package com.atlassian.applinks.oauth.auth.threelo;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.auth.types.ThreeLeggedOAuth2AuthenticationProvider;
import com.atlassian.applinks.oauth.auth.servlets.OAuth2FlowRequestServlet;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.oauth2.client.api.storage.TokenHandler;
import com.atlassian.oauth2.client.api.storage.token.exception.RecoverableTokenException;
import com.atlassian.oauth2.client.api.storage.token.exception.UnrecoverableTokenException;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.user.UserManager;
import java.net.URI;
import java.time.Duration;
import java.util.Objects;
import javax.ws.rs.core.UriBuilder;

/* loaded from: input_file:com/atlassian/applinks/oauth/auth/threelo/ThreeLeggedOAuth2RequestFactoryImpl.class */
public class ThreeLeggedOAuth2RequestFactoryImpl implements ApplicationLinkRequestFactory {
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ApplicationLink applicationLink;
    private final UserManager userManager;
    private final RequestFactory requestFactory;
    private final TokenHandler tokenHandler;
    private final ApplicationProperties applicationProperties;

    public ThreeLeggedOAuth2RequestFactoryImpl(ApplicationLink applicationLink, AuthenticationConfigurationManager authenticationConfigurationManager, UserManager userManager, RequestFactory requestFactory, TokenHandler tokenHandler, ApplicationProperties applicationProperties) {
        this.applicationLink = (ApplicationLink) Objects.requireNonNull(applicationLink);
        this.authenticationConfigurationManager = (AuthenticationConfigurationManager) Objects.requireNonNull(authenticationConfigurationManager);
        this.userManager = userManager;
        this.requestFactory = (RequestFactory) Objects.requireNonNull(requestFactory);
        this.tokenHandler = tokenHandler;
        this.applicationProperties = applicationProperties;
    }

    public ApplicationLinkRequest createRequest(Request.MethodType methodType, String str) throws CredentialsRequiredException {
        if (this.authenticationConfigurationManager.getConfiguration(this.applicationLink.getId(), ThreeLeggedOAuth2AuthenticationProvider.class) == null) {
            throw new IllegalStateException(String.format("OAuth2 Authentication is not configured for application link %s", this.applicationLink));
        }
        return new ThreeLeggedOAuth2Request(str, methodType, this.requestFactory.createRequest(methodType, str), this.applicationLink.getId(), retrieveAccessToken((String) Objects.requireNonNull(this.userManager.getRemoteUsername(), "You have to be logged in to use oauth authentication.")));
    }

    private String retrieveAccessToken(String str) throws CredentialsRequiredException {
        try {
            return this.tokenHandler.getRefreshedToken(getClientConfigurationId(), str, Duration.ofSeconds(10L)).getAccessToken();
        } catch (RecoverableTokenException | UnrecoverableTokenException e) {
            throw new CredentialsRequiredException(this, "You do not have an authorized access token for the remote resource.");
        }
    }

    public URI getAuthorisationURI() {
        return getAuthorisationURI(null);
    }

    public URI getAuthorisationURI(URI uri) {
        UriBuilder queryParam = authorizationUriBuilder().queryParam(OAuth2FlowRequestServlet.APPLINK_ID, new Object[]{this.applicationLink.getId()});
        if (uri != null) {
            queryParam.queryParam(OAuth2FlowRequestServlet.REDIRECT_URI, new Object[]{uri});
        }
        return queryParam.build(new Object[0]);
    }

    private UriBuilder authorizationUriBuilder() {
        return UriBuilder.fromUri(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL)).path("/plugins/servlet/applinks/oauth2/initiate-flow");
    }

    private String getClientConfigurationId() {
        return (String) this.applicationLink.getProperty("clientConfigurationEntityId");
    }
}
