package com.atlassian.oauth2.client.rest.resource.validator;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.oauth2.client.RedirectUriSuffixGenerator;
import com.atlassian.oauth2.client.api.storage.config.ClientConfigStorageService;
import com.atlassian.oauth2.client.api.storage.config.ClientConfigurationEntity;
import com.atlassian.oauth2.client.api.storage.config.ProviderType;
import com.atlassian.oauth2.client.rest.api.RestClientConfiguration;
import com.atlassian.oauth2.client.util.ClientHttpsValidator;
import com.atlassian.oauth2.common.rest.validator.ErrorCollection;
import com.atlassian.oauth2.common.rest.validator.RestValidator;
import com.atlassian.sal.api.message.I18nResolver;
import java.io.Serializable;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.6.jar:com/atlassian/oauth2/client/rest/resource/validator/DefaultClientConfigurationValidator.class */
public class DefaultClientConfigurationValidator extends RestValidator implements ClientConfigurationValidator {

    @VisibleForTesting
    static final List<ProviderType> PROVIDER_TYPES = Arrays.asList(ProviderType.values());
    private final ClientConfigStorageService clientConfigStorageService;
    private final I18nResolver i18nResolver;
    private final ClientHttpsValidator clientHttpsValidator;
    private final RedirectUriSuffixGenerator redirectUriSuffixGenerator;

    @VisibleForTesting
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.6.jar:com/atlassian/oauth2/client/rest/resource/validator/DefaultClientConfigurationValidator$Error.class */
    interface Error {
        public static final String INVALID_TYPE = "oauth2.rest.error.settings.field.type.invalid";
        public static final String INVALID_ENDPOINT = "oauth2.rest.error.settings.endpoint.invalid";
        public static final String INVALID_SUFFIX = "oauth2.rest.error.settings.redirect.suffix.invalid";
        public static final String DUPLICATE_NAME = "oauth2.rest.error.settings.name.duplicated";
    }

    @VisibleForTesting
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.6.jar:com/atlassian/oauth2/client/rest/resource/validator/DefaultClientConfigurationValidator$Field.class */
    interface Field {
        public static final String TYPE = "type";
        public static final String NAME = "name";
        public static final String DESCRIPTION = "description";
        public static final String CLIENT_ID = "clientId";
        public static final String CLIENT_SECRET = "clientSecret";
        public static final String AUTHORIZATION_ENDPOINT = "authorizationEndpoint";
        public static final String TOKEN_ENDPOINT = "tokenEndpoint";
        public static final String SCOPES = "scopes";
        public static final String REDIRECT_URI_SUFFIX = "redirectUriSuffix";
    }

    public DefaultClientConfigurationValidator(ClientConfigStorageService clientConfigStorageService, I18nResolver i18nResolver, ClientHttpsValidator clientHttpsValidator, RedirectUriSuffixGenerator redirectUriSuffixGenerator) {
        super(i18nResolver);
        this.clientConfigStorageService = clientConfigStorageService;
        this.i18nResolver = i18nResolver;
        this.clientHttpsValidator = clientHttpsValidator;
        this.redirectUriSuffixGenerator = redirectUriSuffixGenerator;
    }

    @Override // com.atlassian.oauth2.client.rest.resource.validator.ClientConfigurationValidator
    public ClientConfigurationEntity validateCreate(RestClientConfiguration restClientConfiguration) throws ValidationException {
        return validateClientConfiguration(restClientConfiguration);
    }

    @Override // com.atlassian.oauth2.client.rest.resource.validator.ClientConfigurationValidator
    public ClientConfigurationEntity validateUpdate(RestClientConfiguration restClientConfiguration, ClientConfigurationEntity clientConfigurationEntity) throws ValidationException {
        if (!Objects.isNull(restClientConfiguration.getClientSecret())) {
            return validateClientConfiguration(restClientConfiguration);
        }
        RestClientConfiguration restClientConfiguration2 = new RestClientConfiguration(restClientConfiguration);
        restClientConfiguration2.setClientSecret(clientConfigurationEntity.getClientSecret());
        return validateClientConfiguration(restClientConfiguration2);
    }

    private ClientConfigurationEntity validateClientConfiguration(RestClientConfiguration restClientConfiguration) throws ValidationException {
        ErrorCollection.Builder builder = ErrorCollection.builder();
        ClientConfigurationEntity.Builder scopes = ClientConfigurationEntity.builder().clientId(checkNotTooLong(builder, Field.CLIENT_ID, checkNotEmpty(builder, Field.CLIENT_ID, restClientConfiguration.getClientId()))).name(checkName(builder, restClientConfiguration.getId(), restClientConfiguration.getName())).description(checkNotTooLong(builder, "description", restClientConfiguration.getDescription())).providerType(checkProviderType(builder, restClientConfiguration.getType())).authorizationEndpoint(checkEndpoint(builder, Field.AUTHORIZATION_ENDPOINT, restClientConfiguration.getAuthorizationEndpoint())).tokenEndpoint(checkEndpoint(builder, Field.TOKEN_ENDPOINT, restClientConfiguration.getTokenEndpoint())).clientSecret(checkNotTooLong(builder, Field.CLIENT_SECRET, checkNotEmpty(builder, Field.CLIENT_SECRET, restClientConfiguration.getClientSecret()))).scopes(checkScopes(builder, restClientConfiguration.getScopes()));
        checkRedirectUriSuffix(builder, restClientConfiguration);
        throwOnError(builder);
        return scopes.build();
    }

    private ProviderType checkProviderType(ErrorCollection.Builder builder, String str) {
        Optional<ProviderType> optional = ProviderType.get(str);
        checkField(builder, "type", optional.isPresent(), () -> {
            return this.i18nResolver.getText(Error.INVALID_TYPE, "type", (Serializable) PROVIDER_TYPES, str);
        });
        return optional.orElse(null);
    }

    private String checkEndpoint(ErrorCollection.Builder builder, String str, String str2) {
        checkNotTooLong(builder, str, str2);
        if (builder.hasNoErrors()) {
            checkField(builder, str, this.clientHttpsValidator.isSecure(str2) && isParseableUrl(str2), () -> {
                return this.i18nResolver.getText(Error.INVALID_ENDPOINT, str, str2);
            });
        }
        return str2;
    }

    private boolean isParseableUrl(String str) {
        try {
            URI.create(str);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private List<String> checkScopes(ErrorCollection.Builder builder, List<String> list) {
        return (List) checkNotEmpty(builder, Field.SCOPES, (String) ((Stream) Optional.ofNullable(list).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).sorted().distinct().collect(Collectors.toList()));
    }

    private String checkName(ErrorCollection.Builder builder, String str, String str2) {
        checkNotTooLong(builder, "name", checkNotEmpty(builder, "name", str2));
        if (builder.hasNoErrors()) {
            checkField(builder, "name", this.clientConfigStorageService.isNameUnique(str, str2), () -> {
                return this.i18nResolver.getText(Error.DUPLICATE_NAME, str2);
            });
        }
        return str2;
    }

    private void checkRedirectUriSuffix(ErrorCollection.Builder builder, RestClientConfiguration restClientConfiguration) {
        checkNotEmpty(builder, Field.REDIRECT_URI_SUFFIX, restClientConfiguration.getRedirectUriSuffix());
        if (builder.hasNoErrors()) {
            String generateRedirectUriSuffix = this.redirectUriSuffixGenerator.generateRedirectUriSuffix(restClientConfiguration.getAuthorizationEndpoint());
            checkField(builder, Field.REDIRECT_URI_SUFFIX, generateRedirectUriSuffix.equals(restClientConfiguration.getRedirectUriSuffix()), () -> {
                return this.i18nResolver.getText(Error.INVALID_SUFFIX, Field.REDIRECT_URI_SUFFIX, generateRedirectUriSuffix, restClientConfiguration.getRedirectUriSuffix());
            });
        }
    }

    private void throwOnError(@Nonnull ErrorCollection.Builder builder) throws ValidationException {
        if (builder.hasAnyErrors()) {
            throw new ValidationException(builder.build());
        }
    }
}
