package com.resolution.atlasplugins.samlsso;

import ch.qos.logback.core.CoreConstants;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.event.events.PluginDisabledEvent;
import com.atlassian.plugin.event.events.PluginEnabledEvent;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.license.LicenseHandler;
import com.atlassian.sal.api.pluginsettings.PluginSettings;
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.upm.api.license.PluginLicenseManager;
import com.atlassian.upm.api.license.entity.LicenseError;
import com.atlassian.upm.api.license.entity.PluginLicense;
import com.resolution.license.License;
import com.resolution.license.LicenseFactory;
import com.resolution.samlprocessor.SAMLProcessor;
import com.resolution.samlprocessor.SAMLProcessorException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import org.opensaml.saml2.ecp.RelayState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/SamlSsoComponent.class */
public class SamlSsoComponent {
    public static final String DEFAULTJIRAGROUPS = "jira-users";
    private static final Logger logger = LoggerFactory.getLogger(SamlSsoComponent.class);
    private PluginSettingsFactory pluginSettingsFactory;
    private PluginSettings pluginSettings;
    private ApplicationProperties applicationProperties;
    private SAMLProcessor samlProcessor;
    private String idpUrl;
    private String defaultRedirectUrl;
    private String loginPageUrl;
    private boolean redirectLogin;
    private boolean omitRequestedAuthnContext;
    private boolean enableUserForLogin;
    private boolean redirectWithPOST;
    private String relayStateParameterName;
    private String useridTransformationRegex;
    private String useridTransformationReplacement;
    private CrowdService crowdService;
    private CrowdDirectoryService crowdDirectoryService;
    private final String serverId;
    private String licenseString = null;
    private PluginLicenseManager pluginLicenseManager;
    private boolean atlassianLicense;
    private boolean ownLicense;
    private AuthenticatorHook authenticatorHook;
    private TransactionTemplate transactionTemplate;
    private EventPublisher eventPublisher;
    private HostApplication application;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/resolution/atlasplugins/samlsso/SamlSsoComponent$HostApplication.class */
    public enum HostApplication {
        JIRA,
        CONFLUENCE
    }

    public SamlSsoComponent(PluginSettingsFactory pluginSettingsFactory, ApplicationProperties applicationProperties, TransactionTemplate transactionTemplate, EventPublisher eventPublisher, CrowdService crowdService, CrowdDirectoryService crowdDirectoryService, PluginLicenseManager pluginLicenseManager, LicenseHandler licenseHandler) {
        this.atlassianLicense = false;
        this.ownLicense = false;
        this.pluginSettingsFactory = pluginSettingsFactory;
        this.pluginSettings = pluginSettingsFactory.createGlobalSettings();
        this.applicationProperties = applicationProperties;
        this.transactionTemplate = transactionTemplate;
        this.eventPublisher = eventPublisher;
        this.eventPublisher.register(this);
        this.crowdDirectoryService = crowdDirectoryService;
        this.crowdService = crowdService;
        this.serverId = licenseHandler.getServerId();
        logger.debug("Server ID is ==> " + licenseHandler.getServerId());
        this.pluginLicenseManager = pluginLicenseManager;
        String str = PluginProperties.get("licensingEnabled");
        String str2 = PluginProperties.get("ownLicensing");
        if (str == null || !str.equalsIgnoreCase("true")) {
            this.atlassianLicense = false;
            logger.info("Atlassian licensing is disabled.");
        } else {
            this.atlassianLicense = true;
            logger.info("Atlassian licensing is enabled.");
        }
        if (str2 == null || !str2.equalsIgnoreCase("true")) {
            this.ownLicense = false;
            logger.info("Resolution licensing is disabled.");
        } else {
            this.ownLicense = true;
            logger.info("Resolution licensing is enabled.");
        }
        String displayName = applicationProperties.getDisplayName();
        logger.debug("Host application is " + displayName);
        if (displayName.equalsIgnoreCase("JIRA")) {
            this.application = HostApplication.JIRA;
        } else {
            if (!displayName.equalsIgnoreCase("Confluence")) {
                logger.error("Host application " + displayName + " is not known");
                throw new RuntimeException("Host application " + displayName + " is not known");
            }
            this.application = HostApplication.CONFLUENCE;
        }
        init();
    }

    @EventListener
    public void onPluginDisabledEvent(PluginDisabledEvent pluginDisabledEvent) {
        if (this.redirectLogin) {
            logger.info("Plugin is being disabled, removing login URL redirection.");
            LoginUrlChangeableSecurityConfig.removeLoginUrls();
        }
    }

    @EventListener
    public void onPluginEnabledEvent(PluginEnabledEvent pluginEnabledEvent) {
        if (this.redirectLogin) {
            logger.info("Plugin is being enabled, adding login URL redirection.");
            LoginUrlChangeableSecurityConfig.setLoginUrls();
        }
    }

    public void init() {
        logger.debug("Initializing SamlSsoComponent...");
        PluginSettings createGlobalSettings = this.pluginSettingsFactory.createGlobalSettings();
        this.licenseString = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:LicenseString");
        this.defaultRedirectUrl = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:defaultRedirectUrl");
        if (this.defaultRedirectUrl == null) {
            this.defaultRedirectUrl = "/";
            logger.warn("Default redirect URL is not set in configuration, assuming " + this.defaultRedirectUrl);
        }
        this.loginPageUrl = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:loginPageUrl");
        if (this.loginPageUrl == null) {
            if (this.application == HostApplication.JIRA) {
                this.loginPageUrl = "/login.jsp";
            } else if (this.application == HostApplication.CONFLUENCE) {
                this.loginPageUrl = "/login.action";
            }
        }
        String str = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:base64encodedIdPCertificate");
        try {
            this.samlProcessor = new SAMLProcessor();
            this.idpUrl = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:idpUrl");
            if (this.idpUrl == null) {
                logger.warn("IdP URL is not set in configuration.");
            } else {
                this.samlProcessor.setIdpCertificate(str);
            }
        } catch (SAMLProcessorException e) {
            logger.error("Initializing SAMLProcessor failed!", e);
        }
        this.redirectLogin = createGlobalSettings.get("com.resolution.atlasplugins.samlsso:setLoginUrl") != null;
        setRedirectLogin(this.redirectLogin);
        this.enableUserForLogin = createGlobalSettings.get("com.resolution.atlasplugins.samlsso:enableUserForLogin") != null;
        this.omitRequestedAuthnContext = createGlobalSettings.get("com.resolution.atlasplugins.samlsso:omitRequestedAuthnContext") != null;
        this.redirectWithPOST = createGlobalSettings.get("com.resolution.atlasplugins.samlsso:redirectWithPOST") != null;
        this.relayStateParameterName = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:relayStateParameterName");
        if (this.relayStateParameterName == null) {
            setRelayStateParameterName(RelayState.DEFAULT_ELEMENT_LOCAL_NAME);
        }
        String str2 = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:groupsToAddUserTo");
        if (str2 == null) {
            str2 = DEFAULTJIRAGROUPS;
        }
        this.useridTransformationRegex = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:useridTransformationRegex");
        this.useridTransformationReplacement = (String) createGlobalSettings.get("com.resolution.atlasplugins.samlsso:useridTransformationReplacement");
        switch (this.application) {
            case CONFLUENCE:
                this.authenticatorHook = new ConfluenceAuthenticatorHook(this.transactionTemplate);
                break;
            case JIRA:
                this.authenticatorHook = new JiraAuthenticatorHook(this.transactionTemplate, Arrays.asList(str2.split(",")), this.enableUserForLogin, this.eventPublisher, this.crowdService, this.crowdDirectoryService);
                break;
            default:
                throw new AuthenticatorHookException("Invalid Host application: " + this.application);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("idpUrl: " + this.idpUrl);
            logger.debug("defaultRedirectUrl: " + this.defaultRedirectUrl);
            logger.debug("RelayStateParameter: " + (this.relayStateParameterName == null ? "none set" : this.relayStateParameterName));
            logger.debug("omitRequestedAuthnContext: " + this.omitRequestedAuthnContext);
            logger.debug("redirectWithPOST: " + this.redirectWithPOST);
            if (this.samlProcessor == null) {
                logger.warn("SAMLSSOPlugin is not initialized, please check the configuration.");
            } else if (this.samlProcessor.getIdpCertificate() == null) {
                logger.debug("No IdP-Certificate set, signature validation is disabled.");
            } else {
                logger.debug("IdP-Certificate: " + this.samlProcessor.getIdpCertificate().toString());
            }
        }
    }

    public SAMLProcessor getSamlProcessor() {
        return this.samlProcessor;
    }

    public boolean isShowGroupField() {
        return this.application == HostApplication.JIRA;
    }

    public boolean isRedirectLogin() {
        return this.redirectLogin;
    }

    public boolean isEnableUserForLogin() {
        return this.enableUserForLogin;
    }

    public boolean isRedirectWithPOST() {
        return this.redirectWithPOST;
    }

    public void setEnableUserForLogin(boolean z) {
        this.enableUserForLogin = z;
        if (this.enableUserForLogin) {
            this.pluginSettings.put("com.resolution.atlasplugins.samlsso:enableUserForLogin", "YES");
        } else {
            this.pluginSettings.remove("com.resolution.atlasplugins.samlsso:enableUserForLogin");
        }
    }

    public void setRedirectWithPOST(boolean z) {
        this.redirectWithPOST = z;
        if (z) {
            this.pluginSettings.put("com.resolution.atlasplugins.samlsso:redirectWithPOST", "YES");
        } else {
            this.pluginSettings.remove("com.resolution.atlasplugins.samlsso:redirectWithPOST");
        }
    }

    public void setRedirectLogin(boolean z) {
        this.redirectLogin = z;
        if (z) {
            logger.info("Redirecting the login URL to the SAML SSO Plugin.");
            LoginUrlChangeableSecurityConfig.setLoginUrls();
            this.pluginSettings.put("com.resolution.atlasplugins.samlsso:setLoginUrl", "YES");
        } else {
            logger.info("Removing the login URL redirect to the SAML SSO Plugin.");
            LoginUrlChangeableSecurityConfig.removeLoginUrls();
            this.pluginSettings.remove("com.resolution.atlasplugins.samlsso:setLoginUrl");
        }
    }

    public String generateSamlMetadata() throws SAMLProcessorException {
        if (this.samlProcessor != null) {
            return this.samlProcessor.generateMetadata(getConsumerUrl());
        }
        logger.warn("Not initialized, returning null as metadata!");
        return null;
    }

    public String getIdpUrl() {
        return this.idpUrl;
    }

    public void setIdpUrl(String str) {
        this.idpUrl = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:idpUrl", str);
    }

    public String getConsumerUrl() {
        return getAbsoluteBaseUrl() + "/plugins/servlet/samlsso";
    }

    public String getLoginPageUrl() {
        return this.loginPageUrl;
    }

    public void setLoginPageUrl(String str) {
        this.loginPageUrl = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:loginPageUrl", str);
    }

    public String getDefaultRedirectUrl() {
        return this.defaultRedirectUrl;
    }

    public void setDefaultRedirectUrl(String str) {
        this.defaultRedirectUrl = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:defaultRedirectUrl", str);
    }

    public boolean isOmitRequestedAuthnContext() {
        return this.omitRequestedAuthnContext;
    }

    public void setOmitRequestedAuthnContext(boolean z) {
        this.omitRequestedAuthnContext = z;
        if (z) {
            this.pluginSettings.put("com.resolution.atlasplugins.samlsso:omitRequestedAuthnContext", "YES");
        } else {
            this.pluginSettings.remove("com.resolution.atlasplugins.samlsso:omitRequestedAuthnContext");
        }
    }

    public String getRelayStateParameterName() {
        return this.relayStateParameterName;
    }

    public void setRelayStateParameterName(String str) {
        this.relayStateParameterName = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:relayStateParameterName", str);
    }

    public String getUseridTransformationRegex() {
        return this.useridTransformationRegex;
    }

    public void setUseridTransformationRegex(String str) {
        this.useridTransformationRegex = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:useridTransformationRegex", str);
    }

    public String getUseridTransformationReplacement() {
        return this.useridTransformationReplacement;
    }

    public void setUseridTransformationReplacement(String str) {
        this.useridTransformationReplacement = str;
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:useridTransformationReplacement", str);
    }

    public boolean setIdpCertificate(String str) {
        String trim = str.trim();
        try {
            if (this.samlProcessor == null) {
                logger.error("SAML Processor is null while trying to set the IDP certificate. This should not happen!");
                return false;
            }
            this.samlProcessor.setIdpCertificate(trim);
            this.pluginSettings.put("com.resolution.atlasplugins.samlsso:base64encodedIdPCertificate", trim);
            return true;
        } catch (SAMLProcessorException e) {
            logger.error("Setting the IdP-certificate failed", e);
            return false;
        }
    }

    public String getIdpCertificate() {
        return (String) this.pluginSettings.get("com.resolution.atlasplugins.samlsso:base64encodedIdPCertificate");
    }

    public boolean isInitialized() {
        return (this.samlProcessor == null || this.authenticatorHook == null || this.idpUrl == null || this.idpUrl.isEmpty()) ? false : true;
    }

    public String getAbsoluteBaseUrl() {
        return this.applicationProperties.getBaseUrl(UrlMode.ABSOLUTE);
    }

    public String getRelativeBaseUrl() {
        String str;
        String absoluteBaseUrl = getAbsoluteBaseUrl();
        try {
            str = new URL(absoluteBaseUrl).getPath();
        } catch (MalformedURLException e) {
            logger.warn("MalformedURLExeception while parsing relarive URL from " + absoluteBaseUrl + ". Returning full URL.");
            str = absoluteBaseUrl;
        }
        logger.debug("Relative base URL is " + str);
        return str;
    }

    public AuthenticatorHook getAuthenticatorHook() {
        return this.authenticatorHook;
    }

    public String getGroupsToAddUserTo() {
        return (String) this.pluginSettings.get("com.resolution.atlasplugins.samlsso:groupsToAddUserTo");
    }

    public void setGroupsToAddUserTo(String str) {
        this.pluginSettings.put("com.resolution.atlasplugins.samlsso:groupsToAddUserTo", str);
        if (this.application == HostApplication.JIRA) {
            if (str == null) {
                this.authenticatorHook = new JiraAuthenticatorHook(this.transactionTemplate, new ArrayList(), this.enableUserForLogin, this.eventPublisher, this.crowdService, this.crowdDirectoryService);
            } else {
                this.authenticatorHook = new JiraAuthenticatorHook(this.transactionTemplate, Arrays.asList(str.split(",")), this.enableUserForLogin, this.eventPublisher, this.crowdService, this.crowdDirectoryService);
            }
        }
    }

    public String getLicenseString() {
        return this.licenseString;
    }

    public void setLicenseString(String str) {
        this.licenseString = str;
    }

    public boolean isOwnLicense() {
        return this.ownLicense;
    }

    public String getServerId() {
        return this.serverId;
    }

    public String transformUserid(String str) {
        String str2 = this.useridTransformationRegex == null ? CoreConstants.EMPTY_STRING : this.useridTransformationRegex;
        String str3 = this.useridTransformationReplacement == null ? CoreConstants.EMPTY_STRING : this.useridTransformationReplacement;
        if (str2.isEmpty()) {
            logger.debug("Transformation regex is empty, retuning {}", str);
            return str;
        }
        String replaceAll = str.replaceAll(this.useridTransformationRegex, this.useridTransformationReplacement);
        logger.debug("Transformed userid {} to {} using regex {} and replacement {}", new String[]{str, replaceAll, str2, str3});
        return replaceAll;
    }

    private LicenseCheckResult checkAtlassianLicense() {
        if (!this.pluginLicenseManager.getLicense().isDefined()) {
            return new LicenseCheckResult(false, "License error: no Atlassian license installed");
        }
        PluginLicense pluginLicense = (PluginLicense) this.pluginLicenseManager.getLicense().get();
        return pluginLicense.getError().isDefined() ? new LicenseCheckResult(false, "Atlassian license error: " + ((LicenseError) pluginLicense.getError().get()).name()) : pluginLicense.isEvaluation() ? new LicenseCheckResult(true, "Atlassian evaluation license found", true) : new LicenseCheckResult(true, "Valid Atlassian license found");
    }

    private LicenseCheckResult checkOwnLicense() {
        if (this.licenseString == null || this.licenseString.isEmpty()) {
            return new LicenseCheckResult(false, "License error: no Resolution license installed");
        }
        License loadLicenseFromString = LicenseFactory.loadLicenseFromString(this.licenseString);
        return !loadLicenseFromString.isSignatureValid() ? new LicenseCheckResult(false, "License error: License signature is invalid") : !loadLicenseFromString.isFeatureLicensed("samlsso") ? new LicenseCheckResult(false, "License error: License does not contain the samlsso feature") : !loadLicenseFromString.isBeforeValidUntil() ? new LicenseCheckResult(false, "License error: License is expired.") : !loadLicenseFromString.isValidForHost(this.serverId) ? new LicenseCheckResult(false, "License error: Host id " + this.serverId + " does not match license") : new LicenseCheckResult(true, "Resolution license for Server ID " + this.serverId + " is valid");
    }

    public LicenseCheckResult checkLicense() {
        if (!this.ownLicense && !this.atlassianLicense) {
            return new LicenseCheckResult(true, "License is not enforced");
        }
        if (!this.atlassianLicense) {
            return checkOwnLicense();
        }
        LicenseCheckResult checkAtlassianLicense = checkAtlassianLicense();
        if (!checkAtlassianLicense.isLicensed()) {
            return this.ownLicense ? checkOwnLicense() : checkAtlassianLicense;
        }
        if (!checkAtlassianLicense.isEvaluation() || !this.ownLicense) {
            return checkAtlassianLicense;
        }
        LicenseCheckResult checkOwnLicense = checkOwnLicense();
        return checkOwnLicense.isLicensed() ? checkOwnLicense : checkAtlassianLicense;
    }
}
