package com.atlassian.confluence.setup.actions;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.host.spi.HostApplication;
import com.atlassian.applinks.spi.link.MutatingApplicationLinkService;
import com.atlassian.applinks.spi.manifest.ManifestRetriever;
import com.atlassian.applinks.spi.util.TypeAccessor;
import com.atlassian.config.setup.SetupPersister;
import com.atlassian.confluence.macro.browser.beans.MacroParameter;
import com.atlassian.confluence.security.SpacePermission;
import com.atlassian.confluence.security.SpacePermissionManager;
import com.atlassian.confluence.setup.settings.Settings;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.user.crowd.EmbeddedCrowdBootstrap;
import com.atlassian.confluence.util.HtmlUtil;
import com.atlassian.core.exception.InfrastructureException;
import com.atlassian.crowd.directory.InternalDirectory;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.dragonfly.api.CrowdApplicationEntity;
import com.atlassian.dragonfly.api.JiraGroupHelper;
import com.atlassian.dragonfly.api.JiraIntegrationConfigurationException;
import com.atlassian.dragonfly.core.ApplicationLinkConfiguratorImpl;
import com.atlassian.dragonfly.core.CrowdIntegrationConfiguratorImpl;
import com.atlassian.dragonfly.core.JiraAccessUtilImpl;
import com.atlassian.dragonfly.core.JiraGroupHelperImpl;
import com.atlassian.seraph.auth.AuthenticatorException;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.google.common.base.Joiner;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableSet;
import com.opensymphony.webwork.ServletActionContext;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/setup/actions/ConnectToJiraAction.class */
public class ConnectToJiraAction extends AbstractSetupAction {
    private static final Logger LOG = LoggerFactory.getLogger(ConnectToJiraAction.class);
    private static final Set<String> SUPPORTED_APPLINKS_SCHEMES = ImmutableSet.of("http", "https");
    private ManifestRetriever applinkManifestRetriever;
    private MutatingApplicationLinkService applinkApplicationLink;
    private TypeAccessor applinkTypeAccessor;
    private CrowdDirectoryService crowdDirectoryService;
    private DirectoryManager directoryManager;
    private HostApplication applinkHostApplication;
    private EmbeddedCrowdBootstrap embeddedCrowdBootstrap;
    private SetupPersister setupPersister;
    private SpacePermissionManager spacePermissionManager;
    private String jiraBaseUrl;
    private String confluenceBaseUrl;
    private String username;
    private String password;
    private List<String> jiraAdminGroups = Arrays.asList("jira-administrators");
    private List<String> jiraUserGroups = Arrays.asList("jira-software-users");
    private URI jiraUri;
    private URI confluenceUri;
    private boolean applinkAndCrowdReady;
    private String crowdApplicationName;
    private String crowdApplicationPassword;

    @Override // com.atlassian.confluence.validation.MessageHolderAware
    public void validate() {
        if (StringUtils.isEmpty(this.username)) {
            addFieldError("username", getText("error.username.not.valid"));
        }
        if (!this.applinkAndCrowdReady && StringUtils.isEmpty(this.password)) {
            addFieldError("password", getText("error.password.not.valid"));
        }
        if (StringUtils.isEmpty(this.jiraBaseUrl)) {
            addFieldError("jiraBaseUrl", getText("error.url.empty"));
        } else {
            URI uri = toURI(this.jiraBaseUrl);
            this.jiraUri = uri;
            if (uri == null) {
                addFieldError("jiraBaseUrl", getText("error.url.malformed"));
            }
        }
        if (StringUtils.isEmpty(this.confluenceBaseUrl)) {
            addFieldError("confluenceBaseUrl", getText("error.url.empty"));
        } else {
            URI uri2 = toURI(this.confluenceBaseUrl);
            this.confluenceUri = uri2;
            if (uri2 == null) {
                addFieldError("confluenceBaseUrl", getText("error.url.malformed"));
            }
        }
        if (this.jiraAdminGroups.isEmpty()) {
            addFieldError("jiraAdminGroups", getText("error.jiraadmingroups.not.valid"));
        }
        if (this.jiraUserGroups.isEmpty()) {
            addFieldError("jiraUserGroups", getText("error.jirausergroups.not.valid"));
        }
    }

    public String execute() throws Exception {
        validate();
        if (hasFieldErrors()) {
            return "error";
        }
        JiraAccessUtilImpl jiraAccessUtilImpl = new JiraAccessUtilImpl(this.applinkManifestRetriever, this.applinkTypeAccessor, this.applinkApplicationLink);
        try {
            if (!jiraAccessUtilImpl.checkTargetIsSupportedJira(this.jiraUri)) {
                addFieldError("jiraBaseUrl", getText("error.jirabaseurl.connection.refused"));
                return "error";
            }
            if (!jiraAccessUtilImpl.checkAdminCredential(this.jiraUri, this.username, this.password)) {
                addFieldError("username", getText("error.credential.not.admin"));
                return "error";
            }
            this.embeddedCrowdBootstrap.ensureApplicationExists();
            CrowdApplicationEntity configureJira = configureJira();
            if (configureJira != null) {
                this.crowdApplicationName = configureJira.getName();
                this.crowdApplicationPassword = configureJira.getPassword();
                this.embeddedCrowdBootstrap.ensureInternalDirectoryExists();
                Directory internalDirectory = getInternalDirectory();
                if (internalDirectory == null) {
                    throw new IllegalStateException("No internal directory found.");
                }
                Settings globalSettings = this.settingsManager.getGlobalSettings();
                globalSettings.setBaseUrl(this.confluenceBaseUrl);
                this.settingsManager.updateGlobalSettings(globalSettings);
                createDefaultGroups(internalDirectory);
                setDefaultPermissions();
                createAdminInInternalDirectory(internalDirectory);
                loginAdmin();
                saveAuthenticationInfo(this.username, this.password);
            }
            if (hasFieldErrors()) {
                return "error";
            }
            verifyJiraGroups(new JiraGroupHelperImpl(this.jiraUri.toString(), this.crowdApplicationName, this.crowdApplicationPassword));
            if (hasFieldErrors()) {
                return "error";
            }
            setupGlobalPermissions();
            getSetupPersister().progessSetupStep();
            return super.execute();
        } catch (Exception e) {
            LOG.warn("Failure due to exception: " + e.getMessage());
            addFieldError("jiraBaseUrl", getText("error.jirabaseurl.not.valid"));
            return "error";
        }
    }

    private CrowdApplicationEntity configureJira() {
        if (this.applinkAndCrowdReady) {
            return null;
        }
        ConfluenceJiraIntegrationSetupHelper confluenceJiraIntegrationSetupHelper = new ConfluenceJiraIntegrationSetupHelper(this.crowdDirectoryService);
        ApplicationLinkConfiguratorImpl applicationLinkConfiguratorImpl = new ApplicationLinkConfiguratorImpl(this.applinkApplicationLink, this.applinkTypeAccessor, confluenceJiraIntegrationSetupHelper);
        try {
            ApplicationLink configureApplicationLinks = applicationLinkConfiguratorImpl.configureApplicationLinks(this.jiraUri, this.confluenceUri, this.username, this.password);
            try {
                CrowdApplicationEntity configureCrowdAuthentication = new CrowdIntegrationConfiguratorImpl(confluenceJiraIntegrationSetupHelper, this.applinkHostApplication.getBaseUrl().getHost(), this.applinkHostApplication.getId().get()).configureCrowdAuthentication(this.jiraUri, this.username, this.password);
                this.applinkAndCrowdReady = true;
                return configureCrowdAuthentication;
            } catch (JiraIntegrationConfigurationException e) {
                applicationLinkConfiguratorImpl.rollbackApplicationLinkConfiguration(configureApplicationLinks);
                throw new RuntimeException("Error while setting up connection to Jira", e);
            }
        } catch (JiraIntegrationConfigurationException e2) {
            addJiraConnectionFailedError(e2);
            return null;
        }
    }

    private void addJiraConnectionFailedError(JiraIntegrationConfigurationException jiraIntegrationConfigurationException) {
        LOG.warn("Failure due to exception: " + jiraIntegrationConfigurationException.getMessage());
        ArrayList arrayList = new ArrayList();
        arrayList.add(getDocLink("help.embedded.crowd.directory.configure.crowd"));
        addFieldError("jiraBaseUrl", getText("error.applicationlink.connection.refused", arrayList));
    }

    private void verifyJiraGroups(JiraGroupHelper jiraGroupHelper) {
        if (this.applinkAndCrowdReady) {
            HashSet hashSet = new HashSet();
            for (String str : this.jiraUserGroups) {
                if (!jiraGroupHelper.doesGroupExist(str)) {
                    hashSet.add(str);
                }
            }
            if (hashSet.size() > 0) {
                addFieldError("jiraUserGroups", getText("error.group.not.exist", generateGroupCsvParam(hashSet)));
            }
            HashSet hashSet2 = new HashSet();
            for (String str2 : this.jiraAdminGroups) {
                if (!jiraGroupHelper.doesGroupExist(str2)) {
                    hashSet2.add(str2);
                }
            }
            if (hashSet2.size() > 0) {
                addFieldError("jiraAdminGroups", getText("error.group.not.exist", generateGroupCsvParam(hashSet2)));
            }
        }
    }

    private List generateGroupCsvParam(Set<String> set) {
        return Arrays.asList(StringUtils.join(Collections2.transform(set, HtmlUtil::htmlEncode), ','));
    }

    private void createDefaultGroups(Directory directory) {
        long longValue = directory.getId().longValue();
        try {
            createGroupIfNeccessary(longValue, UserAccessor.GROUP_CONFLUENCE_ADMINS);
            try {
                createGroupIfNeccessary(longValue, this.userAccessor.getNewUserDefaultGroupName());
            } catch (Exception e) {
                throw new InfrastructureException("Failed to create default group: " + this.userAccessor.getNewUserDefaultGroupName(), e);
            }
        } catch (Exception e2) {
            throw new InfrastructureException("Failed to create default group: confluence-administrators", e2);
        }
    }

    private boolean createGroupIfNeccessary(long j, String str) throws DirectoryPermissionException, DirectoryNotFoundException, OperationFailedException {
        try {
            this.directoryManager.addGroup(j, new GroupTemplate(str, j));
            return true;
        } catch (InvalidGroupException e) {
            return false;
        }
    }

    private void setDefaultPermissions() {
        Iterator<SpacePermission> it = this.spacePermissionManager.getDefaultGlobalPermissions().iterator();
        while (it.hasNext()) {
            this.spacePermissionManager.savePermission(it.next());
        }
    }

    private void createAdminInInternalDirectory(Directory directory) {
        long longValue = directory.getId().longValue();
        try {
            UserTemplate userTemplate = new UserTemplate(this.username, longValue);
            userTemplate.setActive(true);
            this.directoryManager.addUser(directory.getId().longValue(), userTemplate, PasswordCredential.unencrypted(this.password));
            Iterator<String> it = this.userAccessor.getAllDefaultGroupNames().iterator();
            while (it.hasNext()) {
                this.directoryManager.addUserToGroup(longValue, this.username, it.next());
            }
        } catch (Exception e) {
            throw new InfrastructureException("Failed to create admin user", e);
        }
    }

    private void loginAdmin() throws AuthenticatorException {
        if (SecurityConfigFactory.getInstance().getAuthenticator().login(ServletActionContext.getRequest(), ServletActionContext.getResponse(), this.username, this.password, true)) {
            return;
        }
        LOG.warn("Could not get credential for Rest call due login failed");
    }

    private Directory getInternalDirectory() {
        for (Directory directory : this.crowdDirectoryService.findAllDirectories()) {
            if (directory.getImplementationClass().equals(InternalDirectory.class.getName())) {
                return directory;
            }
        }
        return null;
    }

    private void setupGlobalPermissions() {
        for (String str : this.jiraAdminGroups) {
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.USE_CONFLUENCE_PERMISSION, null, str));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.PERSONAL_SPACE_PERMISSION, null, str));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.CONFLUENCE_ADMINISTRATOR_PERMISSION, null, str));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.SYSTEM_ADMINISTRATOR_PERMISSION, null, str));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.CREATE_SPACE_PERMISSION, null, str));
        }
        for (String str2 : this.jiraUserGroups) {
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.USE_CONFLUENCE_PERMISSION, null, str2));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.PERSONAL_SPACE_PERMISSION, null, str2));
            this.spacePermissionManager.savePermission(SpacePermission.createGroupSpacePermission(SpacePermission.CREATE_SPACE_PERMISSION, null, str2));
        }
    }

    private URI toURI(String str) {
        String stripEnd = StringUtils.stripEnd(StringUtils.trim(str), "/");
        try {
            URI uri = new URI(stripEnd);
            if (uri.getHost() != null) {
                if (SUPPORTED_APPLINKS_SCHEMES.contains(uri.getScheme())) {
                    return uri;
                }
            }
        } catch (URISyntaxException e) {
        }
        if (stripEnd.startsWith("http")) {
            return null;
        }
        return toURI("http://" + stripEnd);
    }

    private List<String> getGroupNamesFromCsv(String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isBlank(str)) {
            return arrayList;
        }
        for (String str2 : StringUtils.split(str, MacroParameter.DELIMITER_DEFAULT)) {
            if (StringUtils.isNotBlank(str2)) {
                arrayList.add(str2.trim());
            }
        }
        return arrayList;
    }

    public void setConfluenceBaseUrl(String str) {
        this.confluenceBaseUrl = str;
    }

    public String getConfluenceBaseUrl() {
        if (this.confluenceBaseUrl == null || this.confluenceBaseUrl.trim().isEmpty()) {
            this.confluenceBaseUrl = this.applinkHostApplication.getBaseUrl().toString();
        }
        return this.confluenceBaseUrl;
    }

    public ManifestRetriever getApplinkManifestRetriever() {
        return this.applinkManifestRetriever;
    }

    public void setApplinkManifestRetriever(ManifestRetriever manifestRetriever) {
        this.applinkManifestRetriever = manifestRetriever;
    }

    public MutatingApplicationLinkService getApplinkApplicationLink() {
        return this.applinkApplicationLink;
    }

    public void setApplinkApplicationLink(MutatingApplicationLinkService mutatingApplicationLinkService) {
        this.applinkApplicationLink = mutatingApplicationLinkService;
    }

    public TypeAccessor getApplinkTypeAccessor() {
        return this.applinkTypeAccessor;
    }

    public void setApplinkTypeAccessor(TypeAccessor typeAccessor) {
        this.applinkTypeAccessor = typeAccessor;
    }

    public String getJiraBaseUrl() {
        return this.jiraBaseUrl;
    }

    public void setJiraBaseUrl(String str) {
        this.jiraBaseUrl = str;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public HostApplication getApplinkHostApplication() {
        return this.applinkHostApplication;
    }

    public void setApplinkHostApplication(HostApplication hostApplication) {
        this.applinkHostApplication = hostApplication;
    }

    public CrowdDirectoryService getCrowdDirectoryService() {
        return this.crowdDirectoryService;
    }

    public void setCrowdDirectoryService(CrowdDirectoryService crowdDirectoryService) {
        this.crowdDirectoryService = crowdDirectoryService;
    }

    public void setCrowdDirectoryManager(DirectoryManager directoryManager) {
        this.directoryManager = directoryManager;
    }

    @Override // com.atlassian.confluence.core.ConfluenceActionSupport
    public void setSpacePermissionManager(SpacePermissionManager spacePermissionManager) {
        this.spacePermissionManager = spacePermissionManager;
    }

    public void setEmbeddedCrowdBootstrap(EmbeddedCrowdBootstrap embeddedCrowdBootstrap) {
        this.embeddedCrowdBootstrap = embeddedCrowdBootstrap;
    }

    public String getJiraUserGroups() {
        return Joiner.on(MacroParameter.DELIMITER_DEFAULT).join(this.jiraUserGroups);
    }

    public String getJiraAdminGroups() {
        return Joiner.on(MacroParameter.DELIMITER_DEFAULT).join(this.jiraAdminGroups);
    }

    public void setJiraUserGroups(String str) {
        this.jiraUserGroups = getGroupNamesFromCsv(str);
    }

    public void setJiraAdminGroups(String str) {
        this.jiraAdminGroups = getGroupNamesFromCsv(str);
    }

    public boolean isApplinkAndCrowdReady() {
        return this.applinkAndCrowdReady;
    }

    public void setApplinkAndCrowdReady(boolean z) {
        this.applinkAndCrowdReady = z;
    }

    public String getCrowdApplicationName() {
        return this.crowdApplicationName;
    }

    public void setCrowdApplicationName(String str) {
        this.crowdApplicationName = str;
    }

    public String getCrowdApplicationPassword() {
        return this.crowdApplicationPassword;
    }

    public void setCrowdApplicationPassword(String str) {
        this.crowdApplicationPassword = str;
    }
}
