package com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.rest;

import com.atlassian.bitbucket.jenkins.internal.applink.oauth.OAuthConverter;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.consumer.Consumer;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.consumer.ServiceProviderConsumerStore;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderToken;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderTokenFactory;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token.ServiceProviderTokenStore;
import com.atlassian.bitbucket.jenkins.internal.applink.oauth.util.OAuthProblemUtils;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.apache.http.protocol.HTTP;

@Singleton
/* loaded from: input_file:WEB-INF/lib/atlassian-bitbucket-server-integration.jar:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/rest/RequestTokenRestEndpoint.class */
public class RequestTokenRestEndpoint {
    public static final String INVALID_CALLBACK_ADVICE = "As per OAuth spec version 1.0 Revision A Section 6.1 <http://oauth.net/core/1.0a#auth_step1>, the oauth_callback parameter is required and must be either a valid, absolute URI using the http or https scheme, or 'oob' if the callback has been established out of band. The following invalid URI was supplied '%s'";
    public static final String REQUEST_TOKEN_PATH_END = "request-token";
    private static final Logger LOGGER = Logger.getLogger(RequestTokenRestEndpoint.class.getName());
    private OAuthValidator oAuthValidator;
    private ServiceProviderConsumerStore consumerStore;
    private ServiceProviderTokenFactory tokenFactory;
    private ServiceProviderTokenStore tokenStore;

    @Inject
    public RequestTokenRestEndpoint(OAuthValidator oAuthValidator, ServiceProviderConsumerStore serviceProviderConsumerStore, ServiceProviderTokenFactory serviceProviderTokenFactory, ServiceProviderTokenStore serviceProviderTokenStore) {
        this.oAuthValidator = oAuthValidator;
        this.consumerStore = serviceProviderConsumerStore;
        this.tokenFactory = serviceProviderTokenFactory;
        this.tokenStore = serviceProviderTokenStore;
    }

    public void handleRequestToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
            message.requireParameters(OAuth.OAUTH_CONSUMER_KEY);
            Consumer orElseThrow = this.consumerStore.get(message.getConsumerKey()).orElseThrow(() -> {
                return new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
            });
            try {
                this.oAuthValidator.validateMessage(message, new OAuthAccessor(OAuthConverter.toOAuthConsumer(orElseThrow)));
                URI uri = null;
                if (message.getParameter("oauth_callback") != null) {
                    uri = callbackToUri(message.getParameter("oauth_callback"));
                }
                ServiceProviderToken put = this.tokenStore.put(uri == null ? this.tokenFactory.generateRequestToken(orElseThrow) : this.tokenFactory.generateRequestToken(orElseThrow, uri));
                httpServletResponse.setContentType(HTTP.PLAIN_TEXT_TYPE);
                OAuth.formEncode(Arrays.asList(new OAuth.Parameter("oauth_token", put.getToken()), new OAuth.Parameter(OAuth.OAUTH_TOKEN_SECRET, put.getTokenSecret()), new OAuth.Parameter(OAuth.OAUTH_CALLBACK_CONFIRMED, "true")), httpServletResponse.getOutputStream());
            } catch (OAuthProblemException e) {
                OAuthProblemUtils.logOAuthProblem(message, e, LOGGER);
                throw e;
            }
        } catch (Exception e2) {
            OAuthServlet.handleException(httpServletResponse, e2, httpServletRequest.getRequestURL().toString(), true);
        }
    }

    @CheckForNull
    private URI callbackToUri(String str) throws OAuthProblemException {
        if (str.equals("oob")) {
            return null;
        }
        try {
            URI uri = new URI(str);
            if (ServiceProviderToken.isValidCallback(uri)) {
                return uri;
            }
            LOGGER.log(Level.SEVERE, "Invalid callback URI '%s'", str);
            OAuthProblemException oAuthProblemException = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
            oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, "oauth_callback");
            oAuthProblemException.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, String.format(INVALID_CALLBACK_ADVICE, str));
            throw oAuthProblemException;
        } catch (URISyntaxException e) {
            LOGGER.log(Level.SEVERE, "Unable to parse callback URI '%s'", str);
            OAuthProblemException oAuthProblemException2 = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
            oAuthProblemException2.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, "oauth_callback");
            oAuthProblemException2.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, String.format(INVALID_CALLBACK_ADVICE, str));
            throw oAuthProblemException2;
        }
    }
}
