package net.savignano.snotify.jira.gui.webwork;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.web.action.JiraWebActionSupport;
import com.opensymphony.module.propertyset.PropertySet;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import net.savignano.snotify.jira.gui.Mailer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import webwork.action.ServletActionContext;

/* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction.class */
public class EmailSecurityEditWebworkAction extends JiraWebActionSupport {
    private static final long serialVersionUID = 5292952792647817829L;
    private static final String ERROR_EMAIL_MISMATCH = "error-email";
    private static final String ERROR_EXPIRED = "error-expired";
    private static final String ERROR_NOTYETVALID = "error-notyetvalid";
    private static final String REDIRECT_USER_PROFILE = "ViewProfile.jspa";
    private static final String REDIRECT_NOT_LOGGED_IN = "login.jsp?permissionViolation=true&os_destination=%2Fsecure%2FViewProfile.jspa&page_caps=&user_role=";
    private static final String CERT_FILE_PARAM = "cert-file";
    private static final Logger log = LoggerFactory.getLogger(EmailSecurityEditWebworkAction.class);
    private Exception lastException;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction$EmailException.class */
    public static final class EmailException extends CertificateException {
        private static final long serialVersionUID = -872169735598674768L;

        private EmailException(String str, String str2) {
            super("E-Mail address of certificate (" + str + ") does not match E-Mail of user: " + str2);
        }
    }

    public String doInput() {
        if (getLoggedInUser() != null) {
            return "input";
        }
        getRedirect(REDIRECT_NOT_LOGGED_IN);
        return null;
    }

    public String doSubmit() {
        byte[] readAllBytes;
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        File file = ServletActionContext.getMultiPartRequest().getFile(CERT_FILE_PARAM);
        if (file != null) {
            try {
                readAllBytes = Files.readAllBytes(file.toPath());
            } catch (IOException e) {
                this.lastException = e;
                log.info("Certificate upload failed.", e);
                return "error";
            } catch (CertificateExpiredException e2) {
                this.lastException = e2;
                log.info("Certificate expired.", e2);
                return ERROR_EXPIRED;
            } catch (CertificateNotYetValidException e3) {
                this.lastException = e3;
                log.info("Certificate not yet valid.", e3);
                return ERROR_NOTYETVALID;
            } catch (EmailException e4) {
                this.lastException = e4;
                log.info("E-Mail address mismatch.", e4);
                return ERROR_EMAIL_MISMATCH;
            } catch (CertificateException e5) {
                this.lastException = e5;
                log.info("Certificate parsing failed.", e5);
                return "error";
            }
        } else {
            readAllBytes = null;
        }
        setEmailCert(readAllBytes, loggedInUser);
        getRedirect(REDIRECT_USER_PROFILE);
        return null;
    }

    private void setEmailCert(byte[] bArr, ApplicationUser applicationUser) throws CertificateException {
        PropertySet propertySet = ComponentAccessor.getUserPropertyManager().getPropertySet(applicationUser);
        if (bArr == null || bArr.length == 0) {
            log.debug("Clearing certificate for user: " + applicationUser.getDisplayName());
            propertySet.remove(Mailer.EMAIL_CERT_PROP);
            return;
        }
        log.debug("Checking certificate for user: " + applicationUser.getDisplayName());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(Mailer.X509_FACTORY_KEY).generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        String rDNValue = getRDNValue(new JcaX509CertificateHolder(x509Certificate).getSubject(), BCStyle.E);
        if (rDNValue == null || !rDNValue.equalsIgnoreCase(applicationUser.getEmailAddress())) {
            throw new EmailException(rDNValue, applicationUser.getUsername());
        }
        log.debug("Setting certificate for user: " + applicationUser.getDisplayName());
        propertySet.setData(Mailer.EMAIL_CERT_PROP, bArr);
    }

    private String getRDNValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }

    public String getErrorMessage() {
        if (this.lastException == null) {
            return null;
        }
        return this.lastException.getMessage();
    }
}
