package com.atlassian.oauth.serviceprovider.sal;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.oauth.Token;
import com.atlassian.oauth.event.AccessTokenAddedEvent;
import com.atlassian.oauth.event.AccessTokenRemovedEvent;
import com.atlassian.oauth.event.RequestTokenAddedEvent;
import com.atlassian.oauth.event.RequestTokenRemovedEvent;
import com.atlassian.oauth.serviceprovider.Clock;
import com.atlassian.oauth.serviceprovider.InvalidTokenException;
import com.atlassian.oauth.serviceprovider.ServiceProviderConsumerStore;
import com.atlassian.oauth.serviceprovider.ServiceProviderToken;
import com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore;
import com.atlassian.oauth.serviceprovider.StoreException;
import com.atlassian.oauth.shared.sal.Functions;
import com.atlassian.oauth.shared.sal.HashingLongPropertyKeysPluginSettings;
import com.atlassian.oauth.shared.sal.PrefixingPluginSettings;
import com.atlassian.oauth.shared.sal.TokenProperties;
import com.atlassian.sal.api.pluginsettings.PluginSettings;
import com.atlassian.sal.api.pluginsettings.PluginSettingsFactory;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserResolutionException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore.class */
public class PluginSettingsServiceProviderTokenStore implements ServiceProviderTokenStore {
    private final PluginSettingsFactory pluginSettingsFactory;
    private final ServiceProviderConsumerStore consumerStore;
    private final UserManager userManager;
    private final Clock clock;
    private final EventPublisher eventPublisher;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$HasExpired.class */
    public static class HasExpired implements Predicate<ServiceProviderToken> {
        private final Clock clock;

        public HasExpired(Clock clock) {
            this.clock = clock;
        }

        @Override // java.util.function.Predicate
        public boolean test(ServiceProviderToken serviceProviderToken) {
            return serviceProviderToken.getSession() == null && serviceProviderToken.hasExpired(this.clock);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$HasExpiredSession.class */
    public static class HasExpiredSession implements Predicate<ServiceProviderToken> {
        private final Clock clock;

        public HasExpiredSession(Clock clock) {
            this.clock = clock;
        }

        @Override // java.util.function.Predicate
        public boolean test(ServiceProviderToken serviceProviderToken) {
            return serviceProviderToken.getSession() != null && serviceProviderToken.getSession().hasExpired(this.clock);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$KeyToToken.class */
    public class KeyToToken implements Function<String, ServiceProviderToken> {
        private final Function<String, Principal> userResolver;

        private KeyToToken(Function<String, Principal> function) {
            this.userResolver = function;
        }

        @Override // java.util.function.Function
        public ServiceProviderToken apply(String str) {
            return PluginSettingsServiceProviderTokenStore.this.get(str, this.userResolver);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$ServiceProviderTokenProperties.class */
    public static final class ServiceProviderTokenProperties extends TokenProperties {
        static final String AUTHORIZATION = "authorization";
        static final String USER_NAME = "userName";
        static final String VERIFIER = "verifier";
        static final String CALLBACK = "callback";
        static final String CREATION_TIME = "creationTime";
        static final String TIME_TO_LIVE = "timeToLive";
        static final String VERSION = "version";
        static final String SESSION_HANDLE = "session.handle";
        static final String SESSION_CREATION_TIME = "session.creationTime";
        static final String SESSION_LAST_RENEWAL_TIME = "session.lastRenewalTime";
        static final String SESSION_TIME_TO_LIVE = "session.timeToLive";

        public ServiceProviderTokenProperties(Properties properties) {
            super(properties);
        }

        public ServiceProviderTokenProperties(ServiceProviderToken serviceProviderToken) {
            super((Token) serviceProviderToken);
            putAuthorization(serviceProviderToken.getAuthorization());
            if (serviceProviderToken.getUser() != null) {
                putUserName(serviceProviderToken.getUser().getName());
            }
            putVerifier(serviceProviderToken.getVerifier());
            putCallback(serviceProviderToken.getCallback());
            putCreationTime(serviceProviderToken.getCreationTime());
            putTimeToLive(serviceProviderToken.getTimeToLive());
            putVersion(serviceProviderToken.getVersion());
            putSession(serviceProviderToken.getSession());
        }

        public ServiceProviderToken.Authorization getAuthorization() {
            String str = get(AUTHORIZATION);
            return str != null ? ServiceProviderToken.Authorization.valueOf(str) : getUserName() != null ? ServiceProviderToken.Authorization.AUTHORIZED : ServiceProviderToken.Authorization.NONE;
        }

        public void putAuthorization(ServiceProviderToken.Authorization authorization) {
            put(AUTHORIZATION, authorization.name());
        }

        public String getUserName() {
            return get(USER_NAME);
        }

        private void putUserName(String str) {
            put(USER_NAME, str);
        }

        public String getVerifier() {
            return get(VERIFIER);
        }

        private void putVerifier(String str) {
            put(VERIFIER, str);
        }

        public URI getCallback() {
            String str = get(CALLBACK);
            if (str == null) {
                return null;
            }
            try {
                return new URI(str);
            } catch (URISyntaxException e) {
                throw new StoreException("Invalid callback", e);
            }
        }

        private void putCallback(URI uri) {
            if (uri == null) {
                return;
            }
            put(CALLBACK, uri.toString());
        }

        public long getCreationTime() {
            return Long.parseLong(get(CREATION_TIME));
        }

        private void putCreationTime(long j) {
            put(CREATION_TIME, Long.toString(j));
        }

        public long getTimeToLive() {
            return Long.parseLong(get(TIME_TO_LIVE));
        }

        private void putTimeToLive(long j) {
            put(TIME_TO_LIVE, Long.toString(j));
        }

        public ServiceProviderToken.Version getVersion() {
            String str = get(VERSION);
            if (str == null) {
                return null;
            }
            return ServiceProviderToken.Version.valueOf(str);
        }

        private void putVersion(ServiceProviderToken.Version version) {
            if (version != null) {
                put(VERSION, version.name());
            }
        }

        public ServiceProviderToken.Session getSession() {
            String str = get(SESSION_HANDLE);
            if (str == null) {
                return null;
            }
            return ServiceProviderToken.Session.newSession(str).creationTime(Long.parseLong(get(SESSION_CREATION_TIME))).lastRenewalTime(Long.parseLong(get(SESSION_LAST_RENEWAL_TIME))).timeToLive(Long.parseLong(get(SESSION_TIME_TO_LIVE))).build();
        }

        private void putSession(ServiceProviderToken.Session session) {
            if (session != null) {
                put(SESSION_HANDLE, session.getHandle());
                put(SESSION_CREATION_TIME, Long.toString(session.getCreationTime()));
                put(SESSION_LAST_RENEWAL_TIME, Long.toString(session.getLastRenewalTime()));
                put(SESSION_TIME_TO_LIVE, Long.toString(session.getTimeToLive()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$Settings.class */
    public static final class Settings {
        static final String TOKEN_KEYS = "tokenKeys";
        static final String TOKEN_PREFIX = "token";
        static final String KEY_LIST_PROPERTY = "keys";
        static final String USER_ACCESS_TOKENS = "userAccessTokens";
        static final String USER_ACCESS_TOKENS_USERNAME_PROPERTY = "username";
        static final String CONSUMER_TOKENS = "consumerTokens";
        static final String CONSUMER_TOKENS_CONSUMER_KEY_PROPERTY = "consumerKey";
        private final PluginSettings settings;
        private final Predicate<String> isValidTokenReference;
        private final EventPublisher eventPublisher;

        /* loaded from: input_file:com/atlassian/oauth/serviceprovider/sal/PluginSettingsServiceProviderTokenStore$Settings$IsValidTokenReference.class */
        static final class IsValidTokenReference implements Predicate<String> {
            private final PluginSettings settings;

            IsValidTokenReference(PluginSettings pluginSettings) {
                this.settings = pluginSettings;
            }

            @Override // java.util.function.Predicate
            public boolean test(String str) {
                return this.settings.get(new StringBuilder().append("token.").append(str).toString()) != null;
            }
        }

        Settings(PluginSettings pluginSettings, EventPublisher eventPublisher) {
            this.settings = new PrefixingPluginSettings(new HashingLongPropertyKeysPluginSettings(pluginSettings), ServiceProviderTokenStore.class.getName());
            this.isValidTokenReference = new IsValidTokenReference(this.settings);
            this.eventPublisher = eventPublisher;
        }

        ServiceProviderTokenProperties get(String str) {
            Properties properties = (Properties) this.settings.get("token." + str);
            if (properties == null) {
                return null;
            }
            return new ServiceProviderTokenProperties(properties);
        }

        void put(String str, ServiceProviderTokenProperties serviceProviderTokenProperties) {
            AccessTokenAddedEvent requestTokenAddedEvent;
            this.settings.put("token." + str, serviceProviderTokenProperties.asProperties());
            addTokenKey(str);
            addConsumerToken(serviceProviderTokenProperties.getConsumerKey(), str);
            if (serviceProviderTokenProperties.isAccessToken()) {
                addUserAccessToken(serviceProviderTokenProperties.getUserName(), str);
                requestTokenAddedEvent = new AccessTokenAddedEvent(serviceProviderTokenProperties.getUserName(), serviceProviderTokenProperties.getConsumerKey());
            } else {
                requestTokenAddedEvent = new RequestTokenAddedEvent(serviceProviderTokenProperties.getUserName(), serviceProviderTokenProperties.getConsumerKey());
            }
            this.eventPublisher.publish(requestTokenAddedEvent);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void remove(String str) {
            AccessTokenRemovedEvent requestTokenRemovedEvent;
            ServiceProviderTokenProperties serviceProviderTokenProperties = get(str);
            if (serviceProviderTokenProperties == null) {
                return;
            }
            this.settings.remove("token." + str);
            removeTokenKey(str);
            removeConsumerToken(serviceProviderTokenProperties.getConsumerKey(), str);
            String userName = serviceProviderTokenProperties.getUserName();
            if (serviceProviderTokenProperties.isAccessToken()) {
                removeUserAccessToken(userName, str);
                requestTokenRemovedEvent = new AccessTokenRemovedEvent(userName, serviceProviderTokenProperties.getConsumerKey());
            } else {
                requestTokenRemovedEvent = new RequestTokenRemovedEvent(userName, serviceProviderTokenProperties.getConsumerKey());
            }
            this.eventPublisher.publish(requestTokenRemovedEvent);
        }

        Set<String> getTokenKeys(Predicate<String> predicate) {
            return getTokenKeySet(TOKEN_KEYS, predicate);
        }

        private void putTokenKeys(Iterable<String> iterable) {
            putTokenKeySet(TOKEN_KEYS, iterable);
        }

        private void addTokenKey(String str) {
            Set<String> tokenKeys = getTokenKeys(validTokenReferences());
            tokenKeys.add(str);
            putTokenKeys(tokenKeys);
        }

        private void removeTokenKey(String str) {
            Set<String> tokenKeys = getTokenKeys(allTokenReferences());
            tokenKeys.remove(str);
            putTokenKeys(tokenKeys);
        }

        Set<String> getUserAccessTokenKeys(String str) {
            return getTokenKeySet("userAccessTokens." + str, validTokenReferences());
        }

        private void putUserAccessTokens(String str, Set<String> set) {
            putTokenKeySet("userAccessTokens." + str, set, USER_ACCESS_TOKENS_USERNAME_PROPERTY, str);
        }

        private void addUserAccessToken(String str, String str2) {
            Set<String> userAccessTokenKeys = getUserAccessTokenKeys(str);
            userAccessTokenKeys.add(str2);
            putUserAccessTokens(str, userAccessTokenKeys);
        }

        private void removeUserAccessToken(String str, String str2) {
            Set<String> userAccessTokenKeys = getUserAccessTokenKeys(str);
            userAccessTokenKeys.remove(str2);
            putUserAccessTokens(str, userAccessTokenKeys);
        }

        Set<String> getConsumerTokens(String str, Predicate<String> predicate) {
            return getTokenKeySet("consumerTokens." + str, predicate);
        }

        private void putConsumerTokens(String str, Iterable<String> iterable) {
            putTokenKeySet("consumerTokens." + str, iterable, CONSUMER_TOKENS_CONSUMER_KEY_PROPERTY, str);
        }

        private void addConsumerToken(String str, String str2) {
            Set<String> consumerTokens = getConsumerTokens(str, validTokenReferences());
            consumerTokens.add(str2);
            putConsumerTokens(str, consumerTokens);
        }

        private void removeConsumerToken(String str, String str2) {
            Set<String> consumerTokens = getConsumerTokens(str, allTokenReferences());
            consumerTokens.remove(str2);
            putConsumerTokens(str, consumerTokens);
        }

        private Set<String> getTokenKeySet(String str, Predicate<String> predicate) {
            String str2;
            Object obj = this.settings.get(str);
            if (obj == null) {
                return new HashSet();
            }
            if (obj instanceof String) {
                str2 = (String) obj;
            } else {
                if (!(obj instanceof Properties)) {
                    throw new IllegalStateException("unexpected value of class " + obj.getClass() + " for key " + str);
                }
                str2 = (String) ((Properties) obj).get(KEY_LIST_PROPERTY);
            }
            return StringUtils.isBlank(str2) ? new HashSet() : (Set) Arrays.stream(str2.split("/")).map(Functions.KEY_DECODER).filter(predicate).collect(Collectors.toSet());
        }

        private String toDelimitedString(Iterable<String> iterable) {
            return (String) StreamSupport.stream(iterable.spliterator(), false).map(Functions.KEY_ENCODER).collect(Collectors.joining("/"));
        }

        private void putTokenKeySet(String str, Iterable<String> iterable) {
            this.settings.put(str, toDelimitedString(iterable));
        }

        private void putTokenKeySet(String str, Iterable<String> iterable, String str2, String str3) {
            String delimitedString = toDelimitedString(iterable);
            Properties properties = new Properties();
            properties.put(KEY_LIST_PROPERTY, delimitedString);
            properties.put(str2, str3);
            this.settings.put(str, properties);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Predicate<String> validTokenReferences() {
            return this.isValidTokenReference;
        }

        private Predicate<String> allTokenReferences() {
            return str -> {
                return true;
            };
        }
    }

    public PluginSettingsServiceProviderTokenStore(PluginSettingsFactory pluginSettingsFactory, ServiceProviderConsumerStore serviceProviderConsumerStore, UserManager userManager, Clock clock, EventPublisher eventPublisher) {
        this.eventPublisher = eventPublisher;
        this.pluginSettingsFactory = (PluginSettingsFactory) Objects.requireNonNull(pluginSettingsFactory, "factory");
        this.consumerStore = (ServiceProviderConsumerStore) Objects.requireNonNull(serviceProviderConsumerStore, "consumerStore");
        this.userManager = (UserManager) Objects.requireNonNull(userManager, "userManager");
        this.clock = (Clock) Objects.requireNonNull(clock, "clock");
    }

    public ServiceProviderToken get(String str) {
        return get(str, resolveUser());
    }

    ServiceProviderToken get(String str, Function<String, Principal> function) {
        Objects.requireNonNull(str, "token");
        ServiceProviderTokenProperties serviceProviderTokenProperties = settings().get(str);
        if (serviceProviderTokenProperties == null) {
            return null;
        }
        Principal principal = null;
        if (serviceProviderTokenProperties.getUserName() != null) {
            try {
                principal = function.apply(serviceProviderTokenProperties.getUserName());
                if (principal == null) {
                    removeAndNotify(str);
                    throw new InvalidTokenException("Unknown user " + serviceProviderTokenProperties.getUserName());
                }
            } catch (UserResolutionException e) {
                throw new InvalidTokenException("Unknown user " + serviceProviderTokenProperties.getUserName(), e);
            }
        } else if (serviceProviderTokenProperties.isAccessToken()) {
            throw new StoreException("Token '" + str + "' is an access token, but has no user associated with it");
        }
        if (serviceProviderTokenProperties.isAccessToken()) {
            return ServiceProviderToken.newAccessToken(str).tokenSecret(serviceProviderTokenProperties.getTokenSecret()).consumer(this.consumerStore.get(serviceProviderTokenProperties.getConsumerKey())).authorizedBy(principal).creationTime(serviceProviderTokenProperties.getCreationTime()).timeToLive(serviceProviderTokenProperties.getTimeToLive()).properties(serviceProviderTokenProperties.getProperties()).session(serviceProviderTokenProperties.getSession()).build();
        }
        ServiceProviderToken.ServiceProviderTokenBuilder properties = ServiceProviderToken.newRequestToken(str).tokenSecret(serviceProviderTokenProperties.getTokenSecret()).consumer(this.consumerStore.get(serviceProviderTokenProperties.getConsumerKey())).callback(serviceProviderTokenProperties.getCallback()).creationTime(serviceProviderTokenProperties.getCreationTime()).timeToLive(serviceProviderTokenProperties.getTimeToLive()).version(serviceProviderTokenProperties.getVersion() == null ? serviceProviderTokenProperties.getCallback() == null ? ServiceProviderToken.Version.V_1_0 : ServiceProviderToken.Version.V_1_0_A : serviceProviderTokenProperties.getVersion()).properties(serviceProviderTokenProperties.getProperties());
        if (serviceProviderTokenProperties.getAuthorization() == ServiceProviderToken.Authorization.AUTHORIZED) {
            properties.authorizedBy(principal).verifier(serviceProviderTokenProperties.getVerifier());
        } else if (serviceProviderTokenProperties.getAuthorization() == ServiceProviderToken.Authorization.DENIED) {
            properties.deniedBy(principal);
        }
        return properties.build();
    }

    public Iterable<ServiceProviderToken> getAccessTokensForUser(String str) {
        return (Iterable) settings().getUserAccessTokenKeys(str).stream().map(toTokens(resolveUser())).collect(Collectors.toList());
    }

    public ServiceProviderToken put(ServiceProviderToken serviceProviderToken) {
        Objects.requireNonNull(serviceProviderToken, "token");
        settings().put(serviceProviderToken.getToken(), new ServiceProviderTokenProperties(serviceProviderToken));
        return serviceProviderToken;
    }

    public void removeAndNotify(String str) {
        Objects.requireNonNull(str, "token");
        settings().remove(str);
    }

    public void removeExpiredTokensAndNotify() {
        removeTokens(hasExpired());
    }

    public void removeExpiredSessionsAndNotify() {
        removeTokens(hasExpiredSession());
    }

    private void removeTokens(Predicate<ServiceProviderToken> predicate) {
        Settings settings = settings();
        ((List) settings.getTokenKeys(settings.validTokenReferences()).stream().map(toTokens(doNotResolveUser())).filter(predicate).collect(Collectors.toList())).forEach(serviceProviderToken -> {
            settings.remove(serviceProviderToken.getToken());
        });
    }

    public void removeByConsumer(String str) {
        Settings settings = settings();
        ((List) settings.getConsumerTokens(str, settings.validTokenReferences()).stream().map(toTokens(doNotResolveUser())).collect(Collectors.toList())).forEach(serviceProviderToken -> {
            settings.remove(serviceProviderToken.getToken());
        });
    }

    private Function<String, Principal> resolveUser() {
        return str -> {
            try {
                return this.userManager.resolve(str);
            } catch (UserResolutionException e) {
                throw new InvalidTokenException("Unknown user " + str, e);
            }
        };
    }

    private Function<String, Principal> doNotResolveUser() {
        return str -> {
            return () -> {
                return str;
            };
        };
    }

    private Function<String, ServiceProviderToken> toTokens(Function<String, Principal> function) {
        return new KeyToToken(function);
    }

    private Predicate<ServiceProviderToken> hasExpired() {
        return new HasExpired(this.clock);
    }

    private Predicate<ServiceProviderToken> hasExpiredSession() {
        return new HasExpiredSession(this.clock);
    }

    private Settings settings() {
        return new Settings(this.pluginSettingsFactory.createGlobalSettings(), this.eventPublisher);
    }
}
