package com.atlassian.applinks.oauth.auth;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.AuthorisationAdminURIGenerator;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.core.rest.context.CurrentContext;
import com.atlassian.applinks.core.util.RequestUtil;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.HostApplication;
import com.atlassian.applinks.internal.common.auth.oauth.ConsumerTokenStoreService;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.oauth.ServiceProvider;
import com.atlassian.oauth.consumer.ConsumerService;
import com.atlassian.oauth.consumer.ConsumerToken;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.velocity.htmlsafe.HtmlSafe;
import com.google.common.base.Preconditions;
import java.net.URI;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-5.4.4.jar:com/atlassian/applinks/oauth/auth/ThreeLeggedOAuthRequestFactoryImpl.class */
public class ThreeLeggedOAuthRequestFactoryImpl implements ApplicationLinkRequestFactory, AuthorisationAdminURIGenerator {
    private static final String OAUTH_ACCESS_TOKENS_ADMIN_SERVLET_LOCATION = "/plugins/servlet/oauth/users/access-tokens";
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ApplicationLink applicationLink;
    private final ConsumerService consumerService;
    private final ConsumerTokenStoreService consumerTokenStoreService;
    private final RequestFactory requestFactory;
    private final UserManager userManager;
    private final HostApplication hostApplication;

    public ThreeLeggedOAuthRequestFactoryImpl(ApplicationLink applicationLink, AuthenticationConfigurationManager authenticationConfigurationManager, ConsumerService consumerService, ConsumerTokenStoreService consumerTokenStoreService, RequestFactory requestFactory, UserManager userManager, HostApplication hostApplication) {
        this.applicationLink = (ApplicationLink) Preconditions.checkNotNull(applicationLink);
        this.authenticationConfigurationManager = (AuthenticationConfigurationManager) Preconditions.checkNotNull(authenticationConfigurationManager);
        this.consumerService = (ConsumerService) Preconditions.checkNotNull(consumerService);
        this.consumerTokenStoreService = (ConsumerTokenStoreService) Preconditions.checkNotNull(consumerTokenStoreService);
        this.requestFactory = (RequestFactory) Preconditions.checkNotNull(requestFactory);
        this.userManager = (UserManager) Preconditions.checkNotNull(userManager);
        this.hostApplication = (HostApplication) Preconditions.checkNotNull(hostApplication);
    }

    public ApplicationLinkRequest createRequest(Request.MethodType methodType, String str) throws CredentialsRequiredException {
        Map configuration = this.authenticationConfigurationManager.getConfiguration(this.applicationLink.getId(), OAuthAuthenticationProvider.class);
        if (configuration == null) {
            throw new IllegalStateException(String.format("OAuth Authentication is not configured for application link %s", this.applicationLink));
        }
        ServiceProvider serviceProvider = ServiceProviderUtil.getServiceProvider((Map<String, String>) configuration, this.applicationLink);
        Request createRequest = this.requestFactory.createRequest(methodType, str);
        String str2 = (String) Preconditions.checkNotNull(this.userManager.getRemoteUsername(), "You have to be logged in to use oauth authentication.");
        return new ThreeLeggedOAuthRequest(str, methodType, createRequest, serviceProvider, this.consumerService, retrieveConsumerToken(str2), this.consumerTokenStoreService, this.applicationLink.getId(), str2);
    }

    private ConsumerToken retrieveConsumerToken(String str) throws CredentialsRequiredException {
        ConsumerToken consumerToken = this.consumerTokenStoreService.getConsumerToken(this.applicationLink, str);
        if (consumerToken == null || consumerToken.isRequestToken()) {
            throw new CredentialsRequiredException(this, "You do not have an authorized access token for the remote resource.");
        }
        return consumerToken;
    }

    @HtmlSafe
    public URI getAuthorisationURI() {
        HttpServletRequest httpServletRequest = CurrentContext.getHttpServletRequest();
        return URIUtil.uncheckedConcatenate(httpServletRequest != null ? RequestUtil.getBaseURLFromRequest(httpServletRequest, this.hostApplication.getBaseUrl()) : this.hostApplication.getBaseUrl(), "/plugins/servlet/applinks/oauth/login-dance/authorize?applicationLinkID=" + URIUtil.utf8Encode(this.applicationLink.getId().get()));
    }

    @HtmlSafe
    public URI getAuthorisationURI(URI uri) {
        return URIUtil.uncheckedToUri(getAuthorisationURI().toString() + "&redirectUrl=" + URIUtil.utf8Encode((URI) Preconditions.checkNotNull(uri)));
    }

    @HtmlSafe
    public URI getAuthorisationAdminURI() {
        return URIUtil.uncheckedConcatenate(this.applicationLink.getDisplayUrl(), "/plugins/servlet/oauth/users/access-tokens");
    }
}
