package com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.impl;

import com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.ApplicationLinkRequestVerifier;
import com.atlassian.sal.api.auth.OAuthRequestVerifierFactory;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/plugins/confluence_kb_space_blueprint/services/impl/DefaultApplicationLinkRequestVerifier.class */
public class DefaultApplicationLinkRequestVerifier implements ApplicationLinkRequestVerifier {
    private static final String SERAPH_TRUSTED_APP_STATUS_HEADER = "X-Seraph-Trusted-App-Status";
    private static final String SERAPH_TRUSTED_APP_ERROR_HEADER = "X-Seraph-Trusted-App-Error";
    private static final String SERAPH_OS_AUTHSTATUS_ATTRIBUTE_KEY = "os_authstatus";
    private static final String LOGIN_SUCCESS = "success";
    private static final Logger log = LoggerFactory.getLogger(DefaultApplicationLinkRequestVerifier.class);
    private final OAuthRequestVerifierFactory oAuthRequestVerifierFactory;

    public DefaultApplicationLinkRequestVerifier(OAuthRequestVerifierFactory oAuthRequestVerifierFactory) {
        this.oAuthRequestVerifierFactory = oAuthRequestVerifierFactory;
    }

    @Override // com.atlassian.confluence.plugins.confluence_kb_space_blueprint.services.ApplicationLinkRequestVerifier
    public boolean isApplicationLinkRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.oAuthRequestVerifierFactory.getInstance(httpServletRequest).isVerified()) {
            log.debug("Verified OAuth request");
            return true;
        }
        if (!isAuthenticatedTrustedAppsCall(httpServletRequest, httpServletResponse)) {
            return false;
        }
        log.debug("Verified Trusted Apps request");
        return true;
    }

    private boolean isAuthenticatedTrustedAppsCall(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return Objects.equals(httpServletRequest.getAttribute(SERAPH_OS_AUTHSTATUS_ATTRIBUTE_KEY), LOGIN_SUCCESS) && httpServletResponse.containsHeader(SERAPH_TRUSTED_APP_STATUS_HEADER) && !httpServletResponse.containsHeader(SERAPH_TRUSTED_APP_ERROR_HEADER);
    }
}
