package net.savignano.snotify.jira.gui.webwork;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.web.action.JiraWebActionSupport;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.security.KeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.ISnotifyAppProperties;
import net.savignano.snotify.atlassian.common.ISnotifyUserProperties;
import net.savignano.snotify.atlassian.common.enums.EEncryptionTypePriority;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.security.key.publicly.SnotifyPgpPublicKey;
import net.savignano.snotify.atlassian.common.util.PgpUtil;
import net.savignano.snotify.atlassian.gui.key.info.PgpKeyInfoBuilder;
import net.savignano.snotify.atlassian.gui.key.info.SmimeCertInfoBuilder;
import net.savignano.snotify.jira.gui.JiraUser;
import net.savignano.snotify.jira.gui.SnotifyAppProperties;
import net.savignano.snotify.jira.gui.SnotifyI18n;
import net.savignano.snotify.jira.gui.SnotifyUserProperties;
import net.savignano.thirdparty.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.RDN;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.X500Name;
import net.savignano.thirdparty.org.bouncycastle.asn1.x500.style.BCStyle;
import net.savignano.thirdparty.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPException;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKey;
import net.savignano.thirdparty.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import webwork.action.ServletActionContext;
import webwork.multipart.MultiPartRequestWrapper;

/* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction.class */
public class EmailSecurityEditWebworkAction extends JiraWebActionSupport {
    private static final long serialVersionUID = 3504761190846246619L;
    private static final String REDIRECT_USER_PROFILE = "ViewProfile.jspa";
    private static final String REDIRECT_NOT_LOGGED_IN = "login.jsp?permissionViolation=true&os_destination=%2Fsecure%2FViewProfile.jspa&page_caps=&user_role=";
    private static final String DELETE_BUTTON_PARAM = "Delete";
    private static final String FILE_PARAM = "file";
    private static final Logger log = LoggerFactory.getLogger(EmailSecurityEditWebworkAction.class);
    private final ISnotifyAppProperties appProps = new SnotifyAppProperties();
    private final ISnotifyUserProperties userProps = new SnotifyUserProperties();
    private String errorMessage;
    private EEncryptionTypePriority typePriority;
    private EEncryptionTypePriority lastUpload;
    private Boolean allowSmimeUpload;
    private Boolean allowPgpUpload;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/EmailSecurityEditWebworkAction$EmailException.class */
    public static final class EmailException extends CertificateException {
        private static final long serialVersionUID = -5610482481952335343L;
        private final List<String> emails;
        private final String userAddress;

        private EmailException(List<String> list, String str) {
            super("Email address(es) of certificate " + list + " does not match user email address (" + str + ")");
            this.emails = list;
            this.userAddress = str;
        }

        public List<String> getCertificateEmails() {
            return this.emails;
        }

        public String getUserAddress() {
            return this.userAddress;
        }
    }

    public String doInput() {
        if (getLoggedInUser() == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        this.lastUpload = null;
        return "input";
    }

    public String doSubmitSmime() {
        File file;
        byte[] readAllBytes;
        this.errorMessage = null;
        if (!"POST".equals(getHttpRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getHttpRequest().getMethod());
            return doInput();
        }
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        I18nHelper beanFactory = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser);
        JiraUser jiraUser = new JiraUser(loggedInUser);
        if (!isAllowSmimeUpload()) {
            this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-notallowed.smime.message");
            log.warn("Uploading of custom S/MIME certificate is not allowed. User: {}", jiraUser);
            return "input";
        }
        this.lastUpload = EEncryptionTypePriority.SMIME_ONLY;
        MultiPartRequestWrapper multiPartRequest = ServletActionContext.getMultiPartRequest();
        if (multiPartRequest.getParameterMap().containsKey(DELETE_BUTTON_PARAM)) {
            file = null;
        } else {
            file = multiPartRequest.getFile(FILE_PARAM);
            if (file == null) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-nofile.message");
                log.info("No file selected to upload.");
                return "input";
            }
        }
        if (file != null) {
            try {
                readAllBytes = Files.readAllBytes(file.toPath());
            } catch (IOException | CertificateException e) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-smime.message");
                log.info("Certificate parsing failed.", e);
                return "input";
            } catch (CertificateExpiredException e2) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-expired.message");
                log.info("Certificate expired.", e2);
                return "input";
            } catch (CertificateNotYetValidException e3) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-notyetvalid.message");
                log.info("Certificate not yet valid.", e3);
                return "input";
            } catch (EmailException e4) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-email.message", StringUtils.join(e4.getCertificateEmails(), ", "), e4.getUserAddress());
                log.info("Email address mismatch.", e4);
                return "input";
            }
        } else {
            readAllBytes = null;
        }
        setEmailCert(readAllBytes, jiraUser);
        getRedirect(REDIRECT_USER_PROFILE);
        return null;
    }

    public String doSubmitPgp() {
        File file;
        byte[] readAllBytes;
        this.errorMessage = null;
        if (!"POST".equals(getHttpRequest().getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + getHttpRequest().getMethod());
            return doInput();
        }
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null) {
            getRedirect(REDIRECT_NOT_LOGGED_IN);
            return null;
        }
        I18nHelper beanFactory = ComponentAccessor.getI18nHelperFactory().getInstance(loggedInUser);
        JiraUser jiraUser = new JiraUser(loggedInUser);
        if (!isAllowPgpUpload()) {
            this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-notallowed.pgp.message");
            log.warn("Uploading of custom PGP key is not allowed. User: {}", jiraUser);
            return "input";
        }
        this.lastUpload = EEncryptionTypePriority.PGP_ONLY;
        MultiPartRequestWrapper multiPartRequest = ServletActionContext.getMultiPartRequest();
        if (multiPartRequest.getParameterMap().containsKey(DELETE_BUTTON_PARAM)) {
            file = null;
        } else {
            file = multiPartRequest.getFile(FILE_PARAM);
            if (file == null) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-nofile.message");
                log.info("No file selected to upload.");
                return "input";
            }
        }
        if (file != null) {
            try {
                readAllBytes = Files.readAllBytes(file.toPath());
            } catch (IOException | PGPException e) {
                this.errorMessage = beanFactory.getText("email-security-edit-webwork.error-pgp.message");
                log.info("Key parsing failed.", e);
                return "input";
            } catch (KeyException e2) {
                StringBuilder sb = new StringBuilder(500);
                sb.append("<p>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.pre"));
                sb.append("<p><ul>");
                sb.append("<li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.email"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.valid"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.encryption"));
                sb.append("</li><li>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.list.revoked"));
                sb.append("</li>");
                sb.append("</ul><p>");
                sb.append(beanFactory.getText("email-security-edit-webwork.error-keynotfound.message.post"));
                sb.append("</p>");
                this.errorMessage = sb.toString();
                log.info("No valid key found.", e2);
                return "input";
            }
        } else {
            readAllBytes = null;
        }
        setEmailPgpKey(readAllBytes, jiraUser);
        getRedirect(REDIRECT_USER_PROFILE);
        return null;
    }

    private void setEmailCert(byte[] bArr, JiraUser jiraUser) throws CertificateException {
        if (bArr == null || bArr.length == 0) {
            log.info("Clearing S/MIME certificate for user: {}", jiraUser.getDisplayName());
            this.userProps.setBytes(Constants.EMAIL_SMIME_CERT_PROP, null, jiraUser);
            this.userProps.setLong(Constants.EMAIL_SMIME_TIME_STAMP_PROP, null, jiraUser);
            this.userProps.setEnum(Constants.EMAIL_SMIME_KEY_SOURCE_PROP, null, jiraUser);
            return;
        }
        log.debug("Checking certificate for user: " + jiraUser.getDisplayName());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        x509Certificate.checkValidity();
        List<String> emails = getEmails(x509Certificate);
        if (!emails.contains(jiraUser.getEmail().toLowerCase())) {
            throw new EmailException(emails, jiraUser.getEmail());
        }
        log.info("Setting S/MIME certificate for user: {}", jiraUser.getDisplayName());
        this.userProps.setBytes(Constants.EMAIL_SMIME_CERT_PROP, bArr, jiraUser);
        this.userProps.setLong(Constants.EMAIL_SMIME_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), jiraUser);
        this.userProps.setEnum(Constants.EMAIL_SMIME_KEY_SOURCE_PROP, EKeySource.USER, jiraUser);
    }

    private List<String> getEmails(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateParsingException {
        ArrayList arrayList = new ArrayList();
        String rDNValue = getRDNValue(new JcaX509CertificateHolder(x509Certificate).getSubject(), BCStyle.E);
        if (rDNValue != null) {
            arrayList.add(rDNValue.toLowerCase());
        }
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                int intValue = ((Integer) list.get(0)).intValue();
                Object obj = list.get(1);
                if (intValue == 1 && obj != null) {
                    arrayList.add(obj.toString().toLowerCase());
                }
            }
        }
        return arrayList;
    }

    private void setEmailPgpKey(byte[] bArr, JiraUser jiraUser) throws IOException, PGPException, KeyException {
        if (bArr == null || bArr.length == 0) {
            log.info("Clearing PGP key for user: {}", jiraUser.getDisplayName());
            this.userProps.setLong(Constants.EMAIL_PGP_KEY_ID_PROP, null, jiraUser);
            this.userProps.setBytes(Constants.EMAIL_PGP_KEY_PROP, null, jiraUser);
            this.userProps.setLong(Constants.EMAIL_PGP_TIME_STAMP_PROP, null, jiraUser);
            this.userProps.setEnum(Constants.EMAIL_PGP_KEY_SOURCE_PROP, null, jiraUser);
            return;
        }
        log.debug("Checking PGP key for user: {}", jiraUser.getDisplayName());
        String lowerCase = jiraUser.getEmail().toLowerCase();
        PGPPublicKeyRing keysForEmail = PgpUtil.getKeysForEmail(PgpUtil.loadPublicKeys(new ByteArrayInputStream(bArr)), lowerCase);
        if (keysForEmail == null) {
            throw new KeyException("Could not find a key ring for email address: " + lowerCase);
        }
        PGPPublicKey key = new SnotifyPgpPublicKey(keysForEmail, lowerCase).getKey();
        if (key == null) {
            throw new KeyException("Could not find a valid encryption key.");
        }
        log.info("Setting PGP key for user: {}", jiraUser.getDisplayName());
        this.userProps.setBytes(Constants.EMAIL_PGP_KEY_PROP, bArr, jiraUser);
        this.userProps.setLong(Constants.EMAIL_PGP_KEY_ID_PROP, Long.valueOf(key.getKeyID()), jiraUser);
        this.userProps.setLong(Constants.EMAIL_PGP_TIME_STAMP_PROP, Long.valueOf(System.currentTimeMillis()), jiraUser);
        this.userProps.setEnum(Constants.EMAIL_PGP_KEY_SOURCE_PROP, EKeySource.USER, jiraUser);
    }

    @HtmlSafe
    public String getCertDetails() {
        String text;
        JiraUser jiraUser = new JiraUser(getLoggedInUser());
        SnotifyI18n snotifyI18n = new SnotifyI18n(ComponentAccessor.getI18nHelperFactory().getInstance(jiraUser.getActualUser()));
        String displayName = jiraUser.getDisplayName();
        byte[] bytes = (!this.appProps.getBoolean(Constants.LITE_MODE_PROP) || this.userProps.getEnum(Constants.EMAIL_SMIME_KEY_SOURCE_PROP, EKeySource.class, jiraUser) == EKeySource.USER) ? this.userProps.getBytes(Constants.EMAIL_SMIME_CERT_PROP, jiraUser) : null;
        if (bytes == null) {
            text = snotifyI18n.getText("email-security-edit-webwork.input.smime.notfound");
            log.debug("No certificate specified for user: {}", displayName);
        } else {
            try {
                SmimeCertInfoBuilder smimeCertInfoBuilder = new SmimeCertInfoBuilder(bytes, snotifyI18n);
                smimeCertInfoBuilder.setUser(jiraUser);
                smimeCertInfoBuilder.setUserProps(this.userProps);
                text = smimeCertInfoBuilder.buildJiraHtml();
                log.debug("Certificate information for user {}: {}", displayName, text);
            } catch (CertificateException e) {
                log.error("Could not load public certificate for user: " + displayName, e);
                text = snotifyI18n.getText("email-security-edit-webwork.input.smime.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    @HtmlSafe
    public String getPgpDetails() {
        byte[] bytes;
        Long l;
        String text;
        JiraUser jiraUser = new JiraUser(getLoggedInUser());
        SnotifyI18n snotifyI18n = new SnotifyI18n(ComponentAccessor.getI18nHelperFactory().getInstance(jiraUser.getActualUser()));
        String displayName = jiraUser.getDisplayName();
        if (!this.appProps.getBoolean(Constants.LITE_MODE_PROP) || this.userProps.getEnum(Constants.EMAIL_PGP_KEY_SOURCE_PROP, EKeySource.class, jiraUser) == EKeySource.USER) {
            bytes = this.userProps.getBytes(Constants.EMAIL_PGP_KEY_PROP, jiraUser);
            l = this.userProps.getLong(Constants.EMAIL_PGP_KEY_ID_PROP, jiraUser);
        } else {
            bytes = null;
            l = null;
        }
        if (l == null || bytes == null) {
            text = snotifyI18n.getText("email-security-edit-webwork.input.pgp.notfound");
            log.debug("No public key specified for user: {}", displayName);
        } else {
            try {
                PgpKeyInfoBuilder pgpKeyInfoBuilder = new PgpKeyInfoBuilder(bytes, l.longValue(), snotifyI18n);
                pgpKeyInfoBuilder.setUser(jiraUser);
                pgpKeyInfoBuilder.setUserProps(this.userProps);
                text = pgpKeyInfoBuilder.buildJiraHtml();
                log.debug("Key information for user {}: {}", displayName, text);
            } catch (IOException | PGPException e) {
                log.error("Could not load PGP key for user: " + displayName, e);
                text = snotifyI18n.getText("email-security-edit-webwork.input.pgp.error", e.getLocalizedMessage());
            }
        }
        return text;
    }

    public boolean isChoiceEnabled() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
            case PGP_PREFERED:
                return isAllowPgpUpload() && isAllowSmimeUpload();
            case SMIME_ONLY:
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isSmimeSelected() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return isAllowSmimeUpload() && this.lastUpload != EEncryptionTypePriority.PGP_ONLY;
            case PGP_PREFERED:
                return !isAllowPgpUpload() || this.lastUpload == EEncryptionTypePriority.SMIME_ONLY;
            case SMIME_ONLY:
                return true;
            case PGP_ONLY:
                return false;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return true;
        }
    }

    public boolean isPgpSelected() {
        switch (getTypePriority()) {
            case SMIME_PREFERED:
                return !isAllowSmimeUpload() || this.lastUpload == EEncryptionTypePriority.PGP_ONLY;
            case PGP_PREFERED:
                return isAllowPgpUpload() && this.lastUpload != EEncryptionTypePriority.SMIME_ONLY;
            case SMIME_ONLY:
                return false;
            case PGP_ONLY:
                return true;
            default:
                log.warn("Unknwon value for 'Encryption Type Priority' found. Value found was '" + getTypePriority() + "'. It is not yet implemented,");
                return false;
        }
    }

    public boolean isSmimeUploadAllowed() {
        return isAllowSmimeUpload();
    }

    public boolean isPgpUploadAllowed() {
        return isAllowPgpUpload();
    }

    public boolean isShowError() {
        return this.errorMessage != null;
    }

    @HtmlSafe
    public String getErrorMessage() {
        return this.errorMessage == null ? "" : this.errorMessage;
    }

    private EEncryptionTypePriority getTypePriority() {
        if (this.typePriority == null) {
            this.typePriority = (EEncryptionTypePriority) this.appProps.getEnum(Constants.ENCRYPTION_TYPE_PRIORITY_PROP, EEncryptionTypePriority.class);
            if (this.typePriority == null) {
                this.typePriority = EEncryptionTypePriority.SMIME_PREFERED;
            }
        }
        return this.typePriority;
    }

    private boolean isAllowSmimeUpload() {
        if (this.allowSmimeUpload == null) {
            this.allowSmimeUpload = Boolean.valueOf(this.appProps.getBoolean(Constants.ALLOW_SMIME_CERTIFICATE_OVERWRITE_PROP, true) || this.appProps.getBoolean(Constants.LITE_MODE_PROP));
        }
        return this.allowSmimeUpload.booleanValue();
    }

    private boolean isAllowPgpUpload() {
        if (this.allowPgpUpload == null) {
            this.allowPgpUpload = Boolean.valueOf(this.appProps.getBoolean(Constants.ALLOW_PGP_PUBLIC_KEY_OVERWRITE_PROP, true) || this.appProps.getBoolean(Constants.LITE_MODE_PROP));
        }
        return this.allowPgpUpload.booleanValue();
    }

    private String getRDNValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }
}
