package com.atlassian.plugins.authentication.sso.config;

import com.atlassian.plugins.authentication.api.config.AbstractIdpConfig;
import com.atlassian.plugins.authentication.api.config.IdpConfig;
import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.SsoType;
import com.atlassian.plugins.authentication.api.config.ValidationError;
import com.atlassian.plugins.authentication.sso.rest.model.JitConfigEntity;
import com.atlassian.plugins.authentication.sso.util.HttpsValidator;
import com.atlassian.plugins.authentication.sso.util.ValidationUtils;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping.MappingExpression;
import com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping.MappingExpressionException;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSetMultimap;
import com.google.common.collect.Multimap;
import java.net.URL;
import java.util.Collections;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/plugins/authentication/sso/config/AbstractIdpConfigValidator.class */
public abstract class AbstractIdpConfigValidator<T extends AbstractIdpConfig> implements IdpConfigValidator {
    private static final String EXPRESSION_ERROR_SPECIFIC_MESSAGE_KEY = "message";
    private static final String EXPRESSION_ERROR_INDEX_KEY = "index";
    private static final String EXPRESSION_ERROR_ORIGINAL_EXPRESSION_KEY = "expression";
    public static final int BUTTON_TEXT_LIMIT = 40;
    protected static final Iterable<ValidationError> ERROR_REQUIRED = Collections.singleton(ValidationError.required());
    protected static final Iterable<ValidationError> ERROR_INCORRECT = Collections.singleton(ValidationError.incorrect());
    protected static final Iterable<ValidationError> ERROR_INSECURE = Collections.singleton(ValidationError.insecure());
    protected static final Iterable<ValidationError> ERROR_TOO_LONG = Collections.singleton(ValidationError.tooLong());
    protected static final Iterable<ValidationError> NO_ERRORS = Collections.emptyList();
    protected final HttpsValidator httpsValidator;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractIdpConfigValidator(HttpsValidator httpsValidator) {
        this.httpsValidator = httpsValidator;
    }

    protected abstract SsoType getSsoType();

    protected abstract Class<T> getSsoClass();

    protected abstract void validate(@Nonnull ImmutableMultimap.Builder<String, ValidationError> builder, @Nonnull T t);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.atlassian.plugins.authentication.sso.config.IdpConfigValidator
    @Nonnull
    public final Multimap<String, ValidationError> validate(@Nonnull IdpConfig idpConfig) {
        Preconditions.checkArgument(idpConfig.getSsoType() == getSsoType(), "Unsupported SSO type: " + idpConfig.getSsoType());
        Preconditions.checkArgument(getSsoClass().isInstance(idpConfig), "Unsupported config type: " + idpConfig.getClass());
        ImmutableSetMultimap.Builder builder = ImmutableSetMultimap.builder();
        builder.putAll("sso-type", validateRequiredField(idpConfig.getSsoType()));
        builder.putAll("name", validateRequiredField(idpConfig.getName()));
        builder.putAll("button-text", validateRequiredField(idpConfig.getButtonText()));
        builder.putAll("button-text", validateLength(idpConfig.getButtonText(), 40));
        validate((ImmutableMultimap.Builder<String, ValidationError>) builder, (ImmutableSetMultimap.Builder) getSsoClass().cast(idpConfig));
        return builder.build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.atlassian.plugins.authentication.sso.config.IdpConfigValidator
    @Nonnull
    public final Multimap<String, ValidationError> validate(@Nonnull IdpConfig idpConfig, ValidationContext validationContext) {
        return validationContext == ValidationContext.FULL_VALIDATION ? validate(idpConfig) : validateInContext((AbstractIdpConfig) getSsoClass().cast(idpConfig), validationContext);
    }

    protected abstract Multimap<String, ValidationError> validateInContext(T t, ValidationContext validationContext);

    /* JADX INFO: Access modifiers changed from: protected */
    public Iterable<ValidationError> validateRequiredField(Object obj) {
        return obj instanceof String ? StringUtils.isEmpty((String) obj) : obj == null ? ERROR_REQUIRED : NO_ERRORS;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Iterable<ValidationError> validateUrl(String str) {
        if (!Strings.isNullOrEmpty(str)) {
            if (!isValidUrl(str)) {
                return ERROR_INCORRECT;
            }
            if (!isSecureUrl(str)) {
                return ERROR_INSECURE;
            }
        }
        return NO_ERRORS;
    }

    private boolean isSecureUrl(String str) {
        URL convertToUrl;
        return !this.httpsValidator.isHttpsRequired() || Strings.isNullOrEmpty(str) || (convertToUrl = ValidationUtils.convertToUrl(str)) == null || "https".equalsIgnoreCase(convertToUrl.getProtocol());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Multimap<String, ValidationError> validateJitFields(JustInTimeConfig justInTimeConfig) {
        ImmutableMultimap.Builder builder = ImmutableMultimap.builder();
        if (justInTimeConfig != null && justInTimeConfig.isEnabled().orElse(false).booleanValue()) {
            builder.putAll(JitConfigEntity.Config.MAPPING_DISPLAY_NAME, validateMappingExpression(justInTimeConfig.getDisplayNameMappingExpression().orElse(null)));
            builder.putAll("mapping-email", validateMappingExpression(justInTimeConfig.getEmailMappingExpression().orElse(null)));
            builder.putAll("mapping-groups", validateNotMappingExpression(justInTimeConfig.getGroupsMappingSource().orElse(null)));
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Iterable<ValidationError> validateMappingExpression(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return ERROR_REQUIRED;
        }
        try {
            MappingExpression.validate(str);
            return NO_ERRORS;
        } catch (MappingExpressionException e) {
            ValidationError incorrect = ValidationError.incorrect();
            incorrect.getMetadata().put(EXPRESSION_ERROR_SPECIFIC_MESSAGE_KEY, e.getFriendlyMessage());
            incorrect.getMetadata().put(EXPRESSION_ERROR_ORIGINAL_EXPRESSION_KEY, str);
            incorrect.getMetadata().put(EXPRESSION_ERROR_INDEX_KEY, Integer.valueOf(e.getIndexOfException()));
            return Collections.singleton(incorrect);
        }
    }

    protected Iterable<ValidationError> validateNotMappingExpression(String str) {
        return Strings.isNullOrEmpty(str) ? ERROR_REQUIRED : MappingExpression.containsVariableOpenerOrCloser(str) ? Collections.singleton(ValidationError.notSupported()) : NO_ERRORS;
    }

    protected Iterable<ValidationError> validateLength(String str, int i) {
        return Strings.nullToEmpty(str).length() > i ? ERROR_TOO_LONG : NO_ERRORS;
    }

    private boolean isValidUrl(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return true;
        }
        try {
            ValidationUtils.convertToUrl(str);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }
}
