package com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token;

import com.atlassian.bitbucket.jenkins.internal.applink.oauth.Randomizer;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.consumer.Consumer;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.exception.InvalidTokenException;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderToken;
import java.net.URI;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;
import net.oauth.OAuthMessage;
import org.apache.commons.lang3.StringUtils;

@Singleton
/* loaded from: input_file:WEB-INF/lib/atlassian-bitbucket-server-integration.jar:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderTokenFactoryImpl.class */
public class ServiceProviderTokenFactoryImpl implements ServiceProviderTokenFactory {
    private static final int ACCESS_TOKEN_SESSION_LENGTH_BYTES = 80;
    private static final int TOKEN_SECRET_LENGTH_BYTES = 80;
    private static final Logger log = Logger.getLogger(ServiceProviderTokenFactoryImpl.class.getName());
    private final Randomizer randomizer;

    /* loaded from: input_file:WEB-INF/lib/atlassian-bitbucket-server-integration.jar:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderTokenFactoryImpl$RequestTokenGenerationRequest.class */
    public static final class RequestTokenGenerationRequest {
        private final Consumer consumer;
        private final URI callback;
        private final OAuthMessage message;

        /* loaded from: input_file:WEB-INF/lib/atlassian-bitbucket-server-integration.jar:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderTokenFactoryImpl$RequestTokenGenerationRequest$Builder.class */
        public static final class Builder {
            private final Consumer consumer;
            private URI callback;
            private OAuthMessage message;

            public Builder(Consumer consumer) {
                this.consumer = (Consumer) Objects.requireNonNull(consumer, "consumer");
            }

            public Builder callback(URI uri) {
                this.callback = uri;
                return this;
            }

            public Builder message(OAuthMessage oAuthMessage) {
                this.message = oAuthMessage;
                return this;
            }

            public RequestTokenGenerationRequest build() {
                return new RequestTokenGenerationRequest(this);
            }
        }

        private RequestTokenGenerationRequest(Builder builder) {
            this.consumer = builder.consumer;
            this.callback = builder.callback;
            this.message = builder.message;
        }

        public Consumer getConsumer() {
            return this.consumer;
        }

        public Optional<URI> getCallback() {
            return Optional.ofNullable(this.callback);
        }

        public Optional<OAuthMessage> getMessage() {
            return Optional.ofNullable(this.message);
        }
    }

    @Inject
    public ServiceProviderTokenFactoryImpl(Randomizer randomizer) {
        this.randomizer = randomizer;
    }

    @Override // com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderTokenFactory
    public ServiceProviderToken generateAccessToken(ServiceProviderToken serviceProviderToken) {
        Objects.requireNonNull(serviceProviderToken, "requestToken");
        if (serviceProviderToken.isAccessToken()) {
            log.warning("Token is not a request token: " + serviceProviderToken);
            throw new InvalidTokenException("Token is not a request token");
        }
        if (serviceProviderToken.getUser() == null || StringUtils.isBlank(serviceProviderToken.getVerifier())) {
            log.warning("Request token is not authorized: " + serviceProviderToken);
            throw new InvalidTokenException("Request token is not authorized");
        }
        if (log.isLoggable(Level.FINE)) {
            log.fine(String.format("Request token '%s' was used to generate an access token", serviceProviderToken));
        }
        return ServiceProviderToken.newAccessToken(UUID.randomUUID().toString()).callback(serviceProviderToken.getCallback()).consumer(serviceProviderToken.getConsumer()).creationTime(System.currentTimeMillis()).tokenSecret(this.randomizer.randomUrlSafeString(80)).authorizedBy(serviceProviderToken.getUser()).verifier(serviceProviderToken.getVerifier()).session(newSession(serviceProviderToken)).build();
    }

    @Override // com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderTokenFactory
    public ServiceProviderToken generateRequestToken(Consumer consumer) {
        Objects.requireNonNull(consumer, "consumer");
        return ServiceProviderToken.newRequestToken(UUID.randomUUID().toString()).consumer(consumer).creationTime(System.currentTimeMillis()).tokenSecret(this.randomizer.randomUrlSafeString(80)).build();
    }

    @Override // com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderTokenFactory
    public ServiceProviderToken generateRequestToken(Consumer consumer, URI uri) {
        Objects.requireNonNull(consumer, "consumer");
        Objects.requireNonNull(uri, "callback");
        return ServiceProviderToken.newRequestToken(UUID.randomUUID().toString()).callback(uri).consumer(consumer).creationTime(System.currentTimeMillis()).tokenSecret(this.randomizer.randomUrlSafeString(80)).build();
    }

    private ServiceProviderToken.Session newSession(ServiceProviderToken serviceProviderToken) {
        ServiceProviderToken.Session.Builder newSession = ServiceProviderToken.Session.newSession(this.randomizer.randomUrlSafeString(80));
        if (serviceProviderToken.getSession() != null) {
            newSession.creationTime(serviceProviderToken.getSession().getCreationTime());
        }
        return newSession.build();
    }
}
