package com.atlassian.security.auth.trustedapps;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/atlassian/security/auth/trustedapps/DefaultTrustedApplication.class */
public class DefaultTrustedApplication implements TrustedApplication {
    protected final String id;
    protected final PublicKey publicKey;
    protected final long certificateTimeout;
    protected final URLMatcher urlMatcher;
    protected final IPMatcher ipMatcher;

    public DefaultTrustedApplication(PublicKey publicKey, String str, long j, URLMatcher uRLMatcher, IPMatcher iPMatcher) {
        this.publicKey = publicKey;
        this.id = str;
        this.certificateTimeout = j;
        this.urlMatcher = uRLMatcher;
        this.ipMatcher = iPMatcher;
    }

    @Override // com.atlassian.security.auth.trustedapps.TrustedApplication
    public ApplicationCertificate decode(String str, HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        try {
            Cipher cipher = Cipher.getInstance(getPublicKey().getAlgorithm());
            cipher.init(2, getPublicKey());
            byte[] doFinal = cipher.doFinal(Base64.decodeBase64(str.getBytes()));
            Properties properties = new Properties();
            properties.load(new ByteArrayInputStream(doFinal));
            DefaultApplicationCertificate defaultApplicationCertificate = new DefaultApplicationCertificate(getID(), properties.getProperty(CurrentApplication.USER_NAME), Long.parseLong(properties.getProperty(CurrentApplication.CREATION_TIME)));
            checkCertificateExpiry(defaultApplicationCertificate);
            checkRequestIP(httpServletRequest);
            checkRequestURL(httpServletRequest);
            return defaultApplicationCertificate;
        } catch (IOException e) {
            throw new InvalidCertificateException(getID(), e);
        } catch (NumberFormatException e2) {
            throw new InvalidCertificateException(getID(), e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidCertificateException(getID(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new InvalidCertificateException(getID(), e4);
        } catch (BadPaddingException e5) {
            throw new InvalidCertificateException(getID(), e5);
        } catch (IllegalBlockSizeException e6) {
            throw new InvalidCertificateException(getID(), e6);
        } catch (NoSuchPaddingException e7) {
            throw new InvalidCertificateException(getID(), e7);
        }
    }

    private void checkCertificateExpiry(ApplicationCertificate applicationCertificate) throws InvalidCertificateException {
        if (applicationCertificate.getCreationTime().getTime() + this.certificateTimeout <= System.currentTimeMillis()) {
            throw new CertificateTooOldException(applicationCertificate, this.certificateTimeout);
        }
    }

    private void checkRequestIP(HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        if (this.ipMatcher != null && !this.ipMatcher.match(httpServletRequest.getRemoteAddr())) {
            throw new InvalidCertificateException("IP address did not match");
        }
    }

    private void checkRequestURL(HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        if (this.urlMatcher != null && !this.urlMatcher.match(httpServletRequest.getRequestURL().toString(), httpServletRequest.getQueryString())) {
            throw new InvalidCertificateException("Requested URL is not allowed to be executed via trusted link.");
        }
    }

    @Override // com.atlassian.security.auth.trustedapps.Application
    public String getID() {
        return this.id;
    }

    @Override // com.atlassian.security.auth.trustedapps.Application
    public PublicKey getPublicKey() {
        return this.publicKey;
    }
}
