package com.atlassian.applinks.internal.common.auth.oauth;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.CredentialsRequiredException;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider;
import com.atlassian.applinks.core.ServletPathConstants;
import com.atlassian.applinks.core.v1.rest.ApplicationLinkResource;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.capabilities.ApplicationVersion;
import com.atlassian.applinks.internal.common.capabilities.ApplinksCapabilities;
import com.atlassian.applinks.internal.common.capabilities.RemoteApplicationCapabilities;
import com.atlassian.applinks.internal.common.capabilities.RemoteCapabilitiesService;
import com.atlassian.applinks.internal.common.exception.ConsumerInformationUnavailableException;
import com.atlassian.applinks.internal.common.exception.ServiceExceptionFactory;
import com.atlassian.applinks.internal.common.rest.model.oauth.RestConsumer;
import com.atlassian.applinks.internal.common.status.oauth.OAuthConfig;
import com.atlassian.applinks.internal.rest.RestUrl;
import com.atlassian.applinks.internal.rest.RestUrlBuilder;
import com.atlassian.applinks.internal.rest.RestVersion;
import com.atlassian.applinks.internal.rest.model.auth.compatibility.RestAuthenticationProvider;
import com.atlassian.applinks.internal.rest.model.migration.RestAuthenticationConfig;
import com.atlassian.applinks.internal.rest.model.status.RestApplinkOAuthStatus;
import com.atlassian.applinks.internal.status.oauth.ApplinkOAuthStatus;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationException;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.ui.XsrfProtectedServlet;
import com.atlassian.sal.api.net.Request;
import com.atlassian.sal.api.net.RequestFactory;
import com.atlassian.sal.api.net.Response;
import com.atlassian.sal.api.net.ResponseException;
import com.atlassian.sal.api.net.ResponseStatusException;
import com.atlassian.sal.api.net.ReturningResponseHandler;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/applinks/internal/common/auth/oauth/DefaultOAuthAutoConfigurator.class */
public class DefaultOAuthAutoConfigurator implements OAuthAutoConfigurator {
    private static final Logger log = LoggerFactory.getLogger(DefaultOAuthAutoConfigurator.class);
    private static final String APPLINKS_OAUTH_REST_MODULE = "applinks-oauth";
    private final InternalHostApplication internalHostApplication;
    private final RemoteCapabilitiesService capabilitiesService;
    private final OAuthConfigurator oAuthConfigurator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/applinks/internal/common/auth/oauth/DefaultOAuthAutoConfigurator$LoggingReturningResponseHandler.class */
    public static final class LoggingReturningResponseHandler implements ReturningResponseHandler<Response, String> {
        static final LoggingReturningResponseHandler INSTANCE = new LoggingReturningResponseHandler();

        private LoggingReturningResponseHandler() {
        }

        /* renamed from: handle, reason: merged with bridge method [inline-methods] */
        public String m122handle(Response response) throws ResponseException {
            String responseBodyAsString = response.getResponseBodyAsString();
            Response.Status fromStatusCode = Response.Status.fromStatusCode(response.getStatusCode());
            if (fromStatusCode != null && fromStatusCode.getFamily() == Response.Status.Family.SUCCESSFUL) {
                return responseBodyAsString;
            }
            DefaultOAuthAutoConfigurator.log.warn("Unexpected response status: {}, body:\n\n{}", Integer.valueOf(response.getStatusCode()), responseBodyAsString);
            throw new ResponseStatusException("Unexpected response status: " + response.getStatusCode(), response);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/applinks/internal/common/auth/oauth/DefaultOAuthAutoConfigurator$RequestFactoryAdapter.class */
    public final class RequestFactoryAdapter {
        private final Object requestFactory;

        RequestFactoryAdapter(RequestFactory<?> requestFactory) {
            this.requestFactory = requestFactory;
        }

        RequestFactoryAdapter(ApplicationLinkRequestFactory applicationLinkRequestFactory) {
            this.requestFactory = applicationLinkRequestFactory;
        }

        public Request<?, ?> createRequest(Request.MethodType methodType, String str) throws CredentialsRequiredException {
            return this.requestFactory instanceof RequestFactory ? ((RequestFactory) this.requestFactory).createRequest(methodType, str) : ((ApplicationLinkRequestFactory) this.requestFactory).createRequest(methodType, str);
        }
    }

    @Autowired
    public DefaultOAuthAutoConfigurator(AuthenticationConfigurationManager authenticationConfigurationManager, ConsumerTokenStoreService consumerTokenStoreService, InternalHostApplication internalHostApplication, RemoteCapabilitiesService remoteCapabilitiesService, ServiceProviderStoreService serviceProviderStoreService, ServiceExceptionFactory serviceExceptionFactory) {
        this(internalHostApplication, remoteCapabilitiesService, new OAuthConfigurator(authenticationConfigurationManager, consumerTokenStoreService, serviceProviderStoreService, serviceExceptionFactory));
    }

    @VisibleForTesting
    DefaultOAuthAutoConfigurator(InternalHostApplication internalHostApplication, RemoteCapabilitiesService remoteCapabilitiesService, OAuthConfigurator oAuthConfigurator) {
        this.internalHostApplication = internalHostApplication;
        this.capabilitiesService = remoteCapabilitiesService;
        this.oAuthConfigurator = oAuthConfigurator;
    }

    @Override // com.atlassian.applinks.internal.common.auth.oauth.OAuthAutoConfigurator
    public void enable(@Nonnull OAuthConfig oAuthConfig, @Nonnull ApplicationLink applicationLink, @Nonnull RequestFactory requestFactory) throws AuthenticationConfigurationException {
        if (!oAuthConfig.isEnabled()) {
            disable(applicationLink, requestFactory);
        }
        enable(oAuthConfig, oAuthConfig, applicationLink, new RequestFactoryAdapter((RequestFactory<?>) requestFactory));
    }

    @Override // com.atlassian.applinks.internal.common.auth.oauth.OAuthAutoConfigurator
    public void enable(@Nonnull OAuthConfig oAuthConfig, @Nonnull OAuthConfig oAuthConfig2, @Nonnull ApplicationLink applicationLink, @Nonnull ApplicationLinkRequestFactory applicationLinkRequestFactory) throws AuthenticationConfigurationException {
        enable(oAuthConfig, oAuthConfig2, applicationLink, new RequestFactoryAdapter(applicationLinkRequestFactory));
    }

    private void enable(@Nonnull OAuthConfig oAuthConfig, @Nonnull OAuthConfig oAuthConfig2, @Nonnull ApplicationLink applicationLink, @Nonnull RequestFactoryAdapter requestFactoryAdapter) throws AuthenticationConfigurationException {
        RemoteApplicationCapabilities capabilitiesUnsecured = getCapabilitiesUnsecured(applicationLink);
        if (isApplinksPre40(capabilitiesUnsecured)) {
            log.info("Remote Applinks version {} of applink '{}' is too old (pre-4.0). Skipping OAuth auto-configuration", capabilitiesUnsecured.getApplinksVersion(), applicationLink.getId());
            return;
        }
        if (capabilitiesUnsecured.getCapabilities().contains(ApplinksCapabilities.STATUS_API)) {
            remoteEnableUsingStatusApi(oAuthConfig2, oAuthConfig, applicationLink, requestFactoryAdapter);
        } else {
            remoteEnableUsingAuthenticationApi(oAuthConfig2, oAuthConfig, applicationLink, requestFactoryAdapter, capabilitiesUnsecured);
        }
        setLocalOAuthConfig(applicationLink, oAuthConfig, oAuthConfig2);
    }

    @Override // com.atlassian.applinks.internal.common.auth.oauth.OAuthAutoConfigurator
    public void disable(@Nonnull ApplicationLink applicationLink, @Nonnull RequestFactory requestFactory) throws AuthenticationConfigurationException {
        disableInternal(applicationLink, new RequestFactoryAdapter((RequestFactory<?>) requestFactory));
    }

    private void disableInternal(@Nonnull ApplicationLink applicationLink, @Nonnull RequestFactoryAdapter requestFactoryAdapter) throws AuthenticationConfigurationException {
        if (getCapabilitiesUnsecured(applicationLink).getCapabilities().contains(ApplinksCapabilities.STATUS_API)) {
            remoteDisableUsingStatusApi(applicationLink, requestFactoryAdapter);
        } else {
            remoteDisableUsingAutoConfigurationServlet(applicationLink, requestFactoryAdapter);
        }
        setLocalOAuthConfig(applicationLink, OAuthConfig.createDisabledConfig(), OAuthConfig.createDisabledConfig());
    }

    private RemoteApplicationCapabilities getCapabilitiesUnsecured(ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        try {
            return this.capabilitiesService.getCapabilities(applicationLink);
        } catch (Exception e) {
            throw new AuthenticationConfigurationException("Unexpected error when retrieving capabilities", e);
        }
    }

    private void setLocalOAuthConfig(ApplicationLink applicationLink, OAuthConfig oAuthConfig, OAuthConfig oAuthConfig2) throws AuthenticationConfigurationException {
        try {
            this.oAuthConfigurator.updateIncomingConfig(applicationLink, oAuthConfig);
            this.oAuthConfigurator.updateOutgoingConfig(applicationLink, oAuthConfig2);
        } catch (ConsumerInformationUnavailableException e) {
            throw new AuthenticationConfigurationException(e);
        }
    }

    private void remoteEnableUsingStatusApi(OAuthConfig oAuthConfig, OAuthConfig oAuthConfig2, ApplicationLink applicationLink, RequestFactoryAdapter requestFactoryAdapter) throws AuthenticationConfigurationException {
        try {
            setRemoteStatus(new ApplinkOAuthStatus(oAuthConfig, oAuthConfig2), applicationLink, requestFactoryAdapter);
        } catch (ResponseException | CredentialsRequiredException e) {
            throw new AuthenticationConfigurationException(e);
        }
    }

    private void remoteEnableUsingAuthenticationApi(OAuthConfig oAuthConfig, OAuthConfig oAuthConfig2, ApplicationLink applicationLink, RequestFactoryAdapter requestFactoryAdapter, RemoteApplicationCapabilities remoteApplicationCapabilities) throws AuthenticationConfigurationException {
        try {
            if (oAuthConfig.isEnabled()) {
                createDefaultJsonRequest(requestFactoryAdapter, Request.MethodType.PUT, getAuthenticationConsumerResourceUrl(applicationLink, remoteApplicationCapabilities)).setEntity(getRestConsumer(oAuthConfig)).executeAndReturn(LoggingReturningResponseHandler.INSTANCE);
            }
            if (oAuthConfig2.isEnabled()) {
                String authenticationProviderResourceUrl = getAuthenticationProviderResourceUrl(applicationLink);
                Iterator<Class<? extends AuthenticationProvider>> it = getProviders(oAuthConfig2).iterator();
                while (it.hasNext()) {
                    createDefaultJsonRequest(requestFactoryAdapter, Request.MethodType.PUT, authenticationProviderResourceUrl).setEntity(new RestAuthenticationProvider(it.next())).executeAndReturn(LoggingReturningResponseHandler.INSTANCE);
                }
            }
        } catch (ResponseException | CredentialsRequiredException e) {
            throw new AuthenticationConfigurationException(e);
        }
    }

    private void remoteDisableUsingStatusApi(ApplicationLink applicationLink, RequestFactoryAdapter requestFactoryAdapter) throws AuthenticationConfigurationException {
        try {
            setRemoteStatus(ApplinkOAuthStatus.OFF, applicationLink, requestFactoryAdapter);
        } catch (ResponseException | CredentialsRequiredException e) {
            throw new AuthenticationConfigurationException(e);
        }
    }

    private void remoteDisableUsingAutoConfigurationServlet(ApplicationLink applicationLink, RequestFactoryAdapter requestFactoryAdapter) throws AuthenticationConfigurationException {
        try {
            createDefaultRequest(requestFactoryAdapter, Request.MethodType.DELETE, getAutoConfigServletUrl(applicationLink)).executeAndReturn(LoggingReturningResponseHandler.INSTANCE);
        } catch (ResponseException | CredentialsRequiredException e) {
            throw new AuthenticationConfigurationException(e);
        }
    }

    private void setRemoteStatus(ApplinkOAuthStatus applinkOAuthStatus, ApplicationLink applicationLink, RequestFactoryAdapter requestFactoryAdapter) throws ResponseException, CredentialsRequiredException {
        createDefaultJsonRequest(requestFactoryAdapter, Request.MethodType.PUT, getStatusResourceUrl(applicationLink)).setEntity(new RestApplinkOAuthStatus(applinkOAuthStatus)).executeAndReturn(LoggingReturningResponseHandler.INSTANCE);
    }

    private String getStatusResourceUrl(ApplicationLink applicationLink) {
        return new RestUrlBuilder().to(applicationLink).version(RestVersion.V3).addPath("status").addApplicationId(this.internalHostApplication.getId()).addPath(RestAuthenticationConfig.OAUTH).toString();
    }

    private String getAuthenticationConsumerResourceUrl(ApplicationLink applicationLink, RemoteApplicationCapabilities remoteApplicationCapabilities) {
        RestUrlBuilder restUrlBuilder = new RestUrlBuilder().to(applicationLink);
        return (isApplinks5OrLater(remoteApplicationCapabilities) ? restUrlBuilder.module(APPLINKS_OAUTH_REST_MODULE).version(RestVersion.LATEST) : restUrlBuilder.version(RestVersion.V2)).addPath(ApplicationLinkResource.CONTEXT).addApplicationId(this.internalHostApplication.getId()).addPath("authentication").addPath("consumer").queryParam("autoConfigure", Boolean.TRUE.toString()).toString();
    }

    private String getAuthenticationProviderResourceUrl(ApplicationLink applicationLink) {
        return new RestUrlBuilder().to(applicationLink).version(RestVersion.V2).addPath(ApplicationLinkResource.CONTEXT).addApplicationId(this.internalHostApplication.getId()).addPath("authentication").addPath(RestAuthenticationProvider.PROVIDER).toString();
    }

    private String getAutoConfigServletUrl(ApplicationLink applicationLink) {
        return RestUrl.forPath(applicationLink.getRpcUrl().toASCIIString()).add(ServletPathConstants.APPLINKS_CONFIG_SERVLET_URL).add(RestAuthenticationConfig.OAUTH).add("autoconfig").add(this.internalHostApplication.getId().toString()).toString();
    }

    private static Request<?, ?> createDefaultRequest(RequestFactoryAdapter requestFactoryAdapter, Request.MethodType methodType, String str) throws CredentialsRequiredException {
        return requestFactoryAdapter.createRequest(methodType, str).setFollowRedirects(true).addHeader(XsrfProtectedServlet.OVERRIDE_HEADER_NAME, XsrfProtectedServlet.OVERRIDE_HEADER_VALUE);
    }

    private static Request<?, ?> createDefaultJsonRequest(RequestFactoryAdapter requestFactoryAdapter, Request.MethodType methodType, String str) throws CredentialsRequiredException {
        return createDefaultRequest(requestFactoryAdapter, methodType, str).addHeader("Content-Type", "application/json").addHeader("Accept", "application/json");
    }

    private static boolean isApplinks5OrLater(RemoteApplicationCapabilities remoteApplicationCapabilities) {
        ApplicationVersion applinksVersion = remoteApplicationCapabilities.getApplinksVersion();
        return applinksVersion == null || applinksVersion.getMajor() >= 5;
    }

    private static boolean isApplinksPre40(RemoteApplicationCapabilities remoteApplicationCapabilities) {
        ApplicationVersion applinksVersion = remoteApplicationCapabilities.getApplinksVersion();
        return applinksVersion != null && applinksVersion.getMajor() < 4;
    }

    private static Iterable<Class<? extends AuthenticationProvider>> getProviders(OAuthConfig oAuthConfig) {
        ImmutableList.Builder builder = ImmutableList.builder();
        if (oAuthConfig.isEnabled()) {
            builder.add(OAuthAuthenticationProvider.class);
        }
        if (oAuthConfig.isTwoLoEnabled()) {
            builder.add(TwoLeggedOAuthAuthenticationProvider.class);
        }
        if (oAuthConfig.isTwoLoImpersonationEnabled()) {
            builder.add(TwoLeggedOAuthWithImpersonationAuthenticationProvider.class);
        }
        return builder.build();
    }

    private static RestConsumer getRestConsumer(OAuthConfig oAuthConfig) {
        RestConsumer restConsumer = new RestConsumer();
        restConsumer.put(RestConsumer.TWO_LO_ALLOWED, (Object) Boolean.valueOf(oAuthConfig.isTwoLoEnabled()));
        restConsumer.put(RestConsumer.TWO_LO_IMPERSONATION_ALLOWED, (Object) Boolean.valueOf(oAuthConfig.isTwoLoImpersonationEnabled()));
        return restConsumer;
    }
}
