package com.atlassian.mail.auth;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.mail.server.auth.AuthenticationContext;
import com.atlassian.mail.server.auth.Credentials;
import com.atlassian.oauth2.client.api.ClientTokenMetadata;
import com.atlassian.oauth2.client.api.storage.TokenHandler;
import com.atlassian.oauth2.client.api.storage.token.ClientTokenEntity;
import com.atlassian.oauth2.client.api.storage.token.ClientTokenStorageService;
import com.atlassian.oauth2.client.api.storage.token.exception.RecoverableTokenException;
import com.atlassian.oauth2.client.api.storage.token.exception.UnrecoverableTokenException;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import javax.mail.AuthenticationFailedException;
import javax.mail.MessagingException;
import javax.mail.Service;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/atlassian/mail/auth/JiraOauth2AuthenticationContext.class */
public class JiraOauth2AuthenticationContext implements AuthenticationContext {
    private final JiraMailOAuth2Credentials credentials;
    private final EventPublisher eventPublisher;
    static final Map<String, String> XOAUTH2_CONFIG = ImmutableMap.of("mail.imap.ssl.enable", "true", "mail.pop3s.ssl.enable", "true", "mail.imaps.auth.mechanisms", "XOAUTH2", "mail.pop3s.auth.mechanisms", "XOAUTH2");
    private static final Logger log = LoggerFactory.getLogger(JiraOauth2AuthenticationContext.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public JiraOauth2AuthenticationContext(JiraMailOAuth2Credentials jiraMailOAuth2Credentials) {
        if (jiraMailOAuth2Credentials == null) {
            throw new IllegalArgumentException("Can not be instantiated for null credentials");
        }
        this.credentials = jiraMailOAuth2Credentials;
        this.eventPublisher = (EventPublisher) ComponentAccessor.getComponent(EventPublisher.class);
    }

    @NotNull
    public Credentials getCredentials() {
        return this.credentials;
    }

    public boolean isAuthenticating() {
        return this.credentials.getUserName() != null;
    }

    public Properties preparePropertiesForSession(Properties properties) {
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        properties2.putAll((Map) this.credentials.getProperties().orElseGet(Properties::new));
        Map<String, String> map = XOAUTH2_CONFIG;
        Objects.requireNonNull(properties2);
        map.forEach(properties2::setProperty);
        return properties2;
    }

    public void connectService(Service service) throws MessagingException {
        log.debug("Connecting to service {} using XOAUTH2.", service.getURLName());
        try {
            connectUsingToken(service, this.credentials.getUserName(), this.credentials.getAccessToken());
        } catch (AuthenticationFailedException e) {
            log.debug("XOAUTH2 authentication to service {} failed. Trying to recover.", service.getURLName());
            recoverOrRethrow(service, e);
        }
    }

    private void recoverOrRethrow(Service service, AuthenticationFailedException authenticationFailedException) throws MessagingException {
        String tokenId = this.credentials.getTokenId();
        if (isTokenRecoverable(tokenId)) {
            Optional<String> refreshAccessToken = refreshAccessToken(tokenId);
            if (refreshAccessToken.isPresent()) {
                connectUsingToken(service, this.credentials.getUserName(), refreshAccessToken.get());
                return;
            }
            log.debug("Won't connect to service {}. Token recovery failed.", service.getURLName());
        } else {
            log.debug("Won't connect to service {}. Invalid XOAUTH2 token.", service.getURLName());
            publishUnrecoverableTokenEvent(tokenId);
        }
        throw authenticationFailedException;
    }

    private void connectUsingToken(Service service, String str, String str2) throws MessagingException {
        service.connect(str, str2);
        log.debug("Successful XOAUTH2 authentication to service {}.", service.getURLName());
    }

    private Optional<String> refreshAccessToken(String str) {
        try {
            return Optional.ofNullable(((TokenHandler) ComponentAccessor.getOSGiComponentInstanceOfType(TokenHandler.class)).getRefreshedToken(str)).map((v0) -> {
                return v0.getAccessToken();
            });
        } catch (UnrecoverableTokenException e) {
            publishUnrecoverableTokenEvent(str);
            log.debug("Access token can not be refreshed.", e);
            return Optional.empty();
        } catch (RecoverableTokenException e2) {
            log.debug("Access token can not be refreshed.", e2);
            return Optional.empty();
        }
    }

    private boolean isTokenRecoverable(String str) {
        Optional byId = ((ClientTokenStorageService) ComponentAccessor.getOSGiComponentInstanceOfType(ClientTokenStorageService.class)).getById(str);
        return byId.isPresent() && !ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE.equals(((ClientTokenEntity) byId.get()).getStatus());
    }

    private void publishUnrecoverableTokenEvent(String str) {
        this.eventPublisher.publish(new JiraOAuth2TokenUnrecoverableEvent(str));
    }
}
