package com.atlassian.bitbucket.jenkins.internal.applink.oauth.serviceprovider.token;

import com.atlassian.bitbucket.jenkins.internal.applink.oauth.Token;
import com.atlassian.bitbucket.jenkins.internal.util.SystemPropertiesConstants;
import com.atlassian.bitbucket.jenkins.internal.util.SystemPropertyUtils;
import com.google.common.base.Preconditions;
import java.net.URI;
import java.time.Clock;
import java.util.Objects;
import javax.annotation.Nullable;
import net.jcip.annotations.Immutable;
import org.apache.commons.lang3.StringUtils;

@Immutable
/* loaded from: input_file:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderToken.class */
public final class ServiceProviderToken extends Token {
    public static final long DEFAULT_REQUEST_TOKEN_TTL = SystemPropertyUtils.parsePositiveLongFromSystemProperty(SystemPropertiesConstants.DEFAULT_OAUTH_REQUEST_TOKEN_TTL_KEY, 600000);
    public static final long DEFAULT_ACCESS_TOKEN_TTL = SystemPropertyUtils.parsePositiveLongFromSystemProperty(SystemPropertiesConstants.DEFAULT_OAUTH_ACCESS_TOKEN_TTL_KEY, 157680000000L);
    public static final long DEFAULT_SESSION_TTL = SystemPropertyUtils.parsePositiveLongFromSystemProperty(SystemPropertiesConstants.DEFAULT_OAUTH_SESSION_TTL_KEY, DEFAULT_ACCESS_TOKEN_TTL + 2592000000L);
    private final Authorization authorization;
    private final String user;
    private final String verifier;
    private final long creationTime;
    private final long timeToLive;
    private final URI callback;
    private final Session session;

    /* loaded from: input_file:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderToken$Authorization.class */
    public enum Authorization {
        NONE,
        AUTHORIZED,
        DENIED
    }

    /* loaded from: input_file:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderToken$ServiceProviderTokenBuilder.class */
    public static final class ServiceProviderTokenBuilder extends Token.TokenBuilder<ServiceProviderToken, ServiceProviderTokenBuilder> {
        private Authorization authorization;
        private String user;
        private String verifier;
        private long creationTime;
        private long timeToLive;
        private URI callback;
        private Session session;

        private ServiceProviderTokenBuilder(Token.Type type, String str) {
            super(type, str);
            if (type == Token.Type.ACCESS) {
                this.timeToLive = ServiceProviderToken.DEFAULT_ACCESS_TOKEN_TTL;
                this.authorization = Authorization.AUTHORIZED;
            } else {
                this.timeToLive = ServiceProviderToken.DEFAULT_REQUEST_TOKEN_TTL;
                this.authorization = Authorization.NONE;
            }
        }

        public ServiceProviderTokenBuilder authorizedBy(String str) {
            this.user = str;
            this.authorization = Authorization.AUTHORIZED;
            return this;
        }

        public ServiceProviderTokenBuilder deniedBy(String str) {
            this.user = str;
            this.authorization = Authorization.DENIED;
            return this;
        }

        public ServiceProviderTokenBuilder verifier(String str) {
            this.verifier = str;
            return this;
        }

        public ServiceProviderTokenBuilder creationTime(long j) {
            this.creationTime = j;
            return this;
        }

        public ServiceProviderTokenBuilder timeToLive(long j) {
            this.timeToLive = j;
            return this;
        }

        public ServiceProviderTokenBuilder callback(@Nullable URI uri) {
            this.callback = uri;
            return this;
        }

        public ServiceProviderTokenBuilder session(Session session) {
            this.session = session;
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.atlassian.bitbucket.jenkins.internal.applink.oauth.Token.TokenBuilder
        public ServiceProviderToken build() {
            if (this.creationTime == 0) {
                this.creationTime = System.currentTimeMillis();
            }
            return new ServiceProviderToken(this);
        }
    }

    /* loaded from: input_file:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderToken$Session.class */
    public static final class Session {
        private final String handle;
        private final long creationTime;
        private final long lastRenewalTime;
        private final long timeToLive;

        /* loaded from: input_file:com/atlassian/bitbucket/jenkins/internal/applink/oauth/serviceprovider/token/ServiceProviderToken$Session$Builder.class */
        public static final class Builder {
            private final String handle;
            private long creationTime = System.currentTimeMillis();
            private long lastRenewalTime = this.creationTime;
            private long timeToLive = ServiceProviderToken.DEFAULT_SESSION_TTL;

            Builder(String str) {
                Objects.requireNonNull(str);
                this.handle = str;
            }

            public Builder creationTime(long j) {
                this.creationTime = j;
                return this;
            }

            public Builder lastRenewalTime(long j) {
                this.lastRenewalTime = j;
                return this;
            }

            public Builder timeToLive(long j) {
                this.timeToLive = j;
                return this;
            }

            public Session build() {
                return new Session(this);
            }
        }

        Session(Builder builder) {
            this.handle = builder.handle;
            this.creationTime = builder.creationTime;
            this.lastRenewalTime = builder.lastRenewalTime;
            this.timeToLive = builder.timeToLive;
        }

        public String getHandle() {
            return this.handle;
        }

        public long getCreationTime() {
            return this.creationTime;
        }

        public long getLastRenewalTime() {
            return this.lastRenewalTime;
        }

        public long getTimeToLive() {
            return this.timeToLive;
        }

        public static Builder newSession(String str) {
            return new Builder(str);
        }

        public boolean hasExpired(Clock clock) {
            return clock.millis() - this.lastRenewalTime > this.timeToLive;
        }
    }

    private ServiceProviderToken(ServiceProviderTokenBuilder serviceProviderTokenBuilder) {
        super(serviceProviderTokenBuilder);
        if (isAccessToken()) {
            Preconditions.checkNotNull(serviceProviderTokenBuilder.user, "user must be set for access tokens");
        } else if (serviceProviderTokenBuilder.user != null && serviceProviderTokenBuilder.authorization == Authorization.AUTHORIZED && StringUtils.isBlank(serviceProviderTokenBuilder.verifier)) {
            throw new IllegalArgumentException("verifier MUST NOT be blank if the request token has been authorized");
        }
        if (serviceProviderTokenBuilder.callback != null && !isValidCallback(serviceProviderTokenBuilder.callback)) {
            throw new IllegalArgumentException("callback must be null or a valid, absolute URI using either the http or https scheme");
        }
        this.authorization = serviceProviderTokenBuilder.authorization;
        this.user = serviceProviderTokenBuilder.user;
        this.verifier = serviceProviderTokenBuilder.verifier;
        this.creationTime = serviceProviderTokenBuilder.creationTime;
        this.timeToLive = serviceProviderTokenBuilder.timeToLive;
        this.callback = serviceProviderTokenBuilder.callback;
        this.session = serviceProviderTokenBuilder.session;
    }

    public static ServiceProviderTokenBuilder newRequestToken(String str) {
        return new ServiceProviderTokenBuilder(Token.Type.REQUEST, (String) Preconditions.checkNotNull(str, "token"));
    }

    public static ServiceProviderTokenBuilder newAccessToken(String str) {
        return new ServiceProviderTokenBuilder(Token.Type.ACCESS, (String) Preconditions.checkNotNull(str, "token"));
    }

    public ServiceProviderToken authorize(String str, String str2) {
        Objects.requireNonNull(str, "user");
        if (StringUtils.isBlank(str2)) {
            throw new IllegalArgumentException("verifier");
        }
        if (!isRequestToken()) {
            throw new IllegalStateException("token is not a request token");
        }
        if (hasBeenAuthorized()) {
            throw new IllegalStateException("token has already been authorized");
        }
        if (hasBeenDenied()) {
            throw new IllegalStateException("token has already been denied");
        }
        return newRequestToken(getToken()).tokenSecret(getTokenSecret()).consumer(getConsumer()).authorizedBy(str).verifier(str2).creationTime(this.creationTime).timeToLive(this.timeToLive).properties(getProperties()).callback(this.callback).build();
    }

    public boolean hasBeenAuthorized() {
        return getAuthorization() == Authorization.AUTHORIZED;
    }

    public ServiceProviderToken deny(String str) {
        Preconditions.checkNotNull(str, "user");
        if (!isRequestToken()) {
            throw new IllegalStateException("token is not a request token");
        }
        if (hasBeenAuthorized()) {
            throw new IllegalStateException("token has already been authorized");
        }
        if (hasBeenDenied()) {
            throw new IllegalStateException("token has already been denied");
        }
        return newRequestToken(getToken()).tokenSecret(getTokenSecret()).consumer(getConsumer()).deniedBy(str).creationTime(this.creationTime).timeToLive(this.timeToLive).properties(getProperties()).callback(this.callback).build();
    }

    public boolean hasBeenDenied() {
        return getAuthorization() == Authorization.DENIED;
    }

    public Authorization getAuthorization() {
        return this.authorization;
    }

    @Nullable
    public String getUser() {
        return this.user;
    }

    @Nullable
    public String getVerifier() {
        return this.verifier;
    }

    public long getCreationTime() {
        return this.creationTime;
    }

    public long getTimeToLive() {
        return this.timeToLive;
    }

    public boolean hasExpired(Clock clock) {
        return clock.millis() - this.creationTime > this.timeToLive;
    }

    public URI getCallback() {
        return this.callback;
    }

    public static boolean isValidCallback(URI uri) {
        return uri.isAbsolute() && ("https".equals(uri.getScheme()) || "http".equals(uri.getScheme()));
    }

    public Session getSession() {
        return this.session;
    }

    public boolean hasSession() {
        return this.session != null;
    }
}
