package com.atlassian.applinks.core.auth.oauth.servlets.consumer;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.core.auth.oauth.servlets.AbstractOAuthConfigServlet;
import com.atlassian.applinks.core.docs.DocumentationLinker;
import com.atlassian.applinks.core.util.Message;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.RendererContextBuilder;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.ui.BatchedJSONi18NBuilderFactory;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.consumer.ConsumerService;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.hsqldb.DatabaseURL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:applinks-plugin-4.3.7.jar:com/atlassian/applinks/core/auth/oauth/servlets/consumer/AddServiceProviderManuallyServlet.class */
public class AddServiceProviderManuallyServlet extends AbstractOAuthConfigServlet {
    private static final String CONSUMER_KEY_PARAMETER = "consumerKey";
    private static final String NAME_PARAMETER = "name";
    private static final String DESCRIPTION_PARAMETER = "description";
    private static final String SHARED_SECRET_PARAMETER = "sharedSecret";
    private static final String SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER = "requestTokenUrl";
    private static final String SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER = "accessTokenUrl";
    private static final String SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER = "authorizeUrl";
    private static final String TEMPLATE = "auth/oauth/outbound_nonapplinks.vm";
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ConsumerService consumerService;
    private final WebSudoManager webSudoManager;
    public static final String CONSUMER_KEY_OUTBOUND = "consumerKey.outbound";
    public static final String SERVICE_PROVIDER_REQUEST_TOKEN_URL = "serviceProvider.requestTokenUrl";
    public static final String SERVICE_PROVIDER_ACCESS_TOKEN_URL = "serviceProvider.accessTokenUrl";
    public static final String SERVICE_PROVIDER_AUTHORIZE_URL = "serviceProvider.authorizeUrl";
    private static final String OUTGOING_ENABLED = "enabled";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AddServiceProviderManuallyServlet.class);
    private static final String OAUTH_OUTGOING_ENABLED_PARAM = "oauth-outgoing-enabled";

    protected AddServiceProviderManuallyServlet(I18nResolver i18nResolver, MessageFactory messageFactory, TemplateRenderer templateRenderer, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, AdminUIAuthenticator adminUIAuthenticator, AuthenticationConfigurationManager authenticationConfigurationManager, ConsumerService consumerService, InternalHostApplication internalHostApplication, BatchedJSONi18NBuilderFactory batchedJSONi18NBuilderFactory, LoginUriProvider loginUriProvider, DocumentationLinker documentationLinker, WebSudoManager webSudoManager, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, applicationLinkService, adminUIAuthenticator, batchedJSONi18NBuilderFactory, documentationLinker, loginUriProvider, internalHostApplication, xsrfTokenAccessor, xsrfTokenValidator);
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.consumerService = consumerService;
        this.webSudoManager = webSudoManager;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            view(httpServletRequest, httpServletResponse);
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            save(httpServletRequest, httpServletResponse);
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    private void view(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
        RendererContextBuilder createContextBuilder = createContextBuilder(requiredApplicationLink);
        if (this.authenticationConfigurationManager.isConfigured(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class)) {
            Map<String, String> configuration = this.authenticationConfigurationManager.getConfiguration(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class);
            if (configuration != null && configuration.containsKey(CONSUMER_KEY_OUTBOUND)) {
                String str = configuration.get(CONSUMER_KEY_OUTBOUND);
                Consumer consumerByKey = this.consumerService.getConsumerByKey(str);
                String str2 = configuration.get(SERVICE_PROVIDER_REQUEST_TOKEN_URL);
                String str3 = configuration.get(SERVICE_PROVIDER_ACCESS_TOKEN_URL);
                String str4 = configuration.get(SERVICE_PROVIDER_AUTHORIZE_URL);
                if (consumerByKey == null) {
                    LOG.warn("Failed to find information for service provider. No consumer with key '" + str + "' in OAuth store found. Application Link and OAuth store are out of sync. Has someone deleted this information?");
                } else {
                    createContextBuilder.put(CONSUMER_KEY_PARAMETER, consumerByKey.getKey()).put("name", consumerByKey.getName()).put("description", consumerByKey.getDescription()).put(SHARED_SECRET_PARAMETER, "").put("enabled", true).put(SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER, str2).put(SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER, str3).put(SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER, str4).put("success-msg", getMessage(httpServletRequest));
                }
            }
        } else {
            createContextBuilder.put("enabled", false).put("success-msg", getMessage(httpServletRequest));
        }
        render(TEMPLATE, createContextBuilder.build(), httpServletRequest, httpServletResponse);
    }

    private void save(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter("oauth-outgoing-enabled"));
        ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
        HashMap newHashMap = Maps.newHashMap();
        String checkRequiredParameter = checkRequiredParameter(httpServletRequest, CONSUMER_KEY_PARAMETER, newHashMap, "auth.oauth.config.consumer.serviceprovider.key.is.required");
        String checkRequiredParameter2 = checkRequiredParameter(httpServletRequest, "name", newHashMap, "auth.oauth.config.consumer.serviceprovider.name.is.required");
        String parameter = httpServletRequest.getParameter("description");
        String checkRequiredParameter3 = checkRequiredParameter(httpServletRequest, SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER, newHashMap, "auth.oauth.config.error.request.token.url");
        String checkRequiredParameter4 = checkRequiredParameter(httpServletRequest, SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER, newHashMap, "auth.oauth.config.error.access.token.url");
        String checkRequiredParameter5 = checkRequiredParameter(httpServletRequest, SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER, newHashMap, "auth.oauth.config.error.authorize.url");
        if (!StringUtils.isBlank(checkRequiredParameter3)) {
            checkRequiredParameter3 = relativitize(checkRequiredParameter3, requiredApplicationLink.getRpcUrl(), SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER, "auth.oauth.config.error.invalid.request.token.url", newHashMap);
        }
        if (!StringUtils.isBlank(checkRequiredParameter4)) {
            checkRequiredParameter4 = relativitize(checkRequiredParameter4, requiredApplicationLink.getRpcUrl(), SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER, "auth.oauth.config.error.invalid.access.token.url", newHashMap);
        }
        if (!StringUtils.isBlank(checkRequiredParameter5)) {
            checkRequiredParameter5 = relativitize(checkRequiredParameter5, requiredApplicationLink.getDisplayUrl(), SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER, "auth.oauth.config.error.invalid.authorize.url", newHashMap);
        }
        String checkRequiredParameter6 = checkRequiredParameter(httpServletRequest, SHARED_SECRET_PARAMETER, newHashMap, "auth.oauth.config.consumer.serviceprovider.shared.secret.is.required");
        if (!newHashMap.isEmpty() && parseBoolean) {
            render(TEMPLATE, createContextBuilder(requiredApplicationLink).put("fieldErrorMessages", newHashMap).put(CONSUMER_KEY_PARAMETER, checkRequiredParameter).put("name", checkRequiredParameter2).put("description", parameter).put(SHARED_SECRET_PARAMETER, checkRequiredParameter6).put(SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER, checkRequiredParameter3).put(SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER, checkRequiredParameter4).put(SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER, checkRequiredParameter5).build(), httpServletRequest, httpServletResponse);
            return;
        }
        if (parseBoolean) {
            if (this.authenticationConfigurationManager.isConfigured(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class)) {
                Map<String, String> configuration = this.authenticationConfigurationManager.getConfiguration(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class);
                if (configuration != null && configuration.containsKey(CONSUMER_KEY_OUTBOUND)) {
                    this.consumerService.removeConsumerByKey(configuration.get(CONSUMER_KEY_OUTBOUND));
                }
            } else {
                Consumer consumer = this.consumerService.getConsumer(checkRequiredParameter2);
                Consumer consumerByKey = this.consumerService.getConsumerByKey(checkRequiredParameter);
                if (consumer != null) {
                    newHashMap.put("name", this.messageFactory.newI18nMessage("auth.oauth.config.consumer.serviceprovider.service.name.exists", consumer.getKey()));
                }
                if (consumerByKey != null) {
                    newHashMap.put(CONSUMER_KEY_PARAMETER, this.messageFactory.newI18nMessage("auth.oauth.config.consumer.serviceprovider.consumer.key.exists", consumerByKey.getName()));
                }
                if (!newHashMap.isEmpty()) {
                    render(TEMPLATE, createContextBuilder(requiredApplicationLink).put("fieldErrorMessages", newHashMap).put(CONSUMER_KEY_PARAMETER, checkRequiredParameter).put("name", checkRequiredParameter2).put("description", parameter).put(SHARED_SECRET_PARAMETER, checkRequiredParameter6).put(SERVICE_PROVIDER_REQUEST_TOKEN_URL_PARAMETER, checkRequiredParameter3).put(SERVICE_PROVIDER_ACCESS_TOKEN_URL_PARAMETER, checkRequiredParameter4).put(SERVICE_PROVIDER_AUTHORIZE_URL_PARAMETER, checkRequiredParameter5).build(), httpServletRequest, httpServletResponse);
                    return;
                }
            }
            this.authenticationConfigurationManager.registerProvider(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class, ImmutableMap.of(CONSUMER_KEY_OUTBOUND, checkRequiredParameter, SERVICE_PROVIDER_REQUEST_TOKEN_URL, checkRequiredParameter3, SERVICE_PROVIDER_ACCESS_TOKEN_URL, checkRequiredParameter4, SERVICE_PROVIDER_AUTHORIZE_URL, checkRequiredParameter5));
            this.consumerService.add(checkRequiredParameter2, Consumer.key(checkRequiredParameter).name(checkRequiredParameter2).signatureMethod(Consumer.SignatureMethod.HMAC_SHA1).description(parameter).build(), checkRequiredParameter6);
        } else {
            Map<String, String> configuration2 = this.authenticationConfigurationManager.getConfiguration(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class);
            if (configuration2 != null && configuration2.containsKey(CONSUMER_KEY_OUTBOUND)) {
                this.consumerService.removeConsumerByKey(configuration2.get(CONSUMER_KEY_OUTBOUND));
            }
            this.authenticationConfigurationManager.unregisterProvider(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class);
        }
        httpServletResponse.sendRedirect("./" + requiredApplicationLink.getId() + "?message=" + URIUtil.utf8Encode(parseBoolean ? this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.success") : this.i18nResolver.getText("auth.oauth.config.consumer.serviceprovider.deleted")));
    }

    private String relativitize(String str, URI uri, String str2, String str3, Map<String, Message> map) throws IllegalArgumentException {
        try {
            return relativitize(str, uri);
        } catch (IllegalArgumentException e) {
            map.put(str2, this.messageFactory.newI18nMessage(str3, new Serializable[0]));
            return str;
        }
    }

    protected static String relativitize(String str, URI uri) throws IllegalArgumentException {
        if (str.charAt(0) == '/') {
            return str;
        }
        if (!str.startsWith(DatabaseURL.S_HTTP) && !str.startsWith(DatabaseURL.S_HTTPS)) {
            str = DatabaseURL.S_HTTP + str;
        }
        String aSCIIString = uri.relativize(URI.create(str)).toASCIIString();
        return !aSCIIString.equals(str) ? "/" + aSCIIString : str;
    }

    protected final String checkRequiredParameter(HttpServletRequest httpServletRequest, String str, Map<String, Message> map, String str2) {
        if (StringUtils.isBlank(httpServletRequest.getParameter(str))) {
            map.put(str, this.messageFactory.newI18nMessage(str2, new Serializable[0]));
        }
        return httpServletRequest.getParameter(str);
    }
}
