package com.atlassian.confluence.admin.actions;

import com.atlassian.confluence.core.ConfluenceActionSupport;
import com.atlassian.confluence.core.FormAware;
import com.atlassian.confluence.event.events.admin.GlobalSettingsChangedEvent;
import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.servlet.download.AttachmentSecurityLevel;
import com.atlassian.confluence.setup.settings.Settings;
import com.atlassian.confluence.setup.settings.beans.LoginManagerSettings;
import com.atlassian.confluence.spaces.SpaceManager;
import com.atlassian.confluence.user.AuthenticatorOverwrite;
import com.atlassian.confluence.util.HTMLPairType;
import com.atlassian.core.util.PairType;
import com.atlassian.spring.container.ContainerManager;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/admin/actions/SecurityConfigurationAction.class */
public class SecurityConfigurationAction extends ConfluenceActionSupport implements FormAware {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfigurationAction.class);
    private SpaceManager spaceManager;
    private boolean externalUserManagement;
    private boolean addWildcardsToUserAndGroupSearches;
    private boolean nofollowExternalLinks;
    private String emailAddressVisibility;
    private boolean allowRemoteApiAnonymous;
    private boolean enableSpaceStyles;
    private int maxRssItems;
    private boolean showSystemInfoIn500Page;
    private boolean enableElevatedSecurityCheck;
    private int loginAttemptsThreshold;
    private boolean webSudoEnabled;
    private long webSudoTimeout;
    private boolean xsrfAddComments;
    private AttachmentSecurityLevel attachmentSecurityLevel;
    private List<HTMLPairType> emailAddressVisibilityTypes;
    private boolean editMode = true;
    private int rssTimeout;
    private int pageTimeout;

    @Override // com.atlassian.confluence.core.ConfluenceActionSupport
    public boolean isPermitted() {
        boolean hasPermission = this.permissionManager.hasPermission(getAuthenticatedUser(), Permission.ADMINISTER, PermissionManager.TARGET_APPLICATION);
        log.debug("is permitted: {}", Boolean.valueOf(hasPermission));
        return hasPermission;
    }

    public String doView() throws Exception {
        this.editMode = false;
        return doDefault();
    }

    @Override // com.atlassian.confluence.core.ConfluenceActionSupport
    public String doDefault() throws Exception {
        this.allowRemoteApiAnonymous = getGlobalSettings().isAllowRemoteApiAnonymous();
        this.enableSpaceStyles = getGlobalSettings().isEnableSpaceStyles();
        this.externalUserManagement = getGlobalSettings().isExternalUserManagement();
        this.emailAddressVisibility = getGlobalSettings().getEmailAddressVisibility();
        this.maxRssItems = getGlobalSettings().getMaxRssItems();
        this.rssTimeout = getGlobalSettings().getRssTimeout();
        this.pageTimeout = getGlobalSettings().getPageTimeout();
        this.showSystemInfoIn500Page = getGlobalSettings().isShowSystemInfoIn500Page();
        this.nofollowExternalLinks = getGlobalSettings().isNofollowExternalLinks();
        this.addWildcardsToUserAndGroupSearches = getGlobalSettings().isAddWildcardsToUserAndGroupSearches();
        this.xsrfAddComments = getGlobalSettings().isXsrfAddComments();
        this.webSudoTimeout = getGlobalSettings().getWebSudoTimeout();
        this.webSudoEnabled = getGlobalSettings().getWebSudoEnabled();
        this.attachmentSecurityLevel = getGlobalSettings().getAttachmentSecurityLevel();
        LoginManagerSettings loginManagerSettings = getGlobalSettings().getLoginManagerSettings();
        this.enableElevatedSecurityCheck = loginManagerSettings.isEnableElevatedSecurityCheck();
        this.loginAttemptsThreshold = loginManagerSettings.getLoginAttemptsThreshold();
        return super.doDefault();
    }

    private void validation() {
        if (isSystemAdmin()) {
            if (getMaxRssItems() <= 0) {
                addFieldError("maxRssItems", getText("rss.max.items.outofrange"));
            }
            if (getRssTimeout() <= 0) {
                addFieldError("rssTimeout", getText("rss.max.time.invalid"));
            }
            if (getPageTimeout() <= 0) {
                addFieldError("pageTimeout", getText("page.render.max.time.invalid"));
            }
            if (isPassConfirmationConfigurable()) {
                if (getLoginAttemptsThreshold() < 1) {
                    addFieldError("loginAttemptsThreshold", getText("error.login.elevatedsecurity.loginAttemptsThreshold.outofrange"));
                }
                if (!isWebSudoEnabled() || getWebSudoTimeout() >= 1) {
                    return;
                }
                addFieldError("webSudoTimeout", getText("websudo.error.outofrange"));
            }
        }
    }

    public String execute() throws Exception {
        log.debug("validating...");
        validation();
        if (hasErrors()) {
            log.debug("Security config not altered due to errors actionErrors: {}, fieldErrors: {}", getActionErrors(), getFieldErrors());
            return "error";
        }
        Settings globalSettings = this.settingsManager.getGlobalSettings();
        String baseUrl = this.settingsManager.getGlobalSettings().getBaseUrl();
        saveSetupOptions();
        this.eventManager.publishEvent(new GlobalSettingsChangedEvent(this, globalSettings, this.settingsManager.getGlobalSettings(), baseUrl, this.settingsManager.getGlobalSettings().getBaseUrl()));
        return "success";
    }

    private void saveSetupOptions() {
        Settings settings = new Settings(getGlobalSettings());
        settings.setAllowRemoteApiAnonymous(this.allowRemoteApiAnonymous);
        settings.setNofollowExternalLinks(this.nofollowExternalLinks);
        settings.setEmailAddressVisibility(this.emailAddressVisibility);
        if (isSystemAdmin()) {
            settings.setExternalUserManagement(this.externalUserManagement);
            settings.setMaxRssItems(this.maxRssItems);
            settings.setRssTimeout(this.rssTimeout);
            settings.setPageTimeout(this.pageTimeout);
            settings.setAddWildcardsToUserAndGroupSearches(this.addWildcardsToUserAndGroupSearches);
            settings.setXsrfAddComments(this.xsrfAddComments);
            settings.setAttachmentSecurityLevel(this.attachmentSecurityLevel);
            settings.setEnableSpaceStyles(this.enableSpaceStyles);
            settings.setShowSystemInfoIn500Page(this.showSystemInfoIn500Page);
            LoginManagerSettings loginManagerSettings = settings.getLoginManagerSettings();
            if (isPassConfirmationConfigurable()) {
                settings.setWebSudoEnabled(this.webSudoEnabled);
                settings.setWebSudoTimeout(this.webSudoTimeout);
                loginManagerSettings.setEnableElevatedSecurityCheck(this.enableElevatedSecurityCheck);
                loginManagerSettings.setLoginAttemptsThreshold(this.loginAttemptsThreshold);
            }
        }
        log.debug("saving settings");
        this.settingsManager.updateGlobalSettings(settings);
        log.debug("settings saved");
    }

    public boolean isSystemAdmin() {
        if (this.permissionManager == null) {
            this.permissionManager = (PermissionManager) ContainerManager.getComponent("permissionManager");
        }
        return this.permissionManager.hasPermission(getAuthenticatedUser(), Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM);
    }

    public SpaceManager getSpaceManager() {
        return this.spaceManager;
    }

    public void setSpaceManager(SpaceManager spaceManager) {
        this.spaceManager = spaceManager;
    }

    public List<HTMLPairType> getEmailAddressVisibilityTypes() {
        if (this.emailAddressVisibilityTypes == null) {
            this.emailAddressVisibilityTypes = new ArrayList();
            this.emailAddressVisibilityTypes.add(new HTMLPairType(Settings.EMAIL_ADDRESS_PUBLIC, getText(Settings.EMAIL_ADDRESS_PUBLIC)));
            this.emailAddressVisibilityTypes.add(new HTMLPairType(Settings.EMAIL_ADDRESS_MASKED, getText(Settings.EMAIL_ADDRESS_MASKED)));
            this.emailAddressVisibilityTypes.add(new HTMLPairType(Settings.EMAIL_ADDRESS_PRIVATE, getText(Settings.EMAIL_ADDRESS_PRIVATE)));
        }
        return this.emailAddressVisibilityTypes;
    }

    public boolean isPassConfirmationConfigurable() {
        return !AuthenticatorOverwrite.isPasswordConfirmationDisabled();
    }

    public boolean getExternalUserManagement() {
        return this.externalUserManagement;
    }

    public boolean isExternalUserManagement() {
        return this.externalUserManagement;
    }

    public void setExternalUserManagement(boolean z) {
        this.externalUserManagement = z;
    }

    public String getEmailAddressVisibility() {
        return this.emailAddressVisibility;
    }

    public void setEmailAddressVisibility(String str) {
        this.emailAddressVisibility = str;
    }

    public boolean isAllowRemoteApiAnonymous() {
        return this.allowRemoteApiAnonymous;
    }

    public void setAllowRemoteApiAnonymous(boolean z) {
        this.allowRemoteApiAnonymous = z;
    }

    public boolean isNofollowExternalLinks() {
        return this.nofollowExternalLinks;
    }

    public void setNofollowExternalLinks(boolean z) {
        this.nofollowExternalLinks = z;
    }

    public boolean isEnableSpaceStyles() {
        return this.enableSpaceStyles;
    }

    public void setEnableSpaceStyles(boolean z) {
        this.enableSpaceStyles = z;
    }

    public boolean isShowSystemInfoIn500Page() {
        return this.showSystemInfoIn500Page;
    }

    public void setShowSystemInfoIn500Page(boolean z) {
        this.showSystemInfoIn500Page = z;
    }

    public int getMaxRssItems() {
        return this.maxRssItems;
    }

    public void setMaxRssItems(int i) {
        this.maxRssItems = i;
    }

    public boolean isXsrfAddComments() {
        return this.xsrfAddComments;
    }

    public void setXsrfAddComments(boolean z) {
        this.xsrfAddComments = z;
    }

    public boolean isAddWildcardsToUserAndGroupSearches() {
        return this.addWildcardsToUserAndGroupSearches;
    }

    public void setAddWildcardsToUserAndGroupSearches(boolean z) {
        this.addWildcardsToUserAndGroupSearches = z;
    }

    public boolean isEnableElevatedSecurityCheck() {
        return this.enableElevatedSecurityCheck;
    }

    public void setEnableElevatedSecurityCheck(boolean z) {
        this.enableElevatedSecurityCheck = z;
    }

    public int getLoginAttemptsThreshold() {
        return this.loginAttemptsThreshold;
    }

    public void setLoginAttemptsThreshold(int i) {
        this.loginAttemptsThreshold = i;
    }

    public boolean isWebSudoEnabled() {
        return this.webSudoEnabled;
    }

    public void setWebSudoEnabled(boolean z) {
        this.webSudoEnabled = z;
    }

    public long getWebSudoTimeout() {
        return this.webSudoTimeout;
    }

    public void setWebSudoTimeout(long j) {
        this.webSudoTimeout = j;
    }

    @Override // com.atlassian.confluence.core.FormAware
    public boolean isEditMode() {
        return this.editMode;
    }

    public int getRssTimeout() {
        return this.rssTimeout;
    }

    public void setRssTimeout(int i) {
        this.rssTimeout = i;
    }

    public int getPageTimeout() {
        return this.pageTimeout;
    }

    public void setPageTimeout(int i) {
        this.pageTimeout = i;
    }

    public List<PairType> getAttachmentSecurityLevels() {
        ArrayList newArrayList = Lists.newArrayList();
        for (AttachmentSecurityLevel attachmentSecurityLevel : AttachmentSecurityLevel.values()) {
            String lowerCase = attachmentSecurityLevel.name().toLowerCase();
            newArrayList.add(new PairType(lowerCase, getAttachmentSecurityLevelDisplay(lowerCase)));
        }
        return newArrayList;
    }

    public String getAttachmentSecurityLevel() {
        return this.attachmentSecurityLevel.getLevel();
    }

    public String getAttachmentSecurityLevelDisplay() {
        return getAttachmentSecurityLevelDisplay(this.attachmentSecurityLevel.getLevel());
    }

    private String getAttachmentSecurityLevelDisplay(String str) {
        return getText("attachment.security.level.option." + str);
    }

    public void setAttachmentSecurityLevel(String str) {
        this.attachmentSecurityLevel = AttachmentSecurityLevel.fromLevel(str);
    }
}
