package net.savignano.snotify.jira.gui.webwork;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.mail.server.SMTPMailServer;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.ISnotifyProjectProperties;
import net.savignano.snotify.atlassian.common.enums.EEncryptionTypePriority;
import net.savignano.snotify.atlassian.common.util.SecurityUtil;
import net.savignano.snotify.atlassian.gui.keysource.verification.PgpPrivateKeyStoreVerification;
import net.savignano.snotify.atlassian.gui.keysource.verification.SmimeKeyStoreVerification;
import net.savignano.snotify.atlassian.gui.keysource.verification.VerificationStatus;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/jira/gui/webwork/SnotifyPrivateKeystoreSettingsAction.class */
public class SnotifyPrivateKeystoreSettingsAction extends SnotifyAdminSettingsAction {
    private static final long serialVersionUID = -8072879165735342966L;
    private static final String SMIME_PRIVATE_KEYSTORE_LOCATION_PARAM = "smimePrivateKeystoreLocation";
    private static final String SMIME_PRIVATE_KEYSTORE_PASSWORD_PARAM = "smimePrivateKeystorePassword";
    private static final String SMIME_PRIVATE_KEYSTORE_PASSWORD_CHECK_PARAM = "smimePrivateKeystorePasswordCheck";
    private static final String PGP_PRIVATE_KEYSTORE_LOCATION_PARAM = "pgpPrivateKeystoreLocation";
    private static final String PGP_PRIVATE_KEY_PASSWORD_PARAM = "pgpPrivateKeyPassword";
    private static final String PGP_PRIVATE_KEY_PASSWORD_CHECK_PARAM = "pgpPrivateKeyPasswordCheck";
    private static final String VERIFY_PGP_BUTTON_PARAM = "Test settings pgp";
    private static final String VERIFY_SMIME_BUTTON_PARAM = "Test settings smime";
    private static final String CLEAR_CACHE_PGP_BUTTON_PARAM = "Clear Cache pgp";
    private static final String CLEAR_CACHE_SMIME_PARAM = "Clear Cache smime";
    private static final String SUBMIT_PGP_BUTTON_PARAM = "Update pgp";
    private static final String SUBMIT_SMIME_BUTTON_PARAM = "Update smime";
    private static final Logger log = LoggerFactory.getLogger(SnotifyPrivateKeystoreSettingsAction.class);

    @Inject
    private ISnotifyProjectProperties projectProps;
    private String pgpPrivateKeystoreLocation;
    private String smimePrivateKeystoreLocation;
    private String verifyMessage;
    private boolean expireKeys;
    private String pgpPrivateKeyPassword;
    private String smimePrivateKeystorePassword;
    private EEncryptionTypePriority typePriority;
    private EEncryptionTypePriority lastSubmit;
    private List<String> emails;

    public String doInput() {
        if (!hasAdminRights()) {
            ApplicationUser loggedInUser = getLoggedInUser();
            log.warn("Unauthorized access to view global S/Notify values from user: {}", loggedInUser != null ? loggedInUser.getDisplayName() : "<Unknown User>");
            return "error";
        }
        if (this.smimePrivateKeystoreLocation != null) {
            return "input";
        }
        readProps();
        return "input";
    }

    public String doSubmit() {
        HttpServletRequest httpRequest = getHttpRequest();
        if (!"POST".equals(httpRequest.getMethod())) {
            log.debug("Access to submit method redirected to input method, as request method wasn't 'POST'. Used method: " + httpRequest.getMethod());
            return doInput();
        }
        if (!hasAdminRights()) {
            ApplicationUser loggedInUser = getLoggedInUser();
            log.warn("Unauthorized access to submit server S/Notify values from user: {}", loggedInUser != null ? loggedInUser.getDisplayName() : "<Unknown User>");
            return "error";
        }
        readParams();
        if (httpRequest.getParameter(SUBMIT_PGP_BUTTON_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.PGP_ONLY;
            return storeSettings();
        }
        if (httpRequest.getParameter(SUBMIT_SMIME_BUTTON_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.SMIME_ONLY;
            return storeSettings();
        }
        if (httpRequest.getParameter(VERIFY_PGP_BUTTON_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.PGP_ONLY;
            return verifySettings();
        }
        if (httpRequest.getParameter(VERIFY_SMIME_BUTTON_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.SMIME_ONLY;
            return verifySettings();
        }
        if (httpRequest.getParameter(CLEAR_CACHE_PGP_BUTTON_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.PGP_ONLY;
            return clearCache();
        }
        if (httpRequest.getParameter(CLEAR_CACHE_SMIME_PARAM) != null) {
            this.lastSubmit = EEncryptionTypePriority.SMIME_ONLY;
            return clearCache();
        }
        log.error("Unknown submit option used.");
        return "input";
    }

    private String storeSettings() {
        storeProps();
        readProps();
        setShowUpdated(true);
        return "input";
    }

    private String verifySettings() {
        this.expireKeys = false;
        ArrayList arrayList = new ArrayList();
        if (this.smimePrivateKeystoreLocation != null && !this.smimePrivateKeystoreLocation.isEmpty()) {
            arrayList.addAll(verifySmimePrivateKeystore());
        }
        if (this.pgpPrivateKeystoreLocation != null && !this.pgpPrivateKeystoreLocation.isEmpty()) {
            arrayList.addAll(verifyPgpPrivateKeystore());
        }
        StringBuilder sb = new StringBuilder(512 * arrayList.size());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append(((VerificationStatus) it.next()).getHtmlStatus());
        }
        this.verifyMessage = sb.toString();
        return "input";
    }

    private List<VerificationStatus> verifySmimePrivateKeystore() {
        log.info("Verifying S/MIME private key store at location: {}", this.smimePrivateKeystoreLocation);
        SmimeKeyStoreVerification smimeKeyStoreVerification = new SmimeKeyStoreVerification(this.smimePrivateKeystoreLocation, Constants.P12_KEYSTORE_TYPE, getSnotifyI18n());
        smimeKeyStoreVerification.getEmails().addAll(getEmails());
        try {
            char[] decodeCharsBase64Aes = SecurityUtil.decodeCharsBase64Aes(this.smimePrivateKeystorePassword);
            smimeKeyStoreVerification.setKeyStorePassword(decodeCharsBase64Aes);
            smimeKeyStoreVerification.setKeyPassword(decodeCharsBase64Aes);
        } catch (GeneralSecurityException e) {
            log.error("Could not set password for S/MIME key store verification. Error message: " + e.getMessage(), e);
        }
        smimeKeyStoreVerification.setEnablePrivateKeyCheck(true);
        return smimeKeyStoreVerification.verify();
    }

    private List<VerificationStatus> verifyPgpPrivateKeystore() {
        log.info("Verifying PGP private key store at location: {}", this.pgpPrivateKeystoreLocation);
        PgpPrivateKeyStoreVerification pgpPrivateKeyStoreVerification = new PgpPrivateKeyStoreVerification(this.pgpPrivateKeystoreLocation, getSnotifyI18n());
        pgpPrivateKeyStoreVerification.getEmails().addAll(getEmails());
        try {
            pgpPrivateKeyStoreVerification.setPassword(SecurityUtil.decodeCharsBase64Aes(this.pgpPrivateKeyPassword));
        } catch (GeneralSecurityException e) {
            log.error("Could not set password for PGP key store verification. Error message: " + e.getMessage(), e);
        }
        return pgpPrivateKeyStoreVerification.verify();
    }

    private String clearCache() {
        storeClearCache();
        this.expireKeys = true;
        return "input";
    }

    private void storeClearCache() {
        getAppProps().setLong(Constants.EXPIRE_KEYS_PRIVATE_TIMESTAMP_PROP, Long.valueOf(System.currentTimeMillis()));
    }

    private EEncryptionTypePriority getTypePriority() {
        if (this.typePriority == null) {
            this.typePriority = (EEncryptionTypePriority) getAppProps().getEnum(Constants.ENCRYPTION_TYPE_PRIORITY_PROP, EEncryptionTypePriority.class);
            if (this.typePriority == null) {
                this.typePriority = EEncryptionTypePriority.SMIME_PREFERED;
            }
        }
        return this.typePriority;
    }

    private List<String> getEmails() {
        if (this.emails == null) {
            this.emails = new ArrayList();
            String mailServerEmail = getMailServerEmail();
            if (mailServerEmail != null) {
                this.emails.add(mailServerEmail);
            }
            if (getAppProps().getBoolean(Constants.ENABLE_PROJECT_SPECIFIC_ENCRYPTION_PROP)) {
                this.emails.addAll(getProjectEmails());
            }
        }
        return this.emails;
    }

    private String getMailServerEmail() {
        SMTPMailServer defaultSMTPMailServer = ComponentAccessor.getMailServerManager().getDefaultSMTPMailServer();
        if (defaultSMTPMailServer == null) {
            log.debug("No outgoing mail server registered. Could not determine sending address.");
            return null;
        }
        String defaultFrom = defaultSMTPMailServer.getDefaultFrom();
        log.debug("Mail addressed used by default mail server: {}", defaultFrom);
        return defaultFrom;
    }

    private List<String> getProjectEmails() {
        boolean z = getAppProps().getBoolean(Constants.DEFAULT_PROJECT_ENCRYPTION_STATE_PROP, true);
        ArrayList arrayList = new ArrayList();
        for (Project project : ComponentAccessor.getProjectManager().getProjects()) {
            String key = project.getKey();
            if (this.projectProps.getBoolean(Constants.PROJECT_ENABLE_ENCRYPTION_PROP, z, key)) {
                String email = project.getEmail();
                log.debug("Email used for project {}: {}", key, email);
                if (email != null) {
                    arrayList.add(email);
                }
            }
        }
        return arrayList;
    }

    public boolean isSmimeSelected() {
        if (this.lastSubmit == EEncryptionTypePriority.SMIME_ONLY) {
            return true;
        }
        if (this.lastSubmit == EEncryptionTypePriority.PGP_ONLY) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_ONLY:
            case SMIME_PREFERED:
                return true;
            case PGP_ONLY:
            case PGP_PREFERED:
                return false;
            default:
                log.error("Type priority not yet implemented: {}", getTypePriority());
                return false;
        }
    }

    public boolean isPgpSelected() {
        if (this.lastSubmit == EEncryptionTypePriority.PGP_ONLY) {
            return true;
        }
        if (this.lastSubmit == EEncryptionTypePriority.SMIME_ONLY) {
            return false;
        }
        switch (getTypePriority()) {
            case SMIME_ONLY:
            case SMIME_PREFERED:
                return false;
            case PGP_ONLY:
            case PGP_PREFERED:
                return true;
            default:
                log.error("Type priority not yet implemented: {}", getTypePriority());
                return false;
        }
    }

    public boolean isShowExpireCacheInfo() {
        return this.expireKeys;
    }

    @HtmlSafe
    public String getVerificationMessage() {
        return this.verifyMessage == null ? "" : this.verifyMessage;
    }

    public String getPgpPrivateKeystoreLocation() {
        return this.pgpPrivateKeystoreLocation == null ? "" : this.pgpPrivateKeystoreLocation;
    }

    public String getPgpPrivateKeyPassword() {
        if (this.pgpPrivateKeyPassword == null) {
            return "";
        }
        try {
            char[] decodeCharsBase64Aes = SecurityUtil.decodeCharsBase64Aes(this.pgpPrivateKeyPassword);
            for (int i = 0; i < decodeCharsBase64Aes.length; i++) {
                decodeCharsBase64Aes[i] = '*';
            }
            return new String(decodeCharsBase64Aes);
        } catch (GeneralSecurityException e) {
            log.error("Could not display PGP password. Error message: " + e.getMessage(), e);
            return "";
        }
    }

    public String getPgpPrivateKeyPasswordCheck() {
        return this.pgpPrivateKeyPassword == null ? "" : this.pgpPrivateKeyPassword;
    }

    public String getSmimePrivateKeystoreLocation() {
        return this.smimePrivateKeystoreLocation == null ? "" : this.smimePrivateKeystoreLocation;
    }

    public String getSmimePrivateKeystorePassword() {
        if (this.smimePrivateKeystorePassword == null) {
            return "";
        }
        try {
            char[] decodeCharsBase64Aes = SecurityUtil.decodeCharsBase64Aes(this.smimePrivateKeystorePassword);
            for (int i = 0; i < decodeCharsBase64Aes.length; i++) {
                decodeCharsBase64Aes[i] = '*';
            }
            return new String(decodeCharsBase64Aes);
        } catch (GeneralSecurityException e) {
            log.error("Could not display S/MIME password. Error message: " + e.getMessage(), e);
            return "";
        }
    }

    public String getSmimePrivateKeystorePasswordCheck() {
        return this.smimePrivateKeystorePassword == null ? "" : this.smimePrivateKeystorePassword;
    }

    private boolean isDummyPassword(String str) {
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) != '*') {
                return false;
            }
        }
        return true;
    }

    private void readParams() {
        this.pgpPrivateKeystoreLocation = getHttpRequest().getParameter(PGP_PRIVATE_KEYSTORE_LOCATION_PARAM);
        this.pgpPrivateKeyPassword = getHttpRequest().getParameter(PGP_PRIVATE_KEY_PASSWORD_PARAM);
        if (StringUtils.isBlank(this.pgpPrivateKeyPassword)) {
            this.pgpPrivateKeyPassword = null;
        } else if (isDummyPassword(this.pgpPrivateKeyPassword)) {
            this.pgpPrivateKeyPassword = getHttpRequest().getParameter(PGP_PRIVATE_KEY_PASSWORD_CHECK_PARAM);
        } else {
            try {
                this.pgpPrivateKeyPassword = SecurityUtil.encode(this.pgpPrivateKeyPassword);
            } catch (GeneralSecurityException e) {
                log.error("Could not obfuscate entered PGP password. Error message: " + e.getMessage(), e);
            }
        }
        this.smimePrivateKeystoreLocation = getHttpRequest().getParameter(SMIME_PRIVATE_KEYSTORE_LOCATION_PARAM);
        this.smimePrivateKeystorePassword = getHttpRequest().getParameter(SMIME_PRIVATE_KEYSTORE_PASSWORD_PARAM);
        if (StringUtils.isBlank(this.smimePrivateKeystorePassword)) {
            this.smimePrivateKeystorePassword = null;
            return;
        }
        if (isDummyPassword(this.smimePrivateKeystorePassword)) {
            this.smimePrivateKeystorePassword = getHttpRequest().getParameter(SMIME_PRIVATE_KEYSTORE_PASSWORD_CHECK_PARAM);
            return;
        }
        try {
            this.smimePrivateKeystorePassword = SecurityUtil.encode(this.smimePrivateKeystorePassword);
        } catch (GeneralSecurityException e2) {
            log.error("Could not obfuscate entered S/MIME password. Error message: " + e2.getMessage(), e2);
        }
    }

    private void storeProps() {
        if (isLocationChanged()) {
            storeClearCache();
        }
        getAppProps().setString(Constants.PRIVATE_PGP_KEYSTORE_LOCATION_PROP, this.pgpPrivateKeystoreLocation);
        try {
            getAppProps().setPassword(Constants.PRIVATE_PGP_KEY_PASSWORD_PROP, SecurityUtil.decodeCharsBase64Aes(this.pgpPrivateKeyPassword));
        } catch (GeneralSecurityException e) {
            log.error("Could not store PGP password. Error message: " + e.getMessage(), e);
        }
        getAppProps().setString(Constants.PRIVATE_SMIME_KEYSTORE_LOCATION_PROP, this.smimePrivateKeystoreLocation);
        try {
            getAppProps().setPassword(Constants.PRIVATE_SMIME_KEY_PASSWORD_PROP, SecurityUtil.decodeCharsBase64Aes(this.smimePrivateKeystorePassword));
        } catch (GeneralSecurityException e2) {
            log.error("Could not store S/MIME password. Error message: " + e2.getMessage(), e2);
        }
    }

    private void readProps() {
        this.pgpPrivateKeystoreLocation = getAppProps().getString(Constants.PRIVATE_PGP_KEYSTORE_LOCATION_PROP);
        this.smimePrivateKeystoreLocation = getAppProps().getString(Constants.PRIVATE_SMIME_KEYSTORE_LOCATION_PROP);
        this.pgpPrivateKeyPassword = getAppProps().getString(Constants.PRIVATE_PGP_KEY_PASSWORD_PROP);
        this.smimePrivateKeystorePassword = getAppProps().getString(Constants.PRIVATE_SMIME_KEY_PASSWORD_PROP);
    }

    private boolean isLocationChanged() {
        return (StringUtils.equalsIgnoreCase(StringUtils.stripToNull(getAppProps().getString(Constants.PRIVATE_SMIME_KEYSTORE_LOCATION_PROP)), StringUtils.stripToNull(this.smimePrivateKeystoreLocation)) && StringUtils.equalsIgnoreCase(StringUtils.stripToNull(getAppProps().getString(Constants.PRIVATE_PGP_KEYSTORE_LOCATION_PROP)), StringUtils.stripToNull(this.pgpPrivateKeystoreLocation))) ? false : true;
    }
}
