package com.atlassian.security.auth.trustedapps;

import java.security.PublicKey;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/atlassian/security/auth/trustedapps/DefaultTrustedApplication.class */
public class DefaultTrustedApplication implements TrustedApplication {
    protected final String id;
    protected final PublicKey publicKey;
    protected final long certificateTimeout;
    protected final URLMatcher urlMatcher;
    protected final IPMatcher ipMatcher;
    protected final EncryptionProvider encryptionProvider;

    public DefaultTrustedApplication(EncryptionProvider encryptionProvider, PublicKey publicKey, String str, long j, URLMatcher uRLMatcher, IPMatcher iPMatcher) {
        this.encryptionProvider = encryptionProvider;
        this.publicKey = publicKey;
        this.id = str;
        this.certificateTimeout = j;
        this.urlMatcher = uRLMatcher;
        this.ipMatcher = iPMatcher;
    }

    public DefaultTrustedApplication(PublicKey publicKey, String str, long j, URLMatcher uRLMatcher, IPMatcher iPMatcher) {
        this(new BouncyCastleEncryptionProvider(), publicKey, str, j, uRLMatcher, iPMatcher);
    }

    @Override // com.atlassian.security.auth.trustedapps.TrustedApplication
    public ApplicationCertificate decode(EncryptedCertificate encryptedCertificate, HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        ApplicationCertificate decodeEncryptedCertificate = this.encryptionProvider.decodeEncryptedCertificate(encryptedCertificate, this.publicKey, getID());
        checkCertificateExpiry(decodeEncryptedCertificate);
        checkRequestIP(httpServletRequest);
        checkRequestURL(httpServletRequest);
        return decodeEncryptedCertificate;
    }

    @Override // com.atlassian.security.auth.trustedapps.Application
    public String getID() {
        return this.id;
    }

    @Override // com.atlassian.security.auth.trustedapps.Application
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    private void checkCertificateExpiry(ApplicationCertificate applicationCertificate) throws InvalidCertificateException {
        if (applicationCertificate.getCreationTime().getTime() + this.certificateTimeout <= System.currentTimeMillis()) {
            throw new CertificateTooOldException(applicationCertificate, this.certificateTimeout);
        }
    }

    private void checkRequestIP(HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        if (this.ipMatcher != null) {
            try {
                this.ipMatcher.match(httpServletRequest.getRemoteAddr());
            } catch (InvalidIPAddressException e) {
                throw new InvalidCertificateException(getID(), e);
            }
        }
    }

    private void checkRequestURL(HttpServletRequest httpServletRequest) throws InvalidCertificateException {
        if (this.urlMatcher != null) {
            try {
                this.urlMatcher.match(httpServletRequest);
            } catch (InvalidRequestUrlException e) {
                throw new InvalidCertificateException(getID(), e);
            }
        }
    }
}
