package com.atlassian.confluence.security.trust;

import com.atlassian.confluence.security.persistence.dao.TrustedApplicationDao;
import com.atlassian.confluence.security.persistence.dao.hibernate.AliasedKey;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import com.atlassian.security.auth.trustedapps.Application;
import com.atlassian.security.auth.trustedapps.ApplicationRetriever;
import com.atlassian.security.auth.trustedapps.CurrentApplication;
import com.atlassian.security.auth.trustedapps.DefaultTrustedApplication;
import com.atlassian.security.auth.trustedapps.EncryptedCertificate;
import com.atlassian.security.auth.trustedapps.EncryptionProvider;
import com.atlassian.security.auth.trustedapps.RequestConditions;
import com.atlassian.security.auth.trustedapps.TrustedApplication;
import com.atlassian.security.auth.trustedapps.TrustedApplicationsConfigurationManager;
import com.google.common.collect.Collections2;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/security/trust/DefaultTrustedApplicationsManager.class */
public class DefaultTrustedApplicationsManager implements TrustedApplicationsManager, KeyPairInitialiser, TrustedTokenFactory, TrustedApplicationsConfigurationManager {

    @Deprecated
    protected final Logger log = Logger.getLogger(getClass());
    private static final org.slf4j.Logger log2 = LoggerFactory.getLogger(DefaultTrustedApplicationsManager.class);
    private EncryptionProvider encryptionProvider;
    private AsymmetricKeyFactory asymmetricKeyFactory;
    private KeyStore keyStoreDao;
    private TrustedApplicationDao trustedApplicationDao;
    private CurrentApplicationIdProvider currentApplicationIdProvider;

    /* loaded from: input_file:com/atlassian/confluence/security/trust/DefaultTrustedApplicationsManager$EncodedTrustedToken.class */
    private static class EncodedTrustedToken implements TrustedToken {
        private final String userName;
        private final String encodedKey;
        private final String encodedToken;
        private final String applicationId;
        private final String magicNumber;
        private final Integer protocolVersion;
        private final String signature;

        private EncodedTrustedToken(String str, EncryptedCertificate encryptedCertificate) {
            this.userName = str;
            this.encodedToken = encryptedCertificate.getCertificate();
            this.applicationId = encryptedCertificate.getID();
            this.encodedKey = encryptedCertificate.getSecretKey();
            this.magicNumber = encryptedCertificate.getMagicNumber();
            this.protocolVersion = encryptedCertificate.getProtocolVersion();
            this.signature = encryptedCertificate.getSignature();
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getUserName() {
            return this.userName;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getApplicationId() {
            return this.applicationId;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getEncodedToken() {
            return this.encodedToken;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getEncodedKey() {
            return this.encodedKey;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getMagicNumber() {
            return this.magicNumber;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public Integer getProtocolVersion() {
            return this.protocolVersion;
        }

        @Override // com.atlassian.confluence.security.trust.TrustedToken
        public String getSignature() {
            return this.signature;
        }

        public String toString() {
            return "EncodedTrustedToken: userName: " + this.userName + "; appId: " + this.applicationId;
        }
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public void saveTrustedApplication(ConfluenceTrustedApplication confluenceTrustedApplication) {
        this.trustedApplicationDao.saveHibernateTrustedApplication(confluenceTrustedApplication);
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public void deleteTrustedApplication(ConfluenceTrustedApplication confluenceTrustedApplication) {
        this.trustedApplicationDao.deleteHibernateTrustedApplication(confluenceTrustedApplication);
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public ConfluenceTrustedApplication getTrustedApplicationByAlias(String str) {
        return this.trustedApplicationDao.findByKeyAlias(str);
    }

    @Override // com.atlassian.confluence.security.trust.TrustedTokenFactory
    @Deprecated
    public TrustedToken getToken() {
        String username = AuthenticatedUserThreadLocal.getUsername();
        if (username == null) {
            return null;
        }
        return new EncodedTrustedToken(username, getCurrentApplication().encode(username));
    }

    @Override // com.atlassian.confluence.security.trust.TrustedTokenFactory
    public TrustedToken getToken(String str) {
        String username = AuthenticatedUserThreadLocal.getUsername();
        if (username == null) {
            return null;
        }
        return new EncodedTrustedToken(username, getCurrentApplication().encode(username, str));
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public Collection<ConfluenceTrustedApplication> getAllTrustedApplications() {
        return this.trustedApplicationDao.findAll();
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public CurrentApplication getCurrentApplication() {
        String currentApplicationId = this.currentApplicationIdProvider.getCurrentApplicationId();
        KeyPair keyPair = this.keyStoreDao.getKeyPair(currentApplicationId);
        if (keyPair == null) {
            return null;
        }
        return new ConfluenceApplication(keyPair, currentApplicationId);
    }

    @Override // com.atlassian.confluence.security.trust.KeyPairInitialiser
    public void initConfluenceKey() throws NoSuchProviderException, NoSuchAlgorithmException {
        if (getCurrentApplication() != null) {
            if (log2.isInfoEnabled()) {
                log2.info("Not initialising key pair as one already exists");
            }
        } else {
            storeCurrentApplication(generateNewConfluenceApplication());
            if (log2.isInfoEnabled()) {
                log2.info("Generated key pair with application id " + getCurrentApplication().getID());
            }
        }
    }

    private ConfluenceApplication generateNewConfluenceApplication() throws NoSuchAlgorithmException, NoSuchProviderException {
        return new ConfluenceApplication(this.asymmetricKeyFactory.getNewKeyPair(), this.currentApplicationIdProvider.getCurrentApplicationId());
    }

    private void storeCurrentApplication(ConfluenceApplication confluenceApplication) {
        if (getCurrentApplication() != null) {
            throw new IllegalStateException("Key pair already exists for this instance");
        }
        this.keyStoreDao.storeKeyPair(confluenceApplication.getID(), confluenceApplication.getKeyPair());
    }

    public void setKeyStoreDao(KeyStore keyStore) {
        this.keyStoreDao = keyStore;
    }

    public void setTrustedApplicationDao(TrustedApplicationDao trustedApplicationDao) {
        this.trustedApplicationDao = trustedApplicationDao;
    }

    public void setAsymmetricKeyFactory(AsymmetricKeyFactory asymmetricKeyFactory) {
        this.asymmetricKeyFactory = asymmetricKeyFactory;
    }

    public void setEncryptionProvider(EncryptionProvider encryptionProvider) {
        this.encryptionProvider = encryptionProvider;
    }

    public void setCurrentApplicationIdProvider(CurrentApplicationIdProvider currentApplicationIdProvider) {
        this.currentApplicationIdProvider = currentApplicationIdProvider;
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public ConfluenceTrustedApplication getTrustedApplication(long j) {
        return this.trustedApplicationDao.findById(j);
    }

    @Override // com.atlassian.confluence.security.trust.TrustedApplicationsManager
    public ConfluenceTrustedApplication getTrustedApplicationByName(String str) {
        return this.trustedApplicationDao.findByName(str);
    }

    public Application getApplicationCertificate(String str) throws ApplicationRetriever.RetrievalException {
        return this.encryptionProvider.getApplicationCertificate(str);
    }

    public TrustedApplication addTrustedApplication(Application application, RequestConditions requestConditions) {
        AliasedKey aliasedKey = new AliasedKey();
        aliasedKey.setAlias(application.getID());
        aliasedKey.setKey(application.getPublicKey());
        ConfluenceTrustedApplication findByName = this.trustedApplicationDao.findByName(application.getID());
        if (findByName == null) {
            findByName = this.trustedApplicationDao.findByKeyAlias(application.getID());
            if (findByName == null) {
                findByName = new ConfluenceTrustedApplication();
            }
        }
        findByName.setName(application.getID());
        findByName.setPublicKey(aliasedKey);
        if (null != requestConditions) {
            findByName.setRequestTimeout((int) Math.min(2147483647L, requestConditions.getCertificateTimeout()));
            if (requestConditions.getCertificateTimeout() > 2147483647L) {
                log2.warn("The certificate timeout for the trusted application is invalid. Using Integer.MAX_VALUE instead of {}. Trusted App to be added: {}", Long.valueOf(requestConditions.getCertificateTimeout()), application.toString());
            }
            HashSet hashSet = new HashSet();
            Iterator it = requestConditions.getIPPatterns().iterator();
            while (it.hasNext()) {
                hashSet.add(new TrustedApplicationIpRestriction((String) it.next()));
            }
            findByName.setRestrictions(hashSet);
            Iterator it2 = requestConditions.getURLPatterns().iterator();
            while (it2.hasNext()) {
                findByName.addRestriction(new TrustedApplicationUrlRestriction((String) it2.next()));
            }
        }
        this.trustedApplicationDao.saveHibernateTrustedApplication(findByName);
        return new DefaultTrustedApplication(this.encryptionProvider, application.getPublicKey(), application.getID(), requestConditions);
    }

    public boolean deleteApplication(String str) {
        ConfluenceTrustedApplication findByKeyAlias = this.trustedApplicationDao.findByKeyAlias(str);
        if (null == findByKeyAlias) {
            return false;
        }
        this.trustedApplicationDao.deleteHibernateTrustedApplication(findByKeyAlias);
        return true;
    }

    public Iterable<TrustedApplication> getTrustedApplications() {
        return Collections2.transform(this.trustedApplicationDao.findAll(), confluenceTrustedApplication -> {
            if (null == confluenceTrustedApplication) {
                return null;
            }
            return confluenceTrustedApplication.toDefaultTrustedApplication(this.encryptionProvider);
        });
    }
}
