package net.savignano.snotify.bitbucket.gui.servlet;

import com.atlassian.bitbucket.ui.PluginFormFragmentsFactory;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.templaterenderer.RenderingException;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.savignano.cryptography.enums.ECryptographyType;
import net.savignano.cryptography.enums.EEncryptionTypePriority;
import net.savignano.cryptography.enums.EKeySource;
import net.savignano.cryptography.key.pgp.PgpPublicKey;
import net.savignano.cryptography.util.PgpUtil;
import net.savignano.cryptography.util.SmimeUtil;
import net.savignano.snotify.atlassian.common.EProperty;
import net.savignano.snotify.atlassian.common.properties.ISnotifyUserProperties;
import net.savignano.snotify.atlassian.gui.key.info.PgpPublicKeyInfoBuilder;
import net.savignano.snotify.atlassian.gui.key.info.SmimeCertInfoBuilder;
import net.savignano.snotify.bitbucket.common.BitbucketUser;
import net.savignano.snotify.bitbucket.gui.key.info.HtmlKeyValueStyle;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPException;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKey;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;

/* loaded from: input_file:net/savignano/snotify/bitbucket/gui/servlet/UserSettingsServlet.class */
public class UserSettingsServlet extends SnotifyServlet {
    private static final long serialVersionUID = 2219983034042546979L;
    private static final Logger log = LoggerFactory.getLogger(UserSettingsServlet.class);
    private static final String DISPLAYED_TAB_KEY = "displayedTab";
    private static final String SUBMIT_SMIME_BUTTON_PARAM = "Submit-SMIME";
    private static final String DELETE_SMIME_BUTTON_PARAM = "Delete-SMIME";
    private static final String SUBMIT_PGP_BUTTON_PARAM = "Submit-PGP";
    private static final String DELETE_PGP_BUTTON_PARAM = "Delete-PGP";
    private static final String FILE_PARAM = "file";

    @Inject
    @ComponentImport
    private PluginFormFragmentsFactory factory;

    @Inject
    private ISnotifyUserProperties userProps;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/bitbucket/gui/servlet/UserSettingsServlet$Data.class */
    public static final class Data {
        public MultipartHttpServletRequest req;
        public HttpServletResponse resp;
        public Map<String, Object> renderData;
        public MultipartFile file;

        private Data() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/bitbucket/gui/servlet/UserSettingsServlet$EmailException.class */
    public static final class EmailException extends CertificateException {
        private static final long serialVersionUID = 7315360494368546346L;

        private EmailException(String str, String str2) {
            super("Email address(es) of certificate (" + str + ") do not match email of user: " + str2);
        }
    }

    public UserSettingsServlet() {
        super("user-settings");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!isAuthenticated()) {
            httpServletResponse.sendError(401);
            return;
        }
        Data data = new Data();
        data.resp = httpServletResponse;
        CommonsMultipartResolver commonsMultipartResolver = null;
        MultipartHttpServletRequest multipartHttpServletRequest = null;
        try {
            commonsMultipartResolver = new CommonsMultipartResolver(httpServletRequest.getServletContext());
            multipartHttpServletRequest = commonsMultipartResolver.resolveMultipart(httpServletRequest);
            data.req = multipartHttpServletRequest;
            data.renderData = createRendererData(data.req);
            data.file = data.req.getFile(FILE_PARAM);
            dispatchPost(data);
            if (commonsMultipartResolver == null || multipartHttpServletRequest == null) {
                return;
            }
            commonsMultipartResolver.cleanupMultipart(multipartHttpServletRequest);
        } catch (Throwable th) {
            if (commonsMultipartResolver != null && multipartHttpServletRequest != null) {
                commonsMultipartResolver.cleanupMultipart(multipartHttpServletRequest);
            }
            throw th;
        }
    }

    private void dispatchPost(Data data) throws IOException, ServletException {
        if (!hasMatchinXsrfToken(data.req)) {
            xsrfError(data);
            return;
        }
        if (data.req.getParameter(SUBMIT_SMIME_BUTTON_PARAM) != null) {
            submitSmime(data);
            return;
        }
        if (data.req.getParameter(DELETE_SMIME_BUTTON_PARAM) != null) {
            deleteSmime(data);
            return;
        }
        if (data.req.getParameter(SUBMIT_PGP_BUTTON_PARAM) != null) {
            submitPgp(data);
        } else if (data.req.getParameter(DELETE_PGP_BUTTON_PARAM) != null) {
            deletePgp(data);
        } else {
            data.resp.sendError(400);
        }
    }

    private void xsrfError(Data data) throws RenderingException, IOException {
        renderXsrfError(data.req, data.resp);
    }

    private void submitSmime(Data data) throws IOException, ServletException {
        if (data.file == null || data.file.getSize() == 0) {
            renderError(data.resp, "nofile", data.renderData);
            return;
        }
        if (!isAllowSmimeUpload()) {
            log.warn("Uploading of custom S/MIME certificate is not allowed. User: {}", getUser());
            renderInput(data.resp, data.renderData);
            return;
        }
        data.renderData.put(DISPLAYED_TAB_KEY, ECryptographyType.SMIME);
        try {
            setEmailCert(data.file.getBytes(), getUser());
            renderInput(data.resp, data.renderData);
        } catch (IOException | CertificateException e) {
            log.info("Certificate parsing failed.", e);
            data.renderData.put("errorMessageHtml", e.getMessage());
            renderError(data.resp, "smime", data.renderData);
        } catch (CertificateExpiredException e2) {
            log.info("Certificate expired.", e2);
            data.renderData.put("errorMessageHtml", e2.getMessage());
            renderError(data.resp, "expired", data.renderData);
        } catch (CertificateNotYetValidException e3) {
            log.info("Certificate not yet valid.", e3);
            data.renderData.put("errorMessageHtml", e3.getMessage());
            renderError(data.resp, "notyetvalid", data.renderData);
        } catch (EmailException e4) {
            log.info("Email address mismatch.", e4);
            data.renderData.put("errorMessageHtml", e4.getMessage());
            renderError(data.resp, "email", data.renderData);
        } catch (Exception e5) {
            if (!(e5 instanceof ServletException)) {
                throw new ServletException(e5.getMessage(), e5);
            }
            throw e5;
        }
    }

    private void submitPgp(Data data) throws IOException, ServletException {
        if (data.file == null || data.file.getSize() == 0) {
            renderError(data.resp, "nofile", data.renderData);
            return;
        }
        if (!isAllowPgpUpload()) {
            log.warn("Uploading of custom PGP key is not allowed. User: {}", getUser());
            renderInput(data.resp, data.renderData);
            return;
        }
        data.renderData.put(DISPLAYED_TAB_KEY, ECryptographyType.PGP);
        try {
            setEmailPgpKey(data.file.getBytes(), getUser());
            renderInput(data.resp, data.renderData);
        } catch (IOException | PGPException e) {
            log.info("Key parsing failed.", e);
            data.renderData.put("errorMessageHtml", e.getMessage());
            renderError(data.resp, "pgp", data.renderData);
        } catch (KeyException e2) {
            log.info("No valid key found.", e2);
            data.renderData.put("errorMessageHtml", e2.getMessage());
            renderError(data.resp, "keynotfound", data.renderData);
        } catch (Exception e3) {
            if (!(e3 instanceof ServletException)) {
                throw new ServletException(e3.getMessage(), e3);
            }
            throw e3;
        }
    }

    private void deleteSmime(Data data) throws IOException {
        if (!isAllowSmimeUpload()) {
            log.warn("Deleting of custom S/MIME certificate is not allowed. User: {}", getUser());
            renderInput(data.resp, data.renderData);
        } else {
            data.renderData.put(DISPLAYED_TAB_KEY, ECryptographyType.SMIME);
            clearEmailCert(getUser());
            renderInput(data.resp, data.renderData);
        }
    }

    private void deletePgp(Data data) throws IOException {
        if (!isAllowPgpUpload()) {
            log.warn("Deleting of custom PGP key is not allowed. User: {}", getUser());
            renderInput(data.resp, data.renderData);
        } else {
            data.renderData.put(DISPLAYED_TAB_KEY, ECryptographyType.PGP);
            clearEmailPgpKey(getUser());
            renderInput(data.resp, data.renderData);
        }
    }

    private void clearEmailCert(BitbucketUser bitbucketUser) {
        log.debug("Clearing certificate for user: " + bitbucketUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, null, bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, null, bitbucketUser);
        this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, null, bitbucketUser);
    }

    private void setEmailCert(byte[] bArr, BitbucketUser bitbucketUser) throws CertificateException {
        log.debug("Checking certificate for user: " + bitbucketUser.getDisplayName());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        String lowerCase = StringUtils.join(SmimeUtil.getEmails(x509Certificate), ", ").toLowerCase();
        if (!lowerCase.contains(bitbucketUser.getEmail().toLowerCase())) {
            throw new EmailException(lowerCase, bitbucketUser.getDisplayName());
        }
        log.info("Setting certificate for user: " + bitbucketUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, bArr, bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), bitbucketUser);
        this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, EKeySource.USER, bitbucketUser);
    }

    private void clearEmailPgpKey(BitbucketUser bitbucketUser) {
        log.info("Clearing PGP key for user: {}", bitbucketUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, null, bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, null, bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, null, bitbucketUser);
        this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, null, bitbucketUser);
    }

    private void setEmailPgpKey(byte[] bArr, BitbucketUser bitbucketUser) throws IOException, PGPException, KeyException {
        log.debug("Checking PGP key for user: {}", bitbucketUser.getDisplayName());
        String lowerCase = bitbucketUser.getEmail().toLowerCase();
        PGPPublicKeyRing keysForEmail = PgpUtil.getKeysForEmail(PgpUtil.loadPublicKeys(new ByteArrayInputStream(bArr)), lowerCase);
        if (keysForEmail == null) {
            throw new KeyException("Could not find a key ring for email address: " + lowerCase);
        }
        PGPPublicKey key = new PgpPublicKey(keysForEmail, lowerCase).getKey();
        if (key == null) {
            throw new KeyException("Could not find a valid encryption key.");
        }
        log.info("Setting PGP key for user: {}", bitbucketUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, bArr, bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, Long.valueOf(key.getKeyID()), bitbucketUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), bitbucketUser);
        this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, EKeySource.USER, bitbucketUser);
    }

    private String buildCertInfo(byte[] bArr, BitbucketUser bitbucketUser) throws CertificateException {
        SmimeCertInfoBuilder smimeCertInfoBuilder = new SmimeCertInfoBuilder(bArr, getI18n());
        smimeCertInfoBuilder.setUser(bitbucketUser);
        smimeCertInfoBuilder.setUserProps(this.userProps);
        return smimeCertInfoBuilder.build(new HtmlKeyValueStyle());
    }

    private String buildKeyInfo(byte[] bArr, long j, BitbucketUser bitbucketUser) throws IOException, PGPException {
        PgpPublicKeyInfoBuilder pgpPublicKeyInfoBuilder = new PgpPublicKeyInfoBuilder(bArr, j, getI18n());
        pgpPublicKeyInfoBuilder.setUser(bitbucketUser);
        pgpPublicKeyInfoBuilder.setUserProps(this.userProps);
        return pgpPublicKeyInfoBuilder.build(new HtmlKeyValueStyle());
    }

    @HtmlSafe
    public String getCertDetails() {
        String text;
        byte[] bytes = (!getAppProps().getBoolean(EProperty.LITE_MODE) || this.userProps.getEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, EKeySource.class, getUser()) == EKeySource.USER) ? this.userProps.getBytes(EProperty.EMAIL_SMIME_CERT, getUser()) : null;
        if (bytes == null) {
            text = getI18n().getText("snotify-user-settings-webwork.input.smime.notfound");
            log.debug("No certificate specified for user: {}", getUser().getDisplayName());
        } else {
            try {
                text = buildCertInfo(bytes, getUser());
                log.debug("Certificate information for user {}: {}", getUser().getDisplayName(), text);
            } catch (CertificateException e) {
                log.warn("Could not load public certificate for user: " + getUser().getDisplayName(), e);
                text = getI18n().getText("snotify-user-settings-webwork.input.smime.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    @HtmlSafe
    public String getPgpDetails() {
        byte[] bytes;
        Long l;
        String text;
        if (!getAppProps().getBoolean(EProperty.LITE_MODE) || this.userProps.getEnum(EProperty.EMAIL_PGP_KEY_SOURCE, EKeySource.class, getUser()) == EKeySource.USER) {
            bytes = this.userProps.getBytes(EProperty.EMAIL_PGP_KEY, getUser());
            l = this.userProps.getLong(EProperty.EMAIL_PGP_KEY_ID, getUser());
        } else {
            bytes = null;
            l = null;
        }
        if (bytes == null || l == null) {
            text = getI18n().getText("snotify-user-settings-webwork.input.pgp.notfound");
            log.debug("No certificate specified for user: {}", getUser().getDisplayName());
        } else {
            try {
                text = buildKeyInfo(bytes, l.longValue(), getUser());
                log.debug("Key information for user {}: {}", getUser().getDisplayName(), text);
            } catch (IOException | PGPException e) {
                log.warn("Could not load PGP key for user: " + getUser().getDisplayName(), e);
                text = getI18n().getText("snotify-user-settings-webwork.input.pgp.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    public boolean isChoiceEnabled() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
            case PGP_PREFERED:
                return true;
            case SMIME_ONLY:
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isSmimeSelected(ECryptographyType eCryptographyType) {
        if (eCryptographyType == ECryptographyType.SMIME) {
            return true;
        }
        if (eCryptographyType == ECryptographyType.PGP) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowSmimeUpload() || !isAllowPgpUpload();
            case PGP_PREFERED:
                return isAllowSmimeUpload() && !isAllowPgpUpload();
            case SMIME_ONLY:
                return true;
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isPgpSelected(ECryptographyType eCryptographyType) {
        if (eCryptographyType == ECryptographyType.PGP) {
            return true;
        }
        if (eCryptographyType == ECryptographyType.SMIME) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowPgpUpload() && !isAllowSmimeUpload();
            case PGP_PREFERED:
                return isAllowPgpUpload() || !isAllowSmimeUpload();
            case SMIME_ONLY:
                return false;
            case PGP_ONLY:
                return true;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return false;
        }
    }

    public boolean isSmimeUploadAllowed() {
        return isAllowSmimeUpload() && (isChoiceEnabled() || isSmimeSelected(null));
    }

    public boolean isPgpUploadAllowed() {
        return isAllowPgpUpload() && (isChoiceEnabled() || isPgpSelected(null));
    }

    public boolean showMultipleUsersError() {
        return (isAllowSmimeUpload() || isAllowPgpUpload()) && BitbucketUser.lookupUsers(getUser().getEmail()).size() > 1;
    }

    private EEncryptionTypePriority getTypePriority() {
        return (EEncryptionTypePriority) getAppProps().getEnum(EProperty.ENCRYPTION_TYPE_PRIORITY, EEncryptionTypePriority.class);
    }

    private boolean isAllowSmimeUpload() {
        return getAppProps().getBoolean(EProperty.ALLOW_SMIME_CERTIFICATE_OVERWRITE) || getAppProps().getBoolean(EProperty.LITE_MODE);
    }

    private boolean isAllowPgpUpload() {
        return getAppProps().getBoolean(EProperty.ALLOW_PGP_PUBLIC_KEY_OVERWRITE) || getAppProps().getBoolean(EProperty.LITE_MODE);
    }
}
