package com.atlassian.stash.internal.jira;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.api.ApplicationLinkResponseHandler;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.application.jira.JiraApplicationType;
import com.atlassian.applinks.api.auth.Anonymous;
import com.atlassian.applinks.host.spi.HostApplication;
import com.atlassian.applinks.spi.Manifest;
import com.atlassian.applinks.spi.application.TypeId;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationException;
import com.atlassian.applinks.spi.auth.AuthenticationScenario;
import com.atlassian.applinks.spi.link.ApplicationLinkDetails;
import com.atlassian.applinks.spi.link.MutatingApplicationLinkService;
import com.atlassian.applinks.spi.link.ReciprocalActionException;
import com.atlassian.applinks.spi.link.RemoteErrorListException;
import com.atlassian.applinks.spi.manifest.ManifestNotFoundException;
import com.atlassian.applinks.spi.manifest.ManifestRetriever;
import com.atlassian.applinks.spi.util.TypeAccessor;
import com.atlassian.crowd.directory.RemoteCrowdDirectory;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.impl.ImmutableDirectory;
import com.atlassian.crowd.exception.ApplicationNotFoundException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.model.application.ApplicationType;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.restriction.constants.DirectoryTermKeys;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.Response;
import com.atlassian.sal.api.net.ResponseException;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.ApplicationConstants;
import com.atlassian.stash.jira.IncorrectStashBaseUrlException;
import com.atlassian.stash.jira.JiraSetupException;
import com.atlassian.stash.jira.JiraSetupService;
import com.atlassian.stash.jira.JiraUserCredentialsException;
import com.atlassian.stash.jira.NotAJiraServerException;
import com.atlassian.stash.jira.StashApplicationTypeNotInstalledException;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionAdminService;
import com.atlassian.stash.user.SetPermissionRequest;
import com.atlassian.stash.util.UrlUtils;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.net.URI;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
@AvailableToPlugins(JiraSetupService.class)
/* loaded from: input_file:com/atlassian/stash/internal/jira/JiraSetupServiceImpl.class */
public class JiraSetupServiceImpl implements JiraSetupService {
    private static final Logger LOG = LoggerFactory.getLogger(JiraSetupServiceImpl.class);
    private static final ImmutableSet<OperationType> ALLOWED_DIRECTORY_OPERATIONS = Sets.immutableEnumSet(OperationType.UPDATE_USER_ATTRIBUTE, new OperationType[]{OperationType.UPDATE_GROUP_ATTRIBUTE});
    private static final String CROWD_DIRECTORY_NAME = "JIRA User Directory";
    private static final int POLLING_INTERVAL_SECONDS = 3600;
    private static final String JIRA_SYSADMIN_GROUP = "jira-administrators";
    private final MutatingApplicationLinkService applicationLinkService;
    private final TypeAccessor typeAccessor;
    private final ManifestRetriever manifestRetriever;
    private final CrowdDirectoryService crowdDirectoryService;
    private final DirectoryManager directoryManager;
    private final ApplicationManager applicationManager;
    private final I18nService i18nService;
    private final PermissionAdminService permissionAdminService;
    private final HostApplication hostApplication;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/stash/internal/jira/JiraSetupServiceImpl$CrowdResult.class */
    public static class CrowdResult {
        final CrowdResultType type;
        final String message;
        final Exception exception;

        private CrowdResult(CrowdResultType crowdResultType, String str, Exception exc) {
            this.type = crowdResultType;
            this.message = str;
            this.exception = exc;
        }

        boolean isOk() {
            return this.type == CrowdResultType.OK;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/stash/internal/jira/JiraSetupServiceImpl$CrowdResultType.class */
    public enum CrowdResultType {
        NOT_20x,
        BAD_RESPONSE,
        OK
    }

    @Autowired
    public JiraSetupServiceImpl(MutatingApplicationLinkService mutatingApplicationLinkService, TypeAccessor typeAccessor, HostApplication hostApplication, ManifestRetriever manifestRetriever, CrowdDirectoryService crowdDirectoryService, DirectoryManager directoryManager, PermissionAdminService permissionAdminService, ApplicationManager applicationManager, I18nService i18nService) {
        this.applicationLinkService = mutatingApplicationLinkService;
        this.typeAccessor = typeAccessor;
        this.hostApplication = hostApplication;
        this.manifestRetriever = manifestRetriever;
        this.crowdDirectoryService = crowdDirectoryService;
        this.directoryManager = directoryManager;
        this.permissionAdminService = permissionAdminService;
        this.applicationManager = applicationManager;
        this.i18nService = i18nService;
    }

    @Transactional(rollbackFor = {JiraSetupException.class})
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN')")
    public void createLink(URI uri, URI uri2, String str, String str2, boolean z) throws JiraSetupException {
        URI trimTrailingSlashesFromPath = UrlUtils.trimTrailingSlashesFromPath(uri);
        URI trimTrailingSlashesFromPath2 = UrlUtils.trimTrailingSlashesFromPath(uri2);
        checkServerIsJiraWithEmbeddedCrowd(trimTrailingSlashesFromPath);
        checkAdminCredentials(trimTrailingSlashesFromPath, str, str2);
        try {
            ApplicationLink createReciprocatedApplicationLink = createReciprocatedApplicationLink(trimTrailingSlashesFromPath, trimTrailingSlashesFromPath2, str, str2);
            authenticateApplicationLink(createReciprocatedApplicationLink, str, str2, trimTrailingSlashesFromPath2);
            if (z) {
                CrowdApplicationEntity createStashApplicationInCrowd = createStashApplicationInCrowd(createReciprocatedApplicationLink, str, str2);
                setupJiraDirectory(trimTrailingSlashesFromPath, createStashApplicationInCrowd.getName(), createStashApplicationInCrowd.getPassword());
                grantPermissionsToStandardJiraGroups();
            }
        } catch (JiraSetupException e) {
            throw e;
        } catch (Exception e2) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.failedtosetupjiraintegration", new Object[]{e2.getMessage()}), e2);
        }
    }

    @VisibleForTesting
    void checkServerIsJiraWithEmbeddedCrowd(URI uri) throws JiraSetupException {
        try {
            Manifest manifest = this.manifestRetriever.getManifest(uri);
            if (!manifest.getTypeId().equals(TypeId.getTypeId(getJiraApplicationType()))) {
                throw new NotAJiraServerException(this.i18nService.getMessage("stash.web.jira.setup.wrongappurl", new Object[]{StringUtils.capitalize(manifest.getTypeId().get())}));
            }
        } catch (ManifestNotFoundException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Failed to retrieve manifest from " + uri, e);
            }
            throw new NotAJiraServerException(this.i18nService.getMessage("stash.web.jira.setup.notajiraserver", new Object[0]), e);
        }
    }

    protected void checkAdminCredentials(URI uri, String str, String str2) throws JiraSetupException {
        try {
            if (this.applicationLinkService.isAdminUserInRemoteApplication(uri, str, str2)) {
            } else {
                throw new JiraUserCredentialsException(this.i18nService.getMessage("stash.web.jira.setup.badcredentials", new Object[]{str}));
            }
        } catch (ResponseException e) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.credentialsexception", new Object[]{e}));
        }
    }

    protected ApplicationLink createReciprocatedApplicationLink(URI uri, URI uri2, String str, String str2) throws JiraSetupException {
        try {
            this.applicationLinkService.createReciprocalLink((URI) Preconditions.checkNotNull(uri, "remoteRpcUrl"), (URI) Preconditions.checkNotNull(uri2, "localRpcUrl"), (String) Preconditions.checkNotNull(str, "username"), (String) Preconditions.checkNotNull(str2, "password"));
        } catch (ReciprocalActionException e) {
            throwDefaultRecriprocalActionFailedException(uri, uri2, e);
        } catch (RemoteErrorListException e2) {
            if (remoteErrorMessageStartsWith(e2, "There is no application type ")) {
                throw new StashApplicationTypeNotInstalledException(this.i18nService.getMessage("stash.web.jira.setup.remotestashapplicationtypemissing", new Object[0]), e2);
            }
            if (remoteErrorMessageStartsWith(e2, "Can't access application via URL")) {
                throw new IncorrectStashBaseUrlException(this.i18nService.getMessage("stash.web.jira.setup.incorrectstashbaseurl", new Object[0]), e2);
            }
            throwDefaultRecriprocalActionFailedException(uri, uri2, e2);
        }
        try {
            return this.applicationLinkService.createApplicationLink(getJiraApplicationType(), ApplicationLinkDetails.builder().rpcUrl(uri).displayUrl(uri).isPrimary(true).name(generateLinkName(uri)).build());
        } catch (ManifestNotFoundException e3) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.failedtoretrievemanifestduringapplinkcreation", new Object[0]), e3);
        }
    }

    private JiraApplicationType getJiraApplicationType() throws JiraSetupException {
        JiraApplicationType applicationType = this.typeAccessor.getApplicationType(JiraApplicationType.class);
        if (applicationType == null) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.localjiraapplicationtypemissing", new Object[]{JiraApplicationType.class}));
        }
        return applicationType;
    }

    protected static boolean remoteErrorMessageStartsWith(RemoteErrorListException remoteErrorListException, String str) {
        Iterator it = remoteErrorListException.getErrors().iterator();
        while (it.hasNext()) {
            if (((String) it.next()).startsWith(str)) {
                return true;
            }
        }
        return false;
    }

    private void throwDefaultRecriprocalActionFailedException(URI uri, URI uri2, ReciprocalActionException reciprocalActionException) throws JiraSetupException {
        throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.genericreciprocalapplicationlinkfailure", new Object[]{uri, uri2}), reciprocalActionException);
    }

    protected void authenticateApplicationLink(ApplicationLink applicationLink, String str, String str2, URI uri) throws JiraSetupException {
        try {
            this.applicationLinkService.configureAuthenticationForApplicationLink(applicationLink, new AuthenticationScenario() { // from class: com.atlassian.stash.internal.jira.JiraSetupServiceImpl.1
                public boolean isCommonUserBase() {
                    return false;
                }

                public boolean isTrusted() {
                    return true;
                }
            }, str, str2);
        } catch (AuthenticationConfigurationException e) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.applink.authenticationconfigurationfailure", new Object[]{applicationLink.getRpcUrl(), uri}), e);
        }
    }

    private CrowdApplicationEntity createStashApplicationInCrowd(ApplicationLink applicationLink, String str, String str2) throws JiraSetupException {
        try {
            ApplicationLinkRequest createRequest = applicationLink.createAuthenticatedRequestFactory(Anonymous.class).createRequest(Request.MethodType.POST, "rest/appmanagement/1/application?include-request-address=true");
            createRequest.addBasicAuthentication(str, str2);
            CrowdApplicationEntity createApplicationEntity = createApplicationEntity();
            createRequest.setEntity(createApplicationEntity);
            CrowdResult executeRequest = executeRequest(createRequest);
            if (executeRequest.isOk()) {
                return createApplicationEntity;
            }
            throw new JiraSetupException(executeRequest.message, executeRequest.exception);
        } catch (CredentialsRequiredException e) {
            throw new IllegalStateException("Anonymous authentication provider should never throw CredentialsRequiredException", e);
        }
    }

    private CrowdApplicationEntity createApplicationEntity() {
        ApplicationType applicationType = ApplicationType.GENERIC_APPLICATION;
        return new CrowdApplicationEntity(applicationType, generateName(applicationType), DefaultSecureTokenGenerator.getInstance().generateToken(), "Automatically created by the setup of " + applicationType.getDisplayName() + " on " + SimpleDateFormat.getDateInstance().format(new Date()), true);
    }

    private String generateName(ApplicationType applicationType) {
        return applicationType.getDisplayName() + " - " + StringUtils.defaultString(this.hostApplication.getBaseUrl().getHost()) + " - " + this.hostApplication.getId();
    }

    private CrowdResult executeRequest(ApplicationLinkRequest applicationLinkRequest) {
        try {
            return (CrowdResult) applicationLinkRequest.execute(new ApplicationLinkResponseHandler<CrowdResult>() { // from class: com.atlassian.stash.internal.jira.JiraSetupServiceImpl.2
                /* renamed from: credentialsRequired, reason: merged with bridge method [inline-methods] */
                public CrowdResult m79credentialsRequired(Response response) {
                    throw new IllegalStateException("Anonymous authentication provider should never invoke ApplicationLinkResponseHandler#credentialsRequired()");
                }

                /* renamed from: handle, reason: merged with bridge method [inline-methods] */
                public CrowdResult m80handle(Response response) throws ResponseException {
                    return !response.isSuccessful() ? new CrowdResult(CrowdResultType.NOT_20x, JiraSetupServiceImpl.this.i18nService.getMessage("stash.web.jira.setup.failedtoregisterstashcrowdconfiguration", new Object[]{Integer.valueOf(response.getStatusCode()), response.getStatusText()}), null) : new CrowdResult(CrowdResultType.OK, null, null);
                }
            });
        } catch (ResponseException e) {
            return new CrowdResult(CrowdResultType.BAD_RESPONSE, this.i18nService.getMessage("stash.web.jira.setup.failedtoregisterstashcrowdconfiguration.exception", new Object[]{e}), e);
        }
    }

    protected void setupJiraDirectory(URI uri, String str, String str2) throws JiraSetupException {
        if (directoryNameInUse(CROWD_DIRECTORY_NAME)) {
            throw new JiraSetupException(this.i18nService.getMessage("stash.web.jira.setup.crowddirectorynamealreadyexists", new Object[]{CROWD_DIRECTORY_NAME}));
        }
        ImmutableDirectory.Builder newBuilder = ImmutableDirectory.newBuilder();
        Date date = new Date();
        newBuilder.setCreatedDate(date);
        newBuilder.setUpdatedDate(date);
        newBuilder.setAllowedOperations(ALLOWED_DIRECTORY_OPERATIONS);
        newBuilder.setActive(true);
        newBuilder.setImplementationClass(RemoteCrowdDirectory.class.getName());
        newBuilder.setName(CROWD_DIRECTORY_NAME);
        newBuilder.setType(DirectoryType.CROWD);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("application.name", str);
        newHashMap.put("application.password", str2);
        newHashMap.put("crowd.server.url", uri.toASCIIString());
        newHashMap.put("useNestedGroups", "false");
        newHashMap.put("directory.cache.synchronise.interval", Long.toString(3600L));
        newHashMap.put("crowd.sync.incremental.enabled", "true");
        newBuilder.setAttributes(newHashMap);
        Directory addDirectory = this.crowdDirectoryService.addDirectory(newBuilder.toDirectory());
        LOG.info("JIRA user directory created: [ {} ], type: [ {} ]", addDirectory.getName(), addDirectory.getType());
        try {
            this.applicationManager.addDirectoryMapping(this.applicationManager.findByName(ApplicationConstants.CROWD_APPLICATION_NAME), addDirectory, true, (OperationType[]) ALLOWED_DIRECTORY_OPERATIONS.toArray(new OperationType[ALLOWED_DIRECTORY_OPERATIONS.size()]));
        } catch (DirectoryNotFoundException e) {
            throw new IllegalStateException("Couldn't find newly created directory JIRA User Directory", e);
        } catch (ApplicationNotFoundException e2) {
            throw new IllegalStateException("Couldn't find mapping for " + ApplicationConstants.CROWD_APPLICATION_NAME, e2);
        }
    }

    private boolean directoryNameInUse(String str) {
        return !getDirectoriesWithName(str).isEmpty();
    }

    private List<Directory> getDirectoriesWithName(String str) {
        return this.directoryManager.searchDirectories(QueryBuilder.queryFor(Directory.class, EntityDescriptor.directory()).with(Restriction.on(DirectoryTermKeys.NAME).exactlyMatching(str)).returningAtMost(-1));
    }

    private void grantPermissionsToStandardJiraGroups() {
        this.permissionAdminService.setPermission(new SetPermissionRequest.Builder().globalPermission(Permission.SYS_ADMIN).group(JIRA_SYSADMIN_GROUP).build());
    }

    protected static String generateLinkName(URI uri) {
        String str;
        str = "JIRA";
        return uri.getHost() != null ? uri.getHost() + " " + str : "JIRA";
    }
}
