddress3 : application.getRemoteAddresses()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Comparing to accepted address: " + remoteAddress3.getAddress());
            }
            if (RemoteAddressHelper.isAddressAllowed(remoteAddress3, remoteAddress) || RemoteAddressHelper.isAddressAllowed(remoteAddress3, remoteAddress2)) {
                if (!isCacheEnabled) {
                    return true;
                }
                this.cacheManager.put(Application.class.toString() + application.getName() + remoteAddress3.getAddress(), Boolean.TRUE);
                return true;
            }
        }
        logger.info(this.i18nHelper.getText("soapservice.clienthostinvalid.exception", EasyList.build(remoteAddressOrTrustedXFF, remoteHost)));
        throw new InvalidAuthorizationTokenException(this.i18nHelper.getText("soapservice.clienthostinvalid.exception", EasyList.build(remoteAddressOrTrustedXFF, remoteHost)));
    }

    protected void validateLicense() throws RemoteException {
        if (!this.crowdLicenseManager.isLicenseValid()) {
            throw new RemoteException(this.i18nHelper.getText("soapservice.licenseinvalid.exception"));
        }
    }

    public void setApplicationService(ApplicationService applicationService) {
        this.applicationService = applicationService;
    }

    public void setPropertyManager(PropertyManager propertyManager) {
        this.propertyManager = propertyManager;
    }

    public void setCacheManager(CacheManager cacheManager) {
        this.cacheManager = cacheManager;
    }

    public void setCrowdLicenseManager(CrowdLicenseManager crowdLicenseManager) {
        this.crowdLicenseManager = crowdLicenseManager;
    }

    public void setTrustedProxyManager(TrustedProxyManager trustedProxyManager) {
        this.trustedProxyManager = trustedProxyManager;
    }

    public void setApplicationManager(ApplicationManager applicationManager) {
        this.applicationManager = applicationManager;
    }

    public void setI18nHelper(I18nHelper i18nHelper) {
        this.i18nHelper = i18nHelper;
    }
}
