package com.atlassian.jira.workflow;

import com.atlassian.analytics.api.annotations.EventName;
import com.atlassian.core.util.ClassLoaderUtils;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.JiraFeatureFlagRegistrar;
import com.atlassian.jira.cluster.ClusterSafe;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.extension.Startable;
import com.atlassian.jira.util.JiraUtils;
import com.atlassian.jira.util.dbc.Assertions;
import com.google.common.collect.ImmutableList;
import com.opensymphony.workflow.Condition;
import com.opensymphony.workflow.FunctionProvider;
import com.opensymphony.workflow.Register;
import com.opensymphony.workflow.TypeResolver;
import com.opensymphony.workflow.Validator;
import com.opensymphony.workflow.WorkflowException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/workflow/DefaultOSWorkflowConfigurator.class */
public class DefaultOSWorkflowConfigurator implements Startable, OSWorkflowConfigurator {
    private static final Logger log = LoggerFactory.getLogger(DefaultOSWorkflowConfigurator.class);
    private static final List<String> CLASS_NAME_PREFIX_WHITELIST = ImmutableList.of("com.atlassian.");

    @ClusterSafe
    private final ConcurrentMap<String, TypeResolver> pluginTypeResolvers = new ConcurrentHashMap();
    private final TypeResolver legacyTypeResolver = new LegacyJiraTypeResolver();
    private final EventPublisher eventPublisher;
    private final FeatureManager featureManager;

    @EventName("administration.workflow.configurator.legacy.class.loaded")
    /* loaded from: input_file:com/atlassian/jira/workflow/DefaultOSWorkflowConfigurator$ClassLoadedAnalyticsEvent.class */
    static class ClassLoadedAnalyticsEvent {
        private final boolean isAtlassianImplemented;
        private final boolean isOSWorkflowDefault;
        private final boolean isLoadedSuccessfully;
        private final boolean isClassLoadingBlocked;

        public static ClassLoadedAnalyticsEvent allowedClass(String str, boolean z) {
            return new ClassLoadedAnalyticsEvent(str, z, false);
        }

        public static ClassLoadedAnalyticsEvent blockedClass(String str) {
            return new ClassLoadedAnalyticsEvent(str, false, true);
        }

        public ClassLoadedAnalyticsEvent(String str, boolean z, boolean z2) {
            this.isAtlassianImplemented = str.startsWith("com.atlassian.");
            this.isOSWorkflowDefault = str.startsWith("com.opensymphony.workflow.");
            this.isLoadedSuccessfully = z;
            this.isClassLoadingBlocked = z2;
        }

        public boolean isOSWorkflowDefault() {
            return this.isOSWorkflowDefault;
        }

        public boolean isAtlassianImplemented() {
            return this.isAtlassianImplemented;
        }

        public boolean isLoadedSuccessfully() {
            return this.isLoadedSuccessfully;
        }

        public boolean isClassLoadingBlocked() {
            return this.isClassLoadingBlocked;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            ClassLoadedAnalyticsEvent classLoadedAnalyticsEvent = (ClassLoadedAnalyticsEvent) obj;
            return this.isAtlassianImplemented == classLoadedAnalyticsEvent.isAtlassianImplemented && this.isOSWorkflowDefault == classLoadedAnalyticsEvent.isOSWorkflowDefault && this.isLoadedSuccessfully == classLoadedAnalyticsEvent.isLoadedSuccessfully && this.isClassLoadingBlocked == classLoadedAnalyticsEvent.isClassLoadingBlocked;
        }

        public int hashCode() {
            return Objects.hash(Boolean.valueOf(this.isAtlassianImplemented), Boolean.valueOf(this.isOSWorkflowDefault), Boolean.valueOf(this.isLoadedSuccessfully), Boolean.valueOf(this.isClassLoadingBlocked));
        }
    }

    /* loaded from: input_file:com/atlassian/jira/workflow/DefaultOSWorkflowConfigurator$JiraTypeResolverDelegator.class */
    final class JiraTypeResolverDelegator extends TypeResolver {
        JiraTypeResolverDelegator() {
        }

        private TypeResolver getDelegate(Map map) {
            String str = (String) map.get("class.name");
            if (str == null) {
                return null;
            }
            TypeResolver typeResolver = (TypeResolver) DefaultOSWorkflowConfigurator.this.pluginTypeResolvers.get(str);
            return typeResolver == null ? DefaultOSWorkflowConfigurator.this.legacyTypeResolver : typeResolver;
        }

        public Condition getCondition(String str, Map map) throws WorkflowException {
            TypeResolver delegate = getDelegate(map);
            if (delegate == null) {
                return null;
            }
            return SkippableCondition.of(delegate.getCondition(str, map));
        }

        public FunctionProvider getFunction(String str, Map map) throws WorkflowException {
            TypeResolver delegate = getDelegate(map);
            if (delegate == null) {
                return null;
            }
            return delegate.getFunction(str, map);
        }

        public Register getRegister(String str, Map map) throws WorkflowException {
            TypeResolver delegate = getDelegate(map);
            if (delegate == null) {
                return null;
            }
            return delegate.getRegister(str, map);
        }

        public Validator getValidator(String str, Map map) throws WorkflowException {
            TypeResolver delegate = getDelegate(map);
            if (delegate == null) {
                return null;
            }
            return SkippableValidator.of(delegate.getValidator(str, map));
        }
    }

    /* loaded from: input_file:com/atlassian/jira/workflow/DefaultOSWorkflowConfigurator$LegacyJiraTypeResolver.class */
    final class LegacyJiraTypeResolver extends TypeResolver {
        public LegacyJiraTypeResolver() {
            this.conditions = Collections.emptyMap();
            this.functions = Collections.emptyMap();
            this.registers = Collections.emptyMap();
            this.validators = Collections.emptyMap();
        }

        protected Object loadObject(String str) {
            String trim = str.trim();
            try {
                Class loadClass = ClassLoaderUtils.loadClass(trim, getClass());
                if (loadClass == null) {
                    DefaultOSWorkflowConfigurator.log.error("Could not load class '" + trim + "'");
                    DefaultOSWorkflowConfigurator.this.eventPublisher.publish(ClassLoadedAnalyticsEvent.allowedClass(trim, false));
                    return null;
                }
                if (!isRestricted(trim)) {
                    DefaultOSWorkflowConfigurator.this.eventPublisher.publish(ClassLoadedAnalyticsEvent.allowedClass(loadClass.getName(), true));
                    return JiraUtils.loadComponent(loadClass);
                }
                DefaultOSWorkflowConfigurator.log.error("Rejecting usage of unsafe workflow function/class: `{}`. You can enable usage of this class by removing `{}.enabled` dark feature flag from Jira if you are sure its known and secure case. It will make Jira vulnerablefor other potential attacks.", trim, JiraFeatureFlagRegistrar.BLOCK_UNKNOWN_WORKFLOW_CLASS.featureKey());
                DefaultOSWorkflowConfigurator.this.eventPublisher.publish(ClassLoadedAnalyticsEvent.blockedClass(trim));
                return null;
            } catch (Exception e) {
                DefaultOSWorkflowConfigurator.log.error("Could not load class '" + trim + "'", e);
                DefaultOSWorkflowConfigurator.this.eventPublisher.publish(ClassLoadedAnalyticsEvent.allowedClass(trim, false));
                return null;
            }
        }

        private boolean isRestricted(String str) {
            Stream stream = DefaultOSWorkflowConfigurator.CLASS_NAME_PREFIX_WHITELIST.stream();
            str.getClass();
            if (!stream.noneMatch(str::startsWith)) {
                return false;
            }
            if (DefaultOSWorkflowConfigurator.this.featureManager.isEnabled(JiraFeatureFlagRegistrar.BLOCK_UNKNOWN_WORKFLOW_CLASS)) {
                return true;
            }
            DefaultOSWorkflowConfigurator.log.warn("Workflows use unknown function/class `{}` which can be harmful. Please audit workflows in your instance or enable `{}.enabled` dark feature flag.", str, JiraFeatureFlagRegistrar.BLOCK_UNKNOWN_WORKFLOW_CLASS.featureKey());
            return false;
        }
    }

    public DefaultOSWorkflowConfigurator(EventPublisher eventPublisher, FeatureManager featureManager) {
        this.eventPublisher = eventPublisher;
        this.featureManager = featureManager;
    }

    public void start() throws Exception {
        TypeResolver.setResolver(new JiraTypeResolverDelegator());
    }

    @Override // com.atlassian.jira.workflow.OSWorkflowConfigurator
    public void registerTypeResolver(String str, TypeResolver typeResolver) {
        Assertions.notNull("className", str);
        Assertions.notNull("typeResolver", typeResolver);
        this.pluginTypeResolvers.put(str, typeResolver);
    }

    @Override // com.atlassian.jira.workflow.OSWorkflowConfigurator
    public void unregisterTypeResolver(String str, TypeResolver typeResolver) {
        Assertions.notNull("className", str);
        Assertions.notNull("typeResolver", typeResolver);
        this.pluginTypeResolvers.remove(str, typeResolver);
    }
}
