package com.zagile.salesforce.servlet;

import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.util.json.JSONException;
import com.atlassian.jira.util.json.JSONObject;
import com.zagile.salesforce.jira.service.observer.SalesforceObjectObserver;
import com.zagile.salesforce.properties.ZAppProperties;
import com.zagile.salesforce.service.RestSalesforceService;
import com.zagile.salesforce.service.SalesforceResourceService;
import com.zagile.salesforce.service.SalesforceService;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import javanet.staxutils.events.StartDocumentEvent;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.htmlparser.jericho.HTMLElementName;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/zagile/salesforce/servlet/OAuthServlet.class */
public class OAuthServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private final JiraBaseUrls jiraBaseUrls;
    private final ZAppProperties zAppProperties;
    private final SalesforceService salesforceService;
    private final SalesforceResourceService salesforceResourceService;
    private String redirectUri;
    private final Logger logger = Logger.getLogger(getClass());
    private String authUrl = null;
    private final SecureRandom secureRandom = new SecureRandom();

    /* loaded from: input_file:com/zagile/salesforce/servlet/OAuthServlet$HashAlgorithm.class */
    class HashAlgorithm {
        public static final String ALGORITHM_NAME = "SHA-256";
        public static final String ALGORITHM_PARAM = "S256";

        HashAlgorithm() {
        }
    }

    public OAuthServlet(JiraBaseUrls jiraBaseUrls, SalesforceService salesforceService, ZAppProperties zAppProperties, SalesforceResourceService salesforceResourceService) {
        this.jiraBaseUrls = jiraBaseUrls;
        this.salesforceService = salesforceService;
        this.zAppProperties = zAppProperties;
        this.salesforceResourceService = salesforceResourceService;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.redirectUri = this.jiraBaseUrls.baseUrl() + "/plugins/servlet/oauth/_callback";
        String salesforceClientId = this.zAppProperties.getSalesforceClientId();
        String parameter = httpServletRequest.getParameter("state");
        String salesforceCodeVerifier = this.zAppProperties.getSalesforceCodeVerifier();
        if (StringUtils.isBlank(salesforceCodeVerifier)) {
            salesforceCodeVerifier = generateCodeVerifier();
            this.zAppProperties.setSalesforceCodeVerifier(salesforceCodeVerifier);
        }
        String salesforceCodeChallenge = this.zAppProperties.getSalesforceCodeChallenge();
        if (StringUtils.isBlank(salesforceCodeChallenge)) {
            try {
                salesforceCodeChallenge = generateCodeChallenge(salesforceCodeVerifier);
                this.zAppProperties.setSalesforceCodeChallenge(salesforceCodeChallenge);
            } catch (Exception e) {
                this.logger.warn(e.getMessage());
            }
        }
        String str = "&code_challenge=" + salesforceCodeChallenge + "&code_challenge_method=" + HashAlgorithm.ALGORITHM_PARAM;
        if (parameter == null || !parameter.equalsIgnoreCase("sandbox")) {
            String salesforceCustomDomain = this.zAppProperties.getSalesforceCustomDomain();
            this.authUrl = ((salesforceCustomDomain == null || salesforceCustomDomain.trim().isEmpty()) ? RestSalesforceService.LOGIN_SALESFORCE_URL : salesforceCustomDomain) + "/services/oauth2/authorize?response_type=code" + str + "&client_id=" + salesforceClientId + "&redirect_uri=" + URLEncoder.encode(this.redirectUri, StartDocumentEvent.DEFAULT_ENCODING) + "&prompt=" + URLEncoder.encode("login consent", StartDocumentEvent.DEFAULT_ENCODING);
        } else {
            this.authUrl = "https://test.salesforce.com/services/oauth2/authorize?response_type=code" + str + "&client_id=" + salesforceClientId + "&redirect_uri=" + URLEncoder.encode(this.redirectUri, StartDocumentEvent.DEFAULT_ENCODING) + "&state=sandbox&prompt=" + URLEncoder.encode("login consent", StartDocumentEvent.DEFAULT_ENCODING);
        }
        if (httpServletRequest.getRequestURI().endsWith("oauth")) {
            httpServletResponse.sendRedirect(this.authUrl);
            return;
        }
        String parameter2 = httpServletRequest.getParameter(HTMLElementName.CODE);
        this.logger.info("Auth successful - got callback with code.");
        boolean z = false;
        if (parameter != null) {
            if (parameter.equalsIgnoreCase("sandbox")) {
                z = true;
            }
            this.logger.info("Auth state: " + parameter);
        }
        try {
            try {
                this.salesforceService.validateToken(parameter2, this.redirectUri, z);
                setSalesforceObjectConfig();
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/secure/ZConfigureSalesforce.jspa?message=" + URLEncoder.encode("Auth Successful.", StartDocumentEvent.DEFAULT_ENCODING));
                deletePKCEAttributes();
            } catch (Throwable th) {
                deletePKCEAttributes();
                throw th;
            }
        } catch (Exception e2) {
            this.logger.error("Could not validate code in OAuth", e2);
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/secure/ZConfigureSalesforce.jspa?errorMessage=" + URLEncoder.encode(StringUtils.isNotBlank(e2.getMessage()) ? e2.getMessage() : "Could not validate authentication. ", StartDocumentEvent.DEFAULT_ENCODING));
            deletePKCEAttributes();
        }
    }

    private void deletePKCEAttributes() {
        this.zAppProperties.setSalesforceCodeVerifier(null);
        this.zAppProperties.setSalesforceCodeChallenge(null);
    }

    public String generateCodeVerifier() {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    public String generateCodeChallenge(String str) throws Exception {
        try {
            byte[] bytes = str.getBytes();
            MessageDigest messageDigest = MessageDigest.getInstance(HashAlgorithm.ALGORITHM_NAME);
            messageDigest.update(bytes);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest());
        } catch (Exception e) {
            this.logger.error("Unable to generate code challenge for PKCE extension", e);
            throw new ServletException("Unable to generate code challenge for PKCE extension", e);
        }
    }

    private void setSalesforceObjectConfig() {
        try {
            setSalesforceConfig(this.salesforceResourceService.getSalesforceConceptAndSettings());
        } catch (Exception e) {
            this.logger.error("Could not set Salesforce Object config info. Ignoring it.", e);
        }
    }

    private void setSalesforceConfig(JSONObject jSONObject) throws JSONException {
        if (jSONObject.has("ZGeneralSettings")) {
            JSONObject jSONObject2 = jSONObject.getJSONObject("ZGeneralSettings");
            if (jSONObject2.has(SalesforceObjectObserver.OBSERVER_FIELDNAME)) {
                JSONObject jSONObject3 = jSONObject2.getJSONObject(SalesforceObjectObserver.OBSERVER_FIELDNAME);
                this.zAppProperties.setAllowObjectCreation(jSONObject3.getBoolean("allowObjectCreation"));
                this.zAppProperties.setAllowObjectLink(jSONObject3.getBoolean("allowObjectLink"));
                this.zAppProperties.setAllowObjectUnlink(jSONObject3.getBoolean("allowObjectUnlink"));
            }
        }
    }

    public SalesforceService getSalesforceService() {
        return this.salesforceService;
    }
}
