package com.atlassian.applinks.oauth.auth.servlets.serviceprovider;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.docs.DocumentationLinker;
import com.atlassian.applinks.oauth.auth.servlets.AbstractOAuthConfigServlet;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.ui.AbstractApplinksServlet;
import com.atlassian.applinks.ui.BatchedJSONi18NBuilderFactory;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.plugins.rest.common.json.JaxbJsonMarshaller;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/applinks/oauth/auth/servlets/serviceprovider/ConfigureOutgoingTwoLeggedOAuthReciprocalServlet.class */
public class ConfigureOutgoingTwoLeggedOAuthReciprocalServlet extends AbstractOAuthConfigServlet {
    public static final String ENABLE_OUTGOING_2LO_AUTHENTICATION_PARAMETER = "enable-outgoing-2lo";
    public static final String ENABLE_OUTGOING_2LOI_AUTHENTICATION_PARAMETER = "enable-outgoing-2loi";
    public static final String OUTGOING_2LO_SUCCESS_PARAM = "outgoing_2lo_success";
    public static final String CALLBACK_PARAM = "callback";
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final WebSudoManager webSudoManager;
    private static final Iterable<Class<? extends AuthenticationProvider>> TWO_LEGGED_OAUTH_AUTHENTICATION_PROVIDERS = ImmutableSet.of(TwoLeggedOAuthAuthenticationProvider.class, TwoLeggedOAuthWithImpersonationAuthenticationProvider.class);
    private static final Logger LOG = LoggerFactory.getLogger(ConfigureOutgoingTwoLeggedOAuthReciprocalServlet.class);

    protected ConfigureOutgoingTwoLeggedOAuthReciprocalServlet(I18nResolver i18nResolver, MessageFactory messageFactory, TemplateRenderer templateRenderer, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, AdminUIAuthenticator adminUIAuthenticator, BatchedJSONi18NBuilderFactory batchedJSONi18NBuilderFactory, DocumentationLinker documentationLinker, LoginUriProvider loginUriProvider, InternalHostApplication internalHostApplication, JaxbJsonMarshaller jaxbJsonMarshaller, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator, AuthenticationConfigurationManager authenticationConfigurationManager, WebSudoManager webSudoManager) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, applicationLinkService, adminUIAuthenticator, batchedJSONi18NBuilderFactory, documentationLinker, loginUriProvider, internalHostApplication, jaxbJsonMarshaller, xsrfTokenAccessor, xsrfTokenValidator);
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.webSudoManager = webSudoManager;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            try {
                ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
                if (StringUtils.isEmpty(httpServletRequest.getParameter(ENABLE_OUTGOING_2LOI_AUTHENTICATION_PARAMETER))) {
                    LOG.debug("Remote instance for link [{}] does not support independent configuration of 2LO/2LOi.", requiredApplicationLink.getId());
                    Reconfigure2LOAnd2LOiInTandem(httpServletRequest, httpServletResponse, requiredApplicationLink);
                } else {
                    Reconfigure2LOAnd2LOiIndependently(httpServletRequest, httpServletResponse, requiredApplicationLink);
                }
            } catch (AbstractApplinksServlet.NotFoundException e) {
                httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, true, null));
            }
        } catch (WebSudoSessionException e2) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    private void Reconfigure2LOAnd2LOiInTandem(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ApplicationLink applicationLink) throws IOException {
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter(ENABLE_OUTGOING_2LO_AUTHENTICATION_PARAMETER));
        try {
            if (parseBoolean) {
                Iterator<Class<? extends AuthenticationProvider>> it = TWO_LEGGED_OAUTH_AUTHENTICATION_PROVIDERS.iterator();
                while (it.hasNext()) {
                    this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), it.next(), Collections.emptyMap());
                }
                httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, true, this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2lo.enabled")));
            } else {
                Iterator<Class<? extends AuthenticationProvider>> it2 = TWO_LEGGED_OAUTH_AUTHENTICATION_PROVIDERS.iterator();
                while (it2.hasNext()) {
                    this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), it2.next());
                }
                httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, true, this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2lo.disabled")));
            }
        } catch (Exception e) {
            LOG.error("Error occurred when trying to " + (parseBoolean ? "enable" : "disable") + " outgoing 2-Legged OAuth authentication configuration for application link '" + applicationLink + "'", e);
            httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, false, parseBoolean ? this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2lo.config.enable") : this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2lo.config.disable")));
        }
    }

    private void Reconfigure2LOAnd2LOiIndependently(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ApplicationLink applicationLink) throws IOException {
        String str;
        String str2;
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter(ENABLE_OUTGOING_2LO_AUTHENTICATION_PARAMETER));
        boolean parseBoolean2 = Boolean.parseBoolean(httpServletRequest.getParameter(ENABLE_OUTGOING_2LOI_AUTHENTICATION_PARAMETER));
        try {
            if (parseBoolean) {
                this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class, Collections.emptyMap());
                str = "" + this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2lo.enabled");
            } else {
                this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class);
                str = "" + this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2lo.disabled");
            }
            if (parseBoolean2) {
                this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class, Collections.emptyMap());
                str2 = str + this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2loi.enabled");
            } else {
                this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class);
                str2 = str + this.i18nResolver.getText("auth.oauth.config.serviceprovider.outgoing.2loi.disabled");
            }
            httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, true, str2));
        } catch (Exception e) {
            LOG.error("Error occurred when trying to " + (parseBoolean ? "enable" : "disable") + " outgoing 2LO and " + (parseBoolean2 ? "enable" : "disable") + " outgoing 2LOi authentication configuration for application link '" + applicationLink + "'", e);
            httpServletResponse.sendRedirect(createRedirectUrl(httpServletRequest, false, (parseBoolean ? this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2lo.config.enable") : this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2lo.config.disable")) + (parseBoolean2 ? this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2loi.config.enable") : this.i18nResolver.getText("auth.oauth.config.error.reciprocal.outgoing.2loi.config.disable"))));
        }
    }

    public static String getReciprocalServletUrl(URI uri, ApplicationId applicationId, String str, String str2, String str3) {
        return URIUtil.uncheckedConcatenate(uri, new String[]{"/plugins/servlet/applinks/auth/conf/oauth/outbound/apl-2lo/" + applicationId + "?callback=" + str + "&" + ENABLE_OUTGOING_2LO_AUTHENTICATION_PARAMETER + "=" + str2 + "&" + ENABLE_OUTGOING_2LOI_AUTHENTICATION_PARAMETER + "=" + str3}).toString();
    }

    private String createRedirectUrl(HttpServletRequest httpServletRequest, boolean z, String str) {
        String requiredParameter = getRequiredParameter(httpServletRequest, "callback");
        if (requiredParameter.indexOf("?") == -1) {
            requiredParameter = requiredParameter + "?";
        }
        String format = String.format("%s&outgoing_2lo_success=%s", requiredParameter, Boolean.valueOf(z));
        if (!StringUtils.isBlank(str)) {
            format = format + "&message=" + URIUtil.utf8Encode(str);
        }
        return format;
    }
}
