package net.savignano.snotify.confluence.gui.action;

import com.atlassian.confluence.api.service.exceptions.ReadOnlyException;
import com.atlassian.confluence.languages.LocaleManager;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.actions.AbstractUserProfileAction;
import com.atlassian.sal.api.component.ComponentLocator;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import com.atlassian.xwork.FileUploadUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.security.KeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import net.savignano.cryptography.enums.ECryptographyType;
import net.savignano.cryptography.enums.EEncryptionTypePriority;
import net.savignano.cryptography.enums.EKeySource;
import net.savignano.cryptography.key.pgp.PgpPublicKey;
import net.savignano.cryptography.util.PgpUtil;
import net.savignano.cryptography.util.SmimeUtil;
import net.savignano.snotify.atlassian.common.EProperty;
import net.savignano.snotify.atlassian.common.ISnotifyI18n;
import net.savignano.snotify.atlassian.common.properties.ISnotifyAppProperties;
import net.savignano.snotify.atlassian.common.properties.ISnotifyUserProperties;
import net.savignano.snotify.atlassian.gui.key.info.PgpPublicKeyInfoBuilder;
import net.savignano.snotify.atlassian.gui.key.info.SmimeCertInfoBuilder;
import net.savignano.snotify.confluence.common.SnotifyAppProperties;
import net.savignano.snotify.confluence.common.SnotifyI18n;
import net.savignano.snotify.confluence.common.SnotifyUserProperties;
import net.savignano.snotify.confluence.gui.key.info.HtmlKeyValueStyle;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPException;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/confluence/gui/action/SnotifyUserSettingsAction.class */
public class SnotifyUserSettingsAction extends AbstractUserProfileAction {
    private static final long serialVersionUID = -5462548019091147432L;
    private static final String ERROR_EMAIL_MISMATCH = "error-email";
    private static final String ERROR_EXPIRED = "error-expired";
    private static final String ERROR_KEYNOTFOUND = "error-keynotfound";
    private static final String ERROR_NOFILE = "error-nofile";
    private static final String ERROR_NOTYETVALID = "error-notyetvalid";
    private static final String ERROR_PGP = "error-pgp";
    private static final String ERROR_SMIME = "error-smime";
    private static final String DELETE_BUTTON_PARAM = "Delete";
    private static final Logger log = LoggerFactory.getLogger(SnotifyUserSettingsAction.class);
    private final ISnotifyAppProperties appProps = new SnotifyAppProperties();
    private final ISnotifyUserProperties userProps = new SnotifyUserProperties();
    private ISnotifyI18n i18n;
    private Exception lastException;
    private EEncryptionTypePriority typePriority;
    private ECryptographyType lastUpload;
    private Boolean allowSmimeUpload;
    private Boolean allowPgpUpload;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/confluence/gui/action/SnotifyUserSettingsAction$EmailException.class */
    public static final class EmailException extends CertificateException {
        private static final long serialVersionUID = -5262905856665194L;

        private EmailException(String str, String str2) {
            super("Email address(es) of certificate (" + str + ") does not match email of user: " + str2);
        }
    }

    public String doInput() {
        if (getAuthenticatedUser() == null) {
            return null;
        }
        this.lastUpload = null;
        return "input";
    }

    public String doSubmitSmime() {
        byte[] readUploadedFile;
        if (!"POST".equals(getCurrentRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getCurrentRequest().getMethod());
            return doInput();
        }
        ConfluenceUser authenticatedUser = getAuthenticatedUser();
        if (authenticatedUser == null) {
            log.warn("User is not authenticated for uploading custom S/MIME certificate.");
            return null;
        }
        if (!isAllowSmimeUpload()) {
            if (isReadOnlyMode()) {
                throw new ReadOnlyException(this.i18NBeanFactory.getI18NBean().getText("read.only.mode.default.banner.message"));
            }
            log.warn("Uploading of custom S/MIME certificate is not allowed. User: {}", authenticatedUser);
            return doInput();
        }
        this.lastUpload = ECryptographyType.SMIME;
        if (getCurrentRequest().getParameterMap().containsKey(DELETE_BUTTON_PARAM)) {
            readUploadedFile = null;
        } else {
            try {
                readUploadedFile = readUploadedFile();
                if (readUploadedFile == null) {
                    return ERROR_NOFILE;
                }
                if (readUploadedFile.length == 0) {
                    return ERROR_NOFILE;
                }
            } catch (IOException e) {
                this.lastException = e;
                log.info("Uploaded file could not be read.", e);
                return "error";
            }
        }
        try {
            setEmailCert(readUploadedFile, new net.savignano.snotify.confluence.common.ConfluenceUser(authenticatedUser));
            return "success";
        } catch (CertificateExpiredException e2) {
            this.lastException = e2;
            log.info("Certificate expired.", e2);
            return ERROR_EXPIRED;
        } catch (CertificateNotYetValidException e3) {
            this.lastException = e3;
            log.info("Certificate not yet valid.", e3);
            return ERROR_NOTYETVALID;
        } catch (EmailException e4) {
            this.lastException = e4;
            log.info("Email address mismatch.", e4);
            return ERROR_EMAIL_MISMATCH;
        } catch (CertificateException e5) {
            this.lastException = e5;
            log.info("Certificate parsing failed.", e5);
            return ERROR_SMIME;
        }
    }

    public String doSubmitPgp() {
        byte[] readUploadedFile;
        if (!"POST".equals(getCurrentRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getCurrentRequest().getMethod());
            return doInput();
        }
        ConfluenceUser authenticatedUser = getAuthenticatedUser();
        if (authenticatedUser == null) {
            log.warn("User is not authenticated for uploading custom PGP key.");
            return null;
        }
        if (!isAllowPgpUpload()) {
            if (isReadOnlyMode()) {
                throw new ReadOnlyException(this.i18NBeanFactory.getI18NBean().getText("read.only.mode.default.banner.message"));
            }
            log.warn("Uploading of custom PGP key is not allowed. User: {}", authenticatedUser);
            return null;
        }
        this.lastUpload = ECryptographyType.PGP;
        if (getCurrentRequest().getParameterMap().containsKey(DELETE_BUTTON_PARAM)) {
            readUploadedFile = null;
        } else {
            try {
                readUploadedFile = readUploadedFile();
                if (readUploadedFile == null) {
                    return ERROR_NOFILE;
                }
                if (readUploadedFile.length == 0) {
                    return ERROR_NOFILE;
                }
            } catch (IOException e) {
                this.lastException = e;
                log.info("Uploaded file could not be read.", e);
                return "error";
            }
        }
        try {
            setEmailPgpKey(readUploadedFile, new net.savignano.snotify.confluence.common.ConfluenceUser(authenticatedUser));
            return "success";
        } catch (KeyException e2) {
            this.lastException = e2;
            log.info("No valid key found.", e2);
            return ERROR_KEYNOTFOUND;
        } catch (PGPException e3) {
            this.lastException = e3;
            log.info("Key parsing failed.", e3);
            return ERROR_PGP;
        }
    }

    private byte[] readUploadedFile() throws IOException {
        try {
            File singleFile = FileUploadUtils.getSingleFile();
            if (singleFile == null) {
                return null;
            }
            return Files.readAllBytes(singleFile.toPath());
        } catch (FileUploadUtils.FileUploadException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    private void setEmailCert(byte[] bArr, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws CertificateException {
        if (bArr == null || bArr.length == 0) {
            log.debug("Clearing certificate for user: " + confluenceUser.getDisplayName());
            this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, null, confluenceUser);
            this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, null, confluenceUser);
            this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, null, confluenceUser);
            return;
        }
        log.debug("Checking certificate for user: " + confluenceUser.getDisplayName());
        checkSmimeCert(bArr, confluenceUser);
        log.debug("Setting certificate for user: " + confluenceUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_SMIME_CERT, bArr, confluenceUser);
        this.userProps.setLong(EProperty.EMAIL_SMIME_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), confluenceUser);
        this.userProps.setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, EKeySource.USER, confluenceUser);
    }

    private void checkSmimeCert(byte[] bArr, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws CertificateException, CertificateExpiredException, CertificateNotYetValidException, CertificateEncodingException, CertificateParsingException, EmailException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        String lowerCase = StringUtils.join(SmimeUtil.getEmails(x509Certificate), ", ").toLowerCase();
        if (!lowerCase.contains(confluenceUser.getEmail().toLowerCase())) {
            throw new EmailException(StringEscapeUtils.escapeHtml(lowerCase), confluenceUser.getDisplayName());
        }
    }

    private void setEmailPgpKey(byte[] bArr, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws PGPException, KeyException {
        if (bArr == null || bArr.length == 0) {
            log.info("Clearing PGP key for user: {}", confluenceUser.getDisplayName());
            this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, null, confluenceUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, null, confluenceUser);
            this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, null, confluenceUser);
            this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, null, confluenceUser);
            return;
        }
        log.debug("Checking PGP key for user: {}", confluenceUser.getDisplayName());
        PgpPublicKey loadPgpKey = loadPgpKey(bArr, confluenceUser);
        log.info("Setting PGP key for user: {}", confluenceUser.getDisplayName());
        this.userProps.setBytes(EProperty.EMAIL_PGP_KEY, bArr, confluenceUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_KEY_ID, Long.valueOf(loadPgpKey.getKey().getKeyID()), confluenceUser);
        this.userProps.setLong(EProperty.EMAIL_PGP_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), confluenceUser);
        this.userProps.setEnum(EProperty.EMAIL_PGP_KEY_SOURCE, EKeySource.USER, confluenceUser);
    }

    private PgpPublicKey loadPgpKey(byte[] bArr, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws PGPException, KeyException {
        String lowerCase = confluenceUser.getEmail().toLowerCase();
        try {
            PGPPublicKeyRing keysForEmail = PgpUtil.getKeysForEmail(PgpUtil.loadPublicKeys(new ByteArrayInputStream(bArr)), lowerCase);
            if (keysForEmail == null) {
                throw new KeyException("Could not find a key ring for email address: " + lowerCase);
            }
            PgpPublicKey pgpPublicKey = new PgpPublicKey(keysForEmail, lowerCase);
            if (pgpPublicKey.isValid()) {
                return pgpPublicKey;
            }
            throw new KeyException("Could not find a valid encryption key.");
        } catch (IOException e) {
            throw new KeyException("Could not read stream", e);
        }
    }

    private String buildCertInfo(byte[] bArr, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws CertificateException {
        SmimeCertInfoBuilder smimeCertInfoBuilder = new SmimeCertInfoBuilder(bArr, getSnotifyI18n());
        smimeCertInfoBuilder.setUser(confluenceUser);
        smimeCertInfoBuilder.setUserProps(this.userProps);
        return smimeCertInfoBuilder.build(new HtmlKeyValueStyle());
    }

    private String buildKeyInfo(byte[] bArr, long j, net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser) throws IOException, PGPException {
        PgpPublicKeyInfoBuilder pgpPublicKeyInfoBuilder = new PgpPublicKeyInfoBuilder(bArr, j, getSnotifyI18n());
        pgpPublicKeyInfoBuilder.setUser(confluenceUser);
        pgpPublicKeyInfoBuilder.setUserProps(this.userProps);
        return pgpPublicKeyInfoBuilder.build(new HtmlKeyValueStyle());
    }

    private ISnotifyI18n getSnotifyI18n() {
        if (this.i18n == null) {
            this.i18n = new SnotifyI18n(getI18n(), ((LocaleManager) ComponentLocator.getComponent(LocaleManager.class)).getLocale(getAuthenticatedUser()));
        }
        return this.i18n;
    }

    public String getErrorMessage() {
        if (this.lastException == null) {
            return null;
        }
        return this.lastException.getMessage();
    }

    @HtmlSafe
    public String getCertDetails() {
        String text;
        net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser = new net.savignano.snotify.confluence.common.ConfluenceUser(getUser());
        byte[] bytes = (!this.appProps.getBoolean(EProperty.LITE_MODE) || this.userProps.getEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, EKeySource.class, confluenceUser) == EKeySource.USER) ? this.userProps.getBytes(EProperty.EMAIL_SMIME_CERT, confluenceUser) : null;
        if (bytes == null) {
            text = getText("snotify-user-settings-webwork.input.smime.notfound");
            log.debug("No certificate specified for user: {}", confluenceUser.getDisplayName());
        } else {
            try {
                text = buildCertInfo(bytes, confluenceUser);
                log.debug("Certificate information for user {}: {}", confluenceUser.getDisplayName(), text);
            } catch (CertificateException e) {
                log.warn("Could not load public certificate for user: " + confluenceUser.getDisplayName(), e);
                text = getText("snotify-user-settings-webwork.input.smime.error", new String[]{e.getLocalizedMessage()});
            }
        }
        return text;
    }

    @HtmlSafe
    public String getPgpDetails() {
        byte[] bytes;
        Long l;
        String text;
        net.savignano.snotify.confluence.common.ConfluenceUser confluenceUser = new net.savignano.snotify.confluence.common.ConfluenceUser(getUser());
        if (!this.appProps.getBoolean(EProperty.LITE_MODE) || this.userProps.getEnum(EProperty.EMAIL_PGP_KEY_SOURCE, EKeySource.class, confluenceUser) == EKeySource.USER) {
            bytes = this.userProps.getBytes(EProperty.EMAIL_PGP_KEY, confluenceUser);
            l = this.userProps.getLong(EProperty.EMAIL_PGP_KEY_ID, confluenceUser);
        } else {
            bytes = null;
            l = null;
        }
        if (bytes == null || l == null) {
            text = getText("snotify-user-settings-webwork.input.pgp.notfound");
            log.debug("No certificate specified for user: {}", confluenceUser.getDisplayName());
        } else {
            try {
                text = buildKeyInfo(bytes, l.longValue(), confluenceUser);
                log.debug("Key information for user {}: {}", confluenceUser.getDisplayName(), text);
            } catch (IOException | PGPException e) {
                log.warn("Could not load PGP key for user: " + confluenceUser.getDisplayName(), e);
                text = getText("snotify-user-settings-webwork.input.pgp.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    public boolean isChoiceEnabled() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
            case PGP_PREFERED:
                return true;
            case SMIME_ONLY:
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isSmimeSelected() {
        if (this.lastUpload == ECryptographyType.SMIME) {
            return true;
        }
        if (this.lastUpload == ECryptographyType.PGP) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowSmimeUpload() || !isAllowPgpUpload();
            case PGP_PREFERED:
                return isAllowSmimeUpload() && !isAllowPgpUpload();
            case SMIME_ONLY:
                return true;
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isPgpSelected() {
        if (this.lastUpload == ECryptographyType.PGP) {
            return true;
        }
        if (this.lastUpload == ECryptographyType.SMIME) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowPgpUpload() && !isAllowSmimeUpload();
            case PGP_PREFERED:
                return isAllowPgpUpload() || !isAllowSmimeUpload();
            case SMIME_ONLY:
                return false;
            case PGP_ONLY:
                return true;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return false;
        }
    }

    public boolean isSmimeUploadAllowed() {
        return isAllowSmimeUpload() && (isChoiceEnabled() || isSmimeSelected()) && !isReadOnlyMode();
    }

    public boolean isPgpUploadAllowed() {
        return isAllowPgpUpload() && (isChoiceEnabled() || isPgpSelected()) && !isReadOnlyMode();
    }

    public boolean showMultipleUsersError() {
        return (isAllowSmimeUpload() || isAllowPgpUpload()) && net.savignano.snotify.confluence.common.ConfluenceUser.lookupUsers(getAuthenticatedUser().getEmail()).size() > 1;
    }

    private EEncryptionTypePriority getTypePriority() {
        if (this.typePriority == null) {
            this.typePriority = (EEncryptionTypePriority) this.appProps.getEnum(EProperty.ENCRYPTION_TYPE_PRIORITY, EEncryptionTypePriority.class);
        }
        return this.typePriority;
    }

    private boolean isReadOnlyMode() {
        return this.accessModeService.isReadOnlyAccessModeEnabled();
    }

    private boolean isAllowSmimeUpload() {
        if (this.allowSmimeUpload == null) {
            this.allowSmimeUpload = Boolean.valueOf(this.appProps.getBoolean(EProperty.ALLOW_SMIME_CERTIFICATE_OVERWRITE) || this.appProps.getBoolean(EProperty.LITE_MODE));
        }
        return this.allowSmimeUpload.booleanValue();
    }

    private boolean isAllowPgpUpload() {
        if (this.allowPgpUpload == null) {
            this.allowPgpUpload = Boolean.valueOf(this.appProps.getBoolean(EProperty.ALLOW_PGP_PUBLIC_KEY_OVERWRITE) || this.appProps.getBoolean(EProperty.LITE_MODE));
        }
        return this.allowPgpUpload.booleanValue();
    }
}
