package net.savignano.snotify.jira.gui.webwork;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.web.action.JiraWebActionSupport;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.security.KeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import net.savignano.snotify.jira.gui.Mailer;
import net.savignano.snotify.jira.gui.PgpKeyInfoBuilder;
import net.savignano.snotify.jira.gui.PropertiesUtil;
import net.savignano.snotify.jira.gui.SmimeCertInfoBuilder;
import net.savignano.snotify.jira.gui.SnotifyPgpKey;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.RDN;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.X500Name;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.style.BCStyle;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPException;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKey;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPUtil;
import net.savignano.thirdparty.org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import webwork.action.ServletActionContext;

/* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction.class */
public class EmailSecurityEditWebworkAction extends JiraWebActionSupport {
    private static final long serialVersionUID = 5292952792647817829L;
    private static final String HIDDEN = "hidden";
    private static final String REDIRECT_USER_PROFILE = "ViewProfile.jspa";
    private static final String REDIRECT_NOT_LOGGED_IN = "login.jsp?permissionViolation=true&os_destination=%2Fsecure%2FViewProfile.jspa&page_caps=&user_role=";
    private static final String FILE_PARAM = "file";
    private static final Logger log = LoggerFactory.getLogger(EmailSecurityEditWebworkAction.class);
    private String errorMessage;
    private Mailer.EncryptionTypePriorityOption typePriority;
    private Boolean allowSmimeUpload;
    private Boolean allowPgpUpload;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction$EmailException.class */
    public static final class EmailException extends CertificateException {
        private static final long serialVersionUID = -872169735598674768L;
        private final String email;
        private final String userAddress;

        private EmailException(String str, String str2) {
            super("Email address of certificate (" + str + ") does not match user email address (" + str2 + ")");
            this.email = str;
            this.userAddress = str2;
        }

        public String getCertificateEmail() {
            return this.email;
        }

        public String getUserAddress() {
            return this.userAddress;
        }
    }

    public String doInput() {
        if (getLoggedInUser() != null) {
            return "input";
        }
        getRedirect(REDIRECT_NOT_LOGGED_IN);
        return null;
    }

    public String doSubmitSmime() {
        byte[] readAllBytes;
        this.errorMessage = null;
        if (!"POST".equals(getHttpRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getHttpRequest().getMethod());
            return doInput();
        }
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        if (!isAllowSmimeUpload()) {
            this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-notallowed.smime.message");
            log.warn("Uploading of custom S/MIME certificate is not allowed. User: {}", loggedInUser);
            return "input";
        }
        File file = ServletActionContext.getMultiPartRequest().getFile(FILE_PARAM);
        if (file != null) {
            try {
                readAllBytes = Files.readAllBytes(file.toPath());
            } catch (IOException | CertificateException e) {
                this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-smime.message");
                log.info("Certificate parsing failed.", e);
                return "input";
            } catch (CertificateExpiredException e2) {
                this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-expired.message");
                log.info("Certificate expired.", e2);
                return "input";
            } catch (CertificateNotYetValidException e3) {
                this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-notyetvalid.message");
                log.info("Certificate not yet valid.", e3);
                return "input";
            } catch (EmailException e4) {
                this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-email.message", e4.getCertificateEmail(), e4.getUserAddress());
                log.info("Email address mismatch.", e4);
                return "input";
            }
        } else {
            readAllBytes = null;
        }
        setEmailCert(readAllBytes, loggedInUser);
        getRedirect(REDIRECT_USER_PROFILE);
        return null;
    }

    public String doSubmitPgp() {
        byte[] readAllBytes;
        this.errorMessage = null;
        if (!"POST".equals(getHttpRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getHttpRequest().getMethod());
            return doInput();
        }
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        if (!isAllowPgpUpload()) {
            this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-notallowed.pgp.message");
            log.warn("Uploading of custom PGP key is not allowed. User: {}", loggedInUser);
            return "input";
        }
        File file = ServletActionContext.getMultiPartRequest().getFile(FILE_PARAM);
        if (file != null) {
            try {
                readAllBytes = Files.readAllBytes(file.toPath());
            } catch (IOException | PGPException e) {
                this.errorMessage = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser).getText("email-security-edit-webwork.error-pgp.message");
                log.info("Key parsing failed.", e);
                return "input";
            } catch (KeyException e2) {
                I18nHelper beanFactory = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser);
                StringBuilder sb = new StringBuilder(500);
                sb.append("<p>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.pre"));
                sb.append("<p><ul>");
                sb.append("<li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.email"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.valid"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.encryption"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.revoked"));
                sb.append("</li>");
                sb.append("</ul><p>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.post"));
                sb.append("</p>");
                this.errorMessage = sb.toString();
                log.info("No valid key found.", e2);
                return "input";
            }
        } else {
            readAllBytes = null;
        }
        setEmailPgpKey(readAllBytes, loggedInUser);
        getRedirect(REDIRECT_USER_PROFILE);
        return null;
    }

    private void setEmailCert(byte[] bArr, ApplicationUser applicationUser) throws CertificateException {
        if (bArr == null || bArr.length == 0) {
            log.info("Clearing S/MIME certificate for user: {}", applicationUser.getDisplayName());
            PropertiesUtil.getUserProps().setBytes(Mailer.EMAIL_SMIME_CERT_PROP, null, applicationUser);
            PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_SMIME_TIME_STAMP_PROP, null, applicationUser);
            PropertiesUtil.getUserProps().setEnum(Mailer.EMAIL_SMIME_KEY_SOURCE_PROP, null, applicationUser);
            return;
        }
        log.debug("Checking certificate for user: " + applicationUser.getDisplayName());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(Mailer.X509_FACTORY_KEY).generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        String rDNValue = getRDNValue(new JcaX509CertificateHolder(x509Certificate).getSubject(), BCStyle.E);
        if (rDNValue == null || !rDNValue.equalsIgnoreCase(applicationUser.getEmailAddress())) {
            throw new EmailException(rDNValue, applicationUser.getEmailAddress());
        }
        log.info("Setting S/MIME certificate for user: {}", applicationUser.getDisplayName());
        PropertiesUtil.getUserProps().setBytes(Mailer.EMAIL_SMIME_CERT_PROP, bArr, applicationUser);
        PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_SMIME_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), applicationUser);
        PropertiesUtil.getUserProps().setEnum(Mailer.EMAIL_SMIME_KEY_SOURCE_PROP, Mailer.EncryptionKeySource.USER, applicationUser);
    }

    private void setEmailPgpKey(byte[] bArr, ApplicationUser applicationUser) throws IOException, PGPException, KeyException {
        if (bArr == null || bArr.length == 0) {
            log.info("Clearing PGP key for user: {}", applicationUser.getDisplayName());
            PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_PGP_KEY_ID_PROP, null, applicationUser);
            PropertiesUtil.getUserProps().setBytes(Mailer.EMAIL_PGP_KEY_PROP, null, applicationUser);
            PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_PGP_TIME_STAMP_PROP, null, applicationUser);
            PropertiesUtil.getUserProps().setEnum(Mailer.EMAIL_PGP_KEY_SOURCE_PROP, null, applicationUser);
            return;
        }
        log.debug("Checking PGP key for user: {}", applicationUser.getDisplayName());
        String lowerCase = applicationUser.getEmailAddress().toLowerCase();
        InputStream decoderStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(bArr));
        Throwable th = null;
        try {
            try {
                SnotifyPgpKey snotifyPgpKey = new SnotifyPgpKey(new PGPPublicKeyRingCollection(decoderStream, new BcKeyFingerprintCalculator()), lowerCase);
                if (decoderStream != null) {
                    if (0 != 0) {
                        try {
                            decoderStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        decoderStream.close();
                    }
                }
                PGPPublicKey encryptionKey = snotifyPgpKey.getEncryptionKey();
                if (encryptionKey == null) {
                    throw new KeyException("Could not find a valid encryption key.");
                }
                log.info("Setting PGP key for user: {}", applicationUser.getDisplayName());
                PropertiesUtil.getUserProps().setBytes(Mailer.EMAIL_PGP_KEY_PROP, bArr, applicationUser);
                PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_PGP_KEY_ID_PROP, Long.valueOf(encryptionKey.getKeyID()), applicationUser);
                PropertiesUtil.getUserProps().setLong(Mailer.EMAIL_PGP_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), applicationUser);
                PropertiesUtil.getUserProps().setEnum(Mailer.EMAIL_PGP_KEY_SOURCE_PROP, Mailer.EncryptionKeySource.USER, applicationUser);
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (decoderStream != null) {
                if (th != null) {
                    try {
                        decoderStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    decoderStream.close();
                }
            }
            throw th4;
        }
    }

    @HtmlSafe
    public String getCertDetails() {
        String text;
        ApplicationUser loggedInUser = getLoggedInUser();
        I18nHelper beanFactory = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser);
        String displayName = loggedInUser.getDisplayName();
        byte[] bytes = PropertiesUtil.getUserProps().getBytes(Mailer.EMAIL_SMIME_CERT_PROP, loggedInUser);
        if (bytes == null) {
            text = beanFactory.getText("email-security-edit-webwork.input.smime.notfound");
            log.debug("No certificate specified for user: {}", displayName);
        } else {
            try {
                SmimeCertInfoBuilder smimeCertInfoBuilder = new SmimeCertInfoBuilder(bytes);
                smimeCertInfoBuilder.setI18n(beanFactory);
                smimeCertInfoBuilder.setUser(loggedInUser);
                text = smimeCertInfoBuilder.buildHtml();
                log.debug("Certificate information for user {}: {}", displayName, text);
            } catch (CertificateException e) {
                log.error("Could not load public certificate for user: " + displayName, e);
                text = beanFactory.getText("email-security-edit-webwork.input.smime.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    @HtmlSafe
    public String getPgpDetails() {
        String text;
        ApplicationUser loggedInUser = getLoggedInUser();
        I18nHelper beanFactory = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser);
        String displayName = loggedInUser.getDisplayName();
        byte[] bytes = PropertiesUtil.getUserProps().getBytes(Mailer.EMAIL_PGP_KEY_PROP, loggedInUser);
        Long l = PropertiesUtil.getUserProps().getLong(Mailer.EMAIL_PGP_KEY_ID_PROP, loggedInUser);
        if (l == null || bytes == null) {
            text = beanFactory.getText("email-security-edit-webwork.input.pgp.notfound");
            log.debug("No public key specified for user: {}", displayName);
        } else {
            try {
                PgpKeyInfoBuilder pgpKeyInfoBuilder = new PgpKeyInfoBuilder(bytes, l.longValue());
                pgpKeyInfoBuilder.setI18n(beanFactory);
                pgpKeyInfoBuilder.setUser(loggedInUser);
                text = pgpKeyInfoBuilder.buildHtml();
                log.debug("Key information for user {}: {}", displayName, text);
            } catch (IOException | PGPException e) {
                log.error("Could not load PGP key for user: " + displayName, e);
                text = beanFactory.getText("email-security-edit-webwork.input.pgp.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    public boolean isChoiceEnabled() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
            case PGP_PREFERED:
                return isAllowPgpUpload() && isAllowSmimeUpload();
            case SMIME_ONLY:
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isSmimeSelected() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowSmimeUpload();
            case PGP_PREFERED:
                return !isAllowPgpUpload();
            case SMIME_ONLY:
                return true;
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isPgpSelected() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return !isAllowSmimeUpload();
            case PGP_PREFERED:
                return isAllowPgpUpload();
            case SMIME_ONLY:
                return false;
            case PGP_ONLY:
                return true;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return false;
        }
    }

    public boolean isSmimeUploadAllowed() {
        return isAllowSmimeUpload();
    }

    public boolean isPgpUploadAllowed() {
        return isAllowPgpUpload();
    }

    public String getHideError() {
        return getErrorMessage().isEmpty() ? HIDDEN : "";
    }

    @HtmlSafe
    public String getErrorMessage() {
        return this.errorMessage == null ? "" : this.errorMessage;
    }

    private Mailer.EncryptionTypePriorityOption getTypePriority() {
        if (this.typePriority == null) {
            this.typePriority = (Mailer.EncryptionTypePriorityOption) PropertiesUtil.getAppProps().getEnum(Mailer.ENCRYPTION_TYPE_PRIORITY_PROP, Mailer.EncryptionTypePriorityOption.class);
            if (this.typePriority == null) {
                this.typePriority = Mailer.EncryptionTypePriorityOption.SMIME_PREFERED;
            }
        }
        return this.typePriority;
    }

    private boolean isAllowSmimeUpload() {
        if (this.allowSmimeUpload == null) {
            this.allowSmimeUpload = Boolean.valueOf(PropertiesUtil.getAppProps().getBoolean(Mailer.ALLOW_SMIME_CERTIFICATE_OVERWRITE_PROP, true));
        }
        return this.allowSmimeUpload.booleanValue();
    }

    private boolean isAllowPgpUpload() {
        if (this.allowPgpUpload == null) {
            this.allowPgpUpload = Boolean.valueOf(PropertiesUtil.getAppProps().getBoolean(Mailer.ALLOW_PGP_PUBLIC_KEY_OVERWRITE_PROP, true));
        }
        return this.allowPgpUpload.booleanValue();
    }

    private String getRDNValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }
}
