package com.resolution.atlasplugins.samlsso;

import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserProfile;
import java.security.cert.CertificateException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import org.opensaml.xml.security.x509.X509Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
/* loaded from: input_file:com/resolution/atlasplugins/samlsso/ConfigResource.class */
public class ConfigResource {
    private static Logger logger = LoggerFactory.getLogger(ConfigResource.class);
    private final UserManager userManager;
    private final TransactionTemplate transactionTemplate;
    private final SamlSsoComponent samlSsoComponent;

    @XmlAccessorType(XmlAccessType.FIELD)
    @XmlRootElement
    /* loaded from: input_file:com/resolution/atlasplugins/samlsso/ConfigResource$Config.class */
    public static final class Config {

        @XmlElement
        private String idpurl;

        @XmlElement
        private String defaultredirecturl;

        @XmlElement
        private String idpcertificate;

        @XmlElement
        private String loginpageurl;

        @XmlElement
        private String relaystateparametername;
        private String decodedidpcertificate;
        private String licenseMessage;
        private boolean licensed;

        @XmlElement
        private boolean setloginurl = true;

        @XmlElement
        private boolean omitrequestedauthncontext = false;

        @XmlElement
        private boolean enableUserForLogin = false;

        @XmlElement
        private boolean redirectWithPOST = false;

        @XmlElement
        private String jiraGroups = null;

        @XmlElement
        private String licenseString = null;

        @XmlElement
        private String useridTransformationRegex = null;

        @XmlElement
        private String useridTransformationReplacement = null;

        public String getIdpurl() {
            return this.idpurl;
        }

        public void setIdpurl(String str) {
            this.idpurl = str;
        }

        public String getDefaultredirecturl() {
            return this.defaultredirecturl;
        }

        public void setDefaultredirecturl(String str) {
            this.defaultredirecturl = str;
        }

        public String getIdpcertificate() {
            return this.idpcertificate;
        }

        public String getLoginpageurl() {
            return this.loginpageurl;
        }

        public void setLoginpageurl(String str) {
            this.loginpageurl = str;
        }

        public String getLicenseString() {
            return this.licenseString;
        }

        public void setLicenseString(String str) {
            this.licenseString = str;
        }

        public void setIdpcertificate(String str) {
            this.idpcertificate = str;
            if (str == null || str.length() == 0) {
                this.decodedidpcertificate = "No Certificate specified";
                return;
            }
            try {
                this.decodedidpcertificate = X509Util.decodeCertificate(str.getBytes()).iterator().next().toString();
            } catch (Exception e) {
                this.decodedidpcertificate = "unreadeable certificate!";
            }
        }

        public boolean isSetloginurl() {
            return this.setloginurl;
        }

        public void setSetloginurl(boolean z) {
            this.setloginurl = z;
        }

        public boolean isEnableUserForLogin() {
            return this.enableUserForLogin;
        }

        public void setEnableUserForLogin(boolean z) {
            this.enableUserForLogin = z;
        }

        public boolean isRedirectWithPOST() {
            return this.redirectWithPOST;
        }

        public void setRedirectWithPOST(boolean z) {
            this.redirectWithPOST = z;
        }

        public boolean isOmitrequestedauthncontext() {
            return this.omitrequestedauthncontext;
        }

        public void setOmitrequestedauthncontext(boolean z) {
            this.omitrequestedauthncontext = z;
        }

        public String getRelaystateparametername() {
            return this.relaystateparametername;
        }

        public void setRelaystateparametername(String str) {
            this.relaystateparametername = str;
        }

        public String getJiraGroups() {
            return this.jiraGroups;
        }

        public void setJiraGroups(String str) {
            this.jiraGroups = str;
        }

        public String getUseridTransformationRegex() {
            return this.useridTransformationRegex;
        }

        public void setUseridTransformationRegex(String str) {
            this.useridTransformationRegex = str;
        }

        public String getUseridTransformationReplacement() {
            return this.useridTransformationReplacement;
        }

        public void setUseridTransformationReplacement(String str) {
            this.useridTransformationReplacement = str;
        }

        @XmlElement
        public String getDecodedidpcertificate() {
            return this.decodedidpcertificate;
        }

        @XmlElement
        public String getLicenseMessage() {
            return this.licenseMessage;
        }

        public void setLicenseMessage(String str) {
            this.licenseMessage = str;
        }

        @XmlElement
        public boolean isLicensed() {
            return this.licensed;
        }

        public void setLicensed(boolean z) {
            this.licensed = z;
        }
    }

    public ConfigResource(UserManager userManager, PluginSettingsFactory pluginSettingsFactory, TransactionTemplate transactionTemplate, ApplicationProperties applicationProperties, SamlSsoComponent samlSsoComponent) {
        this.samlSsoComponent = samlSsoComponent;
        this.userManager = userManager;
        this.transactionTemplate = transactionTemplate;
    }

    @GET
    @Produces({"application/json"})
    public Response get(@Context HttpServletRequest httpServletRequest) {
        UserProfile remoteUser = this.userManager.getRemoteUser(httpServletRequest);
        if (remoteUser == null || !this.userManager.isSystemAdmin(remoteUser.getUserKey())) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        CacheControl cacheControl = new CacheControl();
        cacheControl.setNoCache(true);
        final LicenseCheckResult checkLicense = this.samlSsoComponent.checkLicense();
        return Response.ok(this.transactionTemplate.execute(new TransactionCallback<Config>() { // from class: com.resolution.atlasplugins.samlsso.ConfigResource.1
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Config m96doInTransaction() {
                Config config = new Config();
                config.setIdpcertificate(ConfigResource.this.samlSsoComponent.getIdpCertificate());
                config.setDefaultredirecturl(ConfigResource.this.samlSsoComponent.getDefaultRedirectUrl());
                config.setLoginpageurl(ConfigResource.this.samlSsoComponent.getLoginPageUrl());
                config.setIdpurl(ConfigResource.this.samlSsoComponent.getIdpUrl());
                config.setSetloginurl(ConfigResource.this.samlSsoComponent.isRedirectLogin());
                config.setRelaystateparametername(ConfigResource.this.samlSsoComponent.getRelayStateParameterName());
                config.setOmitrequestedauthncontext(ConfigResource.this.samlSsoComponent.isOmitRequestedAuthnContext());
                config.setJiraGroups(ConfigResource.this.samlSsoComponent.getGroupsToAddUserTo());
                config.setLicenseString(ConfigResource.this.samlSsoComponent.getLicenseString());
                config.setLicensed(checkLicense.isLicensed());
                config.setLicenseMessage(checkLicense.getMessage());
                config.setEnableUserForLogin(ConfigResource.this.samlSsoComponent.isEnableUserForLogin());
                config.setUseridTransformationRegex(ConfigResource.this.samlSsoComponent.getUseridTransformationRegex());
                config.setUseridTransformationReplacement(ConfigResource.this.samlSsoComponent.getUseridTransformationReplacement());
                config.setRedirectWithPOST(ConfigResource.this.samlSsoComponent.isRedirectWithPOST());
                return config;
            }
        })).cacheControl(cacheControl).build();
    }

    @PUT
    @Consumes({"application/json"})
    public Response put(final Config config, @Context HttpServletRequest httpServletRequest) {
        UserProfile remoteUser = this.userManager.getRemoteUser(httpServletRequest);
        if (remoteUser == null || !this.userManager.isSystemAdmin(remoteUser.getUserKey())) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        String trim = config.getIdpcertificate().trim();
        if (trim != null && trim.length() > 0) {
            try {
                if (!X509Util.decodeCertificate(trim.getBytes()).iterator().hasNext()) {
                    return Response.status(Response.Status.NOT_ACCEPTABLE).build();
                }
            } catch (CertificateException e) {
                logger.error("CERT", e);
                return Response.status(Response.Status.NOT_ACCEPTABLE).build();
            }
        }
        this.transactionTemplate.execute(new TransactionCallback<Config>() { // from class: com.resolution.atlasplugins.samlsso.ConfigResource.2
            /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
            public Config m97doInTransaction() {
                ConfigResource.this.samlSsoComponent.setIdpUrl(config.getIdpurl());
                ConfigResource.this.samlSsoComponent.setEnableUserForLogin(config.isEnableUserForLogin());
                ConfigResource.this.samlSsoComponent.setLoginPageUrl(config.getLoginpageurl());
                ConfigResource.this.samlSsoComponent.setDefaultRedirectUrl(config.getDefaultredirecturl());
                ConfigResource.this.samlSsoComponent.setIdpCertificate(config.getIdpcertificate());
                ConfigResource.this.samlSsoComponent.setRedirectLogin(config.isSetloginurl());
                ConfigResource.this.samlSsoComponent.setRelayStateParameterName(config.getRelaystateparametername());
                ConfigResource.this.samlSsoComponent.setOmitRequestedAuthnContext(config.isOmitrequestedauthncontext());
                ConfigResource.this.samlSsoComponent.setGroupsToAddUserTo(config.getJiraGroups());
                ConfigResource.this.samlSsoComponent.setLicenseString(config.getLicenseString());
                ConfigResource.this.samlSsoComponent.setUseridTransformationRegex(config.getUseridTransformationRegex());
                ConfigResource.this.samlSsoComponent.setUseridTransformationReplacement(config.getUseridTransformationReplacement());
                ConfigResource.this.samlSsoComponent.setRedirectWithPOST(config.isRedirectWithPOST());
                return null;
            }
        });
        return Response.noContent().build();
    }
}
