package net.savignano.snotify.jira.gui.rest.profile;

import com.atlassian.jira.util.IOUtil;
import com.atlassian.plugins.rest.common.multipart.FilePart;
import com.atlassian.plugins.rest.common.multipart.MultipartFormParam;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.ws.rs.Consumes;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
import net.savignano.snotify.atlassian.common.EProperty;
import net.savignano.snotify.atlassian.common.enums.ECryptographyType;
import net.savignano.snotify.atlassian.common.enums.EKeySource;
import net.savignano.snotify.atlassian.common.util.SmimeUtil;
import net.savignano.snotify.jira.common.JiraUser;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("uploadSmimeCert")
/* loaded from: input_file:net/savignano/snotify/jira/gui/rest/profile/PublicSmimeCertUpload.class */
public class PublicSmimeCertUpload extends PublicUserEditing {
    private static final Logger log = LoggerFactory.getLogger(PublicSmimeCertUpload.class);

    @PUT
    @Consumes({"multipart/form-data"})
    public Response upload(@MultipartFormParam("smime_certificate") Collection<FilePart> collection) throws IOException {
        try {
            if (!getAuthContext().isLoggedInUser()) {
                return createResponse(Response.Status.UNAUTHORIZED, null);
            }
            JiraUser jiraUser = new JiraUser(getAuthContext().getLoggedInUser());
            if (!isUploadAllowed(ECryptographyType.SMIME)) {
                return createResponse(Response.Status.FORBIDDEN, getI18n().getText("jsd-portal-email-security.error.smime.upload.message.adminForbidden"));
            }
            FilePart filePart = null;
            if (!collection.isEmpty()) {
                filePart = collection.iterator().next();
            }
            if (filePart != null && filePart.getSize() != 0) {
                return setSmimeCert(filePart, jiraUser);
            }
            return createResponse(Response.Status.BAD_REQUEST, getI18n().getText("jsd-portal-email-security.error.smime.upload.message.noFile"));
        } catch (Exception e) {
            log.error("Error while uploading S/MIME certificate for user " + ((Object) null) + ". Error message: " + e.getMessage(), e);
            return createResponse(Response.Status.INTERNAL_SERVER_ERROR, getI18n().getText("jsd-portal-email-security.error.smime.upload.message.generalException"));
        }
    }

    private Response setSmimeCert(FilePart filePart, JiraUser jiraUser) {
        try {
            try {
                byte[] byteArray = IOUtil.toByteArray(filePart.getInputStream());
                log.debug("Checking certificate for user: " + jiraUser.getDisplayName());
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
                x509Certificate.checkValidity();
                if (!SmimeUtil.isCertForEmail(x509Certificate, jiraUser.getEmail())) {
                    String[] emails = SmimeUtil.getEmails(x509Certificate);
                    log.info("Email address {} not found in certificate. Email addresses found for subject: {}", jiraUser.getEmail(), StringUtils.join(emails, ", "));
                    return createResponse(Response.Status.CONFLICT, getI18n().getText("email-security-edit-webwork.error-email.message", StringUtils.join(emails, ", "), jiraUser.getEmail()));
                }
                log.info("Setting S/MIME certificate for user: {}", jiraUser.getDisplayName());
                getUserProps().setBytes(EProperty.EMAIL_SMIME_CERT, byteArray, jiraUser);
                getUserProps().setLong(EProperty.EMAIL_SMIME_TIME_STAMP, Long.valueOf(System.currentTimeMillis()), jiraUser);
                getUserProps().setEnum(EProperty.EMAIL_SMIME_KEY_SOURCE, EKeySource.USER, jiraUser);
                return Response.ok().build();
            } catch (IOException | CertificateException e) {
                String text = getI18n().getText("email-security-edit-webwork.error-smime.message", e.getMessage());
                log.info("Certificate parsing failed.", e);
                return createResponse(Response.Status.CONFLICT, text);
            }
        } catch (CertificateExpiredException e2) {
            log.info("Certificate expired.", e2);
            return createResponse(Response.Status.CONFLICT, getI18n().getText("email-security-edit-webwork.error-expired.message"));
        } catch (CertificateNotYetValidException e3) {
            log.info("Certificate not yet valid.", e3);
            return createResponse(Response.Status.CONFLICT, getI18n().getText("email-security-edit-webwork.error-notyetvalid.message"));
        }
    }
}
