package com.atlassian.applinks.oauth.auth.threelo;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.auth.types.ThreeLeggedOAuth2AuthenticationProvider;
import com.atlassian.applinks.oauth.auth.servlets.OAuth2FlowRequestServlet;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheFactory;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.oauth2.client.api.OAuth2Token;
import com.atlassian.oauth2.client.api.storage.TokenHandler;
import com.atlassian.oauth2.client.api.storage.token.exception.RecoverableTokenException;
import com.atlassian.oauth2.client.api.storage.token.exception.UnrecoverableTokenException;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.user.UserManager;
import java.net.URI;
import java.time.Clock;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.UriBuilder;

/* loaded from: input_file:com/atlassian/applinks/oauth/auth/threelo/ThreeLeggedOAuth2RequestFactoryImpl.class */
public class ThreeLeggedOAuth2RequestFactoryImpl implements ApplicationLinkRequestFactory {
    private static final int TOKEN_EXPIRE_MARGIN = 30;
    private static final String ACCESS_TOKEN_CACHE = ThreeLeggedOAuth2RequestFactoryImpl.class.getSimpleName() + ".accessTokenCache";
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ApplicationLink applicationLink;
    private final UserManager userManager;
    private final RequestFactory requestFactory;
    private final TokenHandler tokenHandler;
    private final ApplicationProperties applicationProperties;
    private final Cache<String, OAuth2Token> accessTokenCache;

    public ThreeLeggedOAuth2RequestFactoryImpl(ApplicationLink applicationLink, AuthenticationConfigurationManager authenticationConfigurationManager, UserManager userManager, RequestFactory requestFactory, TokenHandler tokenHandler, ApplicationProperties applicationProperties, CacheFactory cacheFactory) {
        this.applicationLink = (ApplicationLink) Objects.requireNonNull(applicationLink);
        this.authenticationConfigurationManager = (AuthenticationConfigurationManager) Objects.requireNonNull(authenticationConfigurationManager);
        this.userManager = userManager;
        this.requestFactory = (RequestFactory) Objects.requireNonNull(requestFactory);
        this.tokenHandler = tokenHandler;
        this.applicationProperties = applicationProperties;
        this.accessTokenCache = cacheFactory.getCache(ACCESS_TOKEN_CACHE, (CacheLoader) null, new CacheSettingsBuilder().local().expireAfterWrite(30L, TimeUnit.MINUTES).build());
    }

    protected ThreeLeggedOAuth2RequestFactoryImpl(ApplicationLink applicationLink, AuthenticationConfigurationManager authenticationConfigurationManager, UserManager userManager, RequestFactory requestFactory, TokenHandler tokenHandler, ApplicationProperties applicationProperties, Cache<String, OAuth2Token> cache) {
        this.applicationLink = (ApplicationLink) Objects.requireNonNull(applicationLink);
        this.authenticationConfigurationManager = (AuthenticationConfigurationManager) Objects.requireNonNull(authenticationConfigurationManager);
        this.userManager = userManager;
        this.requestFactory = (RequestFactory) Objects.requireNonNull(requestFactory);
        this.tokenHandler = tokenHandler;
        this.applicationProperties = applicationProperties;
        this.accessTokenCache = cache;
    }

    public ApplicationLinkRequest createRequest(Request.MethodType methodType, String str) throws CredentialsRequiredException {
        if (this.authenticationConfigurationManager.getConfiguration(this.applicationLink.getId(), ThreeLeggedOAuth2AuthenticationProvider.class) == null) {
            throw new IllegalStateException(String.format("OAuth2 Authentication is not configured for application link %s", this.applicationLink));
        }
        String str2 = (String) Objects.requireNonNull(this.userManager.getRemoteUsername(), "You have to be logged in to use oauth authentication.");
        return new ThreeLeggedOAuth2Request(str, this.requestFactory.createRequest(methodType, str), retrieveAccessToken(str2), this.accessTokenCache, getClientConfigurationId(), this.tokenHandler, str2);
    }

    protected String retrieveAccessToken(String str) throws CredentialsRequiredException {
        OAuth2Token oAuth2Token = (OAuth2Token) this.accessTokenCache.get(str + ":" + getClientConfigurationId());
        if (oAuth2Token == null || isTokenExpired(oAuth2Token)) {
            try {
                oAuth2Token = this.tokenHandler.getRefreshedToken(str, getClientConfigurationId(), Duration.ofSeconds(30L));
                this.accessTokenCache.put(str + ":" + getClientConfigurationId(), oAuth2Token);
            } catch (RecoverableTokenException | UnrecoverableTokenException e) {
                throw new CredentialsRequiredException(this, "You do not have an authorized access token for the remote resource.");
            }
        }
        return oAuth2Token.getAccessToken();
    }

    private boolean isTokenExpired(OAuth2Token oAuth2Token) {
        return oAuth2Token.getAccessTokenExpiration().minus((TemporalAmount) Duration.ofSeconds(30L)).isBefore(Clock.systemUTC().instant());
    }

    public URI getAuthorisationURI() {
        return getAuthorisationURI(null);
    }

    public URI getAuthorisationURI(URI uri) {
        UriBuilder queryParam = authorizationUriBuilder().queryParam(OAuth2FlowRequestServlet.APPLINK_ID, new Object[]{this.applicationLink.getId()});
        if (uri != null) {
            queryParam.queryParam(OAuth2FlowRequestServlet.REDIRECT_URI, new Object[]{uri});
        }
        return queryParam.build(new Object[0]);
    }

    private UriBuilder authorizationUriBuilder() {
        return UriBuilder.fromUri(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL)).path("/plugins/servlet/applinks/oauth2/initiate-flow");
    }

    private String getClientConfigurationId() {
        return this.applicationLink.getAuthorizationCodeClientConfigurationId();
    }
}
