package com.atlassian.jira.user.util;

import com.atlassian.core.util.Clock;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.embedded.api.UserWithAttributes;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.RealClock;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import com.atlassian.security.utils.ConstantTimeComparison;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/user/util/PasswordResetTokenBuilder.class */
class PasswordResetTokenBuilder {
    private static final Logger log = LoggerFactory.getLogger(PasswordResetTokenBuilder.class);
    private static final int TOKEN_EXPIRY_HOURS = 24;
    private static final String PASSWORD_RESET_REQUEST_TOKEN = "password.reset.request.token";
    private static final String PASSWORD_RESET_REQUEST_EXPIRY = "password.reset.request.expiry";
    private final Clock clock;
    private final CrowdService crowdService;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PasswordResetTokenBuilder(CrowdService crowdService) {
        this(RealClock.getInstance(), crowdService);
    }

    PasswordResetTokenBuilder(Clock clock, CrowdService crowdService) {
        this.clock = clock;
        this.crowdService = crowdService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserUtil.PasswordResetToken generateToken(final ApplicationUser applicationUser) {
        Assertions.notNull("user", applicationUser);
        final String genSecureToken = genSecureToken();
        final long genExpiryTime = genExpiryTime();
        recordToken(applicationUser, genSecureToken, genExpiryTime);
        return new UserUtil.PasswordResetToken() { // from class: com.atlassian.jira.user.util.PasswordResetTokenBuilder.1
            public ApplicationUser getUser() {
                return applicationUser;
            }

            public String getToken() {
                return genSecureToken;
            }

            public int getExpiryHours() {
                return 24;
            }

            public long getExpiryTime() {
                return genExpiryTime;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserUtil.PasswordResetTokenValidation.Status validateToken(ApplicationUser applicationUser, String str) {
        Assertions.notNull("user", applicationUser);
        String storedToken = getStoredToken(applicationUser);
        return (storedToken == null || str == null) ? UserUtil.PasswordResetTokenValidation.Status.EXPIRED : ConstantTimeComparison.isEqual(storedToken, str) ? UserUtil.PasswordResetTokenValidation.Status.OK : UserUtil.PasswordResetTokenValidation.Status.UNEQUAL;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetToken(ApplicationUser applicationUser) {
        recordTokenImpl(applicationUser, null, null);
    }

    private String genSecureToken() {
        return DefaultSecureTokenGenerator.getInstance().generateToken();
    }

    private String getStoredToken(ApplicationUser applicationUser) {
        UserWithAttributes userWithAttributes = this.crowdService.getUserWithAttributes(applicationUser.getName());
        String value = userWithAttributes.getValue(PASSWORD_RESET_REQUEST_EXPIRY);
        if (value == null) {
            return null;
        }
        if (now().getMillis() > Long.parseLong(value)) {
            return null;
        }
        return userWithAttributes.getValue(PASSWORD_RESET_REQUEST_TOKEN);
    }

    private long genExpiryTime() {
        return now().plusHours(24).getMillis();
    }

    private DateTime now() {
        return new DateTime(this.clock.getCurrentDate().getTime(), DateTimeZone.UTC);
    }

    private void recordToken(ApplicationUser applicationUser, String str, long j) {
        recordTokenImpl(applicationUser, str, String.valueOf(j));
    }

    private void recordTokenImpl(ApplicationUser applicationUser, String str, String str2) {
        try {
            if (str == null) {
                this.crowdService.removeUserAttribute(applicationUser.getDirectoryUser(), PASSWORD_RESET_REQUEST_EXPIRY);
                this.crowdService.removeUserAttribute(applicationUser.getDirectoryUser(), PASSWORD_RESET_REQUEST_TOKEN);
            } else {
                this.crowdService.setUserAttribute(applicationUser.getDirectoryUser(), PASSWORD_RESET_REQUEST_EXPIRY, str2);
                this.crowdService.setUserAttribute(applicationUser.getDirectoryUser(), PASSWORD_RESET_REQUEST_TOKEN, str);
            }
        } catch (OperationNotPermittedException e) {
            log.error(e.getMessage(), e);
        }
    }
}
