package com.atlassian.stash.internal.auth.trusted;

import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.security.auth.trustedapps.Application;
import com.atlassian.security.auth.trustedapps.ApplicationRetriever;
import com.atlassian.security.auth.trustedapps.CurrentApplication;
import com.atlassian.security.auth.trustedapps.DefaultCurrentApplication;
import com.atlassian.security.auth.trustedapps.DefaultTrustedApplication;
import com.atlassian.security.auth.trustedapps.EncryptionProvider;
import com.atlassian.security.auth.trustedapps.RequestConditions;
import com.atlassian.security.auth.trustedapps.TrustedApplication;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsConfigurationManager;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsManager;
import com.atlassian.stash.Product;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.auth.trusted.InternalTrustedApplication;
import com.atlassian.stash.util.Page;
import com.atlassian.stash.util.PageRequestImpl;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service("trustedApplicationsManager")
@AvailableToPlugins(interfaces = {TrustedApplicationsManager.class, TrustedApplicationsConfigurationManager.class})
/* loaded from: input_file:com/atlassian/stash/internal/auth/trusted/TrustedApplicationsManagerImpl.class */
public class TrustedApplicationsManagerImpl implements ApplicationListener<ContextRefreshedEvent>, TrustedApplicationsManager, TrustedApplicationsConfigurationManager {
    private static final Logger log = LoggerFactory.getLogger(TrustedApplicationsManagerImpl.class);
    private final EncryptionProvider encryptionProvider;
    private final TrustedApplicationDao trustedApplicationDao;
    private final CurrentApplicationDao currentApplicationDao;
    private final Function<InternalTrustedApplication, TrustedApplication> toTrustedApplication = new Function<InternalTrustedApplication, TrustedApplication>() { // from class: com.atlassian.stash.internal.auth.trusted.TrustedApplicationsManagerImpl.1
        public TrustedApplication apply(InternalTrustedApplication internalTrustedApplication) {
            if (internalTrustedApplication == null) {
                return null;
            }
            try {
                return new DefaultTrustedApplication(TrustedApplicationsManagerImpl.this.encryptionProvider, TrustedApplicationsManagerImpl.this.encryptionProvider.toPublicKey(internalTrustedApplication.getPublicKey()), internalTrustedApplication.getApplicationId(), RequestConditions.builder().addIPPattern((String[]) Iterables.toArray(internalTrustedApplication.getIPPatterns(), String.class)).addURLPattern((String[]) Iterables.toArray(internalTrustedApplication.getUrlPatterns(), String.class)).setCertificateTimeout(internalTrustedApplication.getCertificateTimeout()).build());
            } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
                throw new IllegalStateException(e);
            }
        }
    };

    @Autowired
    public TrustedApplicationsManagerImpl(EncryptionProvider encryptionProvider, TrustedApplicationDao trustedApplicationDao, CurrentApplicationDao currentApplicationDao) {
        this.encryptionProvider = encryptionProvider;
        this.trustedApplicationDao = trustedApplicationDao;
        this.currentApplicationDao = currentApplicationDao;
    }

    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public TrustedApplication addTrustedApplication(Application application, RequestConditions requestConditions) {
        InternalTrustedApplication byApplicationId = this.trustedApplicationDao.getByApplicationId(application.getID());
        InternalTrustedApplication.Builder publicKey = byApplicationId == null ? new InternalTrustedApplication.Builder().applicationId(application.getID()).publicKey(application.getPublicKey().getEncoded()) : byApplicationId.copy();
        if (requestConditions != null) {
            publicKey.certificateTimeout(requestConditions.getCertificateTimeout());
            publicKey.ipPatterns(requestConditions.getIPPatterns());
            publicKey.urlPatterns(requestConditions.getURLPatterns());
        }
        return (TrustedApplication) this.toTrustedApplication.apply(byApplicationId == null ? (InternalTrustedApplication) this.trustedApplicationDao.create(publicKey.build()) : (InternalTrustedApplication) this.trustedApplicationDao.update(publicKey.build()));
    }

    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public boolean deleteApplication(String str) {
        InternalTrustedApplication byApplicationId = this.trustedApplicationDao.getByApplicationId(str);
        if (byApplicationId != null) {
            this.trustedApplicationDao.delete(byApplicationId);
        }
        return byApplicationId != null;
    }

    @Transactional(readOnly = true)
    @Unsecured("harmless utility method for retrieving public remote certificates")
    public Iterable<TrustedApplication> getTrustedApplications() {
        return ImmutableList.copyOf(Iterables.transform(this.trustedApplicationDao.findAll(), this.toTrustedApplication));
    }

    @Transactional(readOnly = true)
    @Unsecured("harmless utility method for retrieving public remote certificates")
    public TrustedApplication getTrustedApplication(String str) {
        return (TrustedApplication) this.toTrustedApplication.apply(this.trustedApplicationDao.getByApplicationId(str));
    }

    @Unsecured("harmless utility method for retrieving public remote certificates")
    public CurrentApplication getCurrentApplication() {
        InternalCurrentApplication internalCurrentApplication = getInternalCurrentApplication();
        try {
            return new DefaultCurrentApplication(this.encryptionProvider, this.encryptionProvider.toPublicKey(internalCurrentApplication.getPublicKey()), this.encryptionProvider.toPrivateKey(internalCurrentApplication.getPrivateKey()), internalCurrentApplication.getApplicationId());
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    @Unsecured("harmless utility method for retrieving public remote certificates")
    public Application getApplicationCertificate(String str) throws ApplicationRetriever.RetrievalException {
        return this.encryptionProvider.getApplicationCertificate(str);
    }

    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        Page findAll = this.currentApplicationDao.findAll(new PageRequestImpl(0, 1));
        if (!findAll.getIsLastPage()) {
            log.warn("Multiple certificates found for this {} instance: please see https://confluence.atlassian.com/x/awiaEQ", Product.NAME);
        } else if (findAll.getSize() == 0) {
            getInternalCurrentApplication();
        }
    }

    private InternalCurrentApplication getInternalCurrentApplication() {
        InternalCurrentApplication internalCurrentApplication = this.currentApplicationDao.get();
        if (internalCurrentApplication == null) {
            try {
                KeyPair generateNewKeyPair = this.encryptionProvider.generateNewKeyPair();
                internalCurrentApplication = (InternalCurrentApplication) this.currentApplicationDao.create(new InternalCurrentApplication(this.encryptionProvider.generateUID(), generateNewKeyPair.getPublic().getEncoded(), generateNewKeyPair.getPrivate().getEncoded()));
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new IllegalStateException(e);
            }
        }
        return internalCurrentApplication;
    }
}
