package com.atlassian.applinks.oauth.accesslevel;

import com.atlassian.applinks.accesslevel.AccessLevel;
import com.atlassian.applinks.accesslevel.core.auth.AuthenticationAccessLevelService;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TrustedAppsAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider;
import com.atlassian.applinks.core.rest.model.ConsumerEntity;
import com.atlassian.applinks.oauth.auth.OAuthHelper;
import com.atlassian.applinks.oauth.auth.ServiceProviderStoreService;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.fugue.Pair;
import com.atlassian.oauth.Consumer;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.net.ResponseException;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/applinks/oauth/accesslevel/OAuthAccessLevelService.class */
public class OAuthAccessLevelService implements AuthenticationAccessLevelService {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAccessLevelService.class.getName());
    private final ServiceProviderStoreService serviceProviderStoreService;
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final I18nResolver i18nResolver;

    public OAuthAccessLevelService(ServiceProviderStoreService serviceProviderStoreService, AuthenticationConfigurationManager authenticationConfigurationManager, I18nResolver i18nResolver) {
        this.serviceProviderStoreService = serviceProviderStoreService;
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.i18nResolver = i18nResolver;
    }

    public Pair<AccessLevel, Iterable<String>> getIncomingConfiguredAccessLevel(ApplicationLink applicationLink) {
        ArrayList newArrayList = Lists.newArrayList();
        Consumer consumer = this.serviceProviderStoreService.getConsumer(applicationLink);
        return getOAuthAccessLevel(newArrayList, consumer != null, consumer != null && consumer.getTwoLOAllowed(), consumer != null && consumer.getTwoLOImpersonationAllowed());
    }

    public void setIncomingConfiguredAccessLevel(ApplicationLink applicationLink, AccessLevel accessLevel) {
        boolean needs3LO = needs3LO(accessLevel);
        boolean needs2LO = needs2LO(accessLevel);
        boolean needs2LOi = needs2LOi(accessLevel);
        if (!needs3LO) {
            try {
                this.serviceProviderStoreService.removeConsumer(applicationLink);
                return;
            } catch (IllegalStateException e) {
                LOG.warn("attempt to remove missing consumer on link: " + applicationLink);
                return;
            }
        }
        Consumer consumer = this.serviceProviderStoreService.getConsumer(applicationLink);
        if (consumer == null) {
            try {
                consumer = OAuthHelper.fetchConsumerInformation(applicationLink);
            } catch (ResponseException e2) {
                LOG.warn("Unable to determine the consumer information for link", e2);
            }
        }
        if (consumer != null) {
            this.serviceProviderStoreService.addConsumer(new Consumer.InstanceBuilder(consumer.getKey()).name(consumer.getName()).description(consumer.getDescription()).publicKey(consumer.getPublicKey()).signatureMethod(consumer.getSignatureMethod()).callback(consumer.getCallback()).twoLOAllowed(needs2LO).executingTwoLOUser(consumer.getExecutingTwoLOUser()).twoLOImpersonationAllowed(needs2LOi).build(), applicationLink);
        }
    }

    public Pair<AccessLevel, Iterable<String>> getOutgoingConfiguredAccessLevel(ApplicationLink applicationLink) {
        return getOAuthAccessLevel(Lists.newArrayList(), this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), OAuthAuthenticationProvider.class), this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class), this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class));
    }

    public void setOutgoingConfiguredAccessLevel(ApplicationLink applicationLink, AccessLevel accessLevel) {
        boolean needs3LO = needs3LO(accessLevel);
        boolean needs2LO = needs2LO(accessLevel);
        boolean needs2LOi = needs2LOi(accessLevel);
        if (needs3LO) {
            this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), OAuthAuthenticationProvider.class, Collections.emptyMap());
        } else {
            this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), OAuthAuthenticationProvider.class);
        }
        if (needs2LO) {
            this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class, Collections.emptyMap());
        } else {
            this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), TwoLeggedOAuthAuthenticationProvider.class);
        }
        if (needs2LOi) {
            this.authenticationConfigurationManager.registerProvider(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class, Collections.emptyMap());
        } else {
            this.authenticationConfigurationManager.unregisterProvider(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class);
        }
    }

    public Pair<AccessLevel, Iterable<String>> getRemoteInstanceOutgoingAccessLevel(Iterable<Class<? extends AuthenticationProvider>> iterable) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (Class<? extends AuthenticationProvider> cls : iterable) {
            if (cls.equals(OAuthAuthenticationProvider.class.getCanonicalName())) {
                z = true;
            } else if (cls.equals(TwoLeggedOAuthAuthenticationProvider.class.getCanonicalName())) {
                z2 = true;
            } else if (cls.equals(TwoLeggedOAuthWithImpersonationAuthenticationProvider.class.getCanonicalName())) {
                z3 = true;
            } else if (cls.equals(TrustedAppsAuthenticationProvider.class.getCanonicalName())) {
            }
        }
        return getLevel(z, z2, z3);
    }

    public Pair<AccessLevel, Iterable<String>> getRemoteInstanceIncomingAccessLevel(Iterable<? extends ConsumerEntity> iterable) {
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (ConsumerEntity consumerEntity : iterable) {
            z = true;
            z2 = consumerEntity.isTwoLOAllowed();
            z3 = consumerEntity.isTwoLOImpersonationAllowed();
        }
        return getLevel(z, z2, z3);
    }

    private Pair<AccessLevel, Iterable<String>> getOAuthAccessLevel(List<String> list, boolean z, boolean z2, boolean z3) {
        AccessLevel accessLevel = AccessLevel.ANONYMOUS;
        if (z3) {
            if (z2 && z) {
                accessLevel = AccessLevel.PREAUTH;
            } else if (z2) {
                accessLevel = AccessLevel.UNSUPPORTED;
                list.add(this.i18nResolver.getText(getIncomingConfiguredJustification("2loi") + "." + getIncomingNotConfiguredJustification("2lo")));
            } else {
                accessLevel = AccessLevel.UNSUPPORTED;
                list.add(this.i18nResolver.getText(getIncomingConfiguredJustification("2loi") + "." + getIncomingNotConfiguredJustification("3lo")));
            }
        } else if (z2) {
            if (z) {
                accessLevel = AccessLevel.SERVERAUTH;
            } else {
                accessLevel = AccessLevel.UNSUPPORTED;
                list.add(this.i18nResolver.getText(getIncomingConfiguredJustification("2lo") + "." + getIncomingNotConfiguredJustification("3lo")));
            }
        } else if (z) {
            accessLevel = AccessLevel.USERAUTH;
        }
        return new Pair<>(accessLevel, list);
    }

    private String getIncomingConfiguredJustification(String str) {
        return "applinks.accesslevel.incoming." + str + ".configured";
    }

    private String getIncomingNotConfiguredJustification(String str) {
        return "applinks.accesslevel.incoming." + str + ".notconfigured";
    }

    private boolean needs3LO(AccessLevel accessLevel) {
        return accessLevel == AccessLevel.USERAUTH || accessLevel == AccessLevel.SERVERAUTH || accessLevel == AccessLevel.PREAUTH;
    }

    private boolean needs2LO(AccessLevel accessLevel) {
        return accessLevel == AccessLevel.SERVERAUTH || accessLevel == AccessLevel.PREAUTH;
    }

    private boolean needs2LOi(AccessLevel accessLevel) {
        return accessLevel == AccessLevel.PREAUTH;
    }

    private Pair<AccessLevel, Iterable<String>> getLevel(boolean z, boolean z2, boolean z3) {
        AccessLevel accessLevel = AccessLevel.ANONYMOUS;
        if (z) {
            accessLevel = AccessLevel.USERAUTH;
            if (z2) {
                accessLevel = AccessLevel.SERVERAUTH;
                if (z3) {
                    accessLevel = AccessLevel.PREAUTH;
                }
            }
        }
        return new Pair<>(accessLevel, Lists.newArrayList());
    }
}
