package com.atlassian.applinks.internal.status.oauth.remote;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.auth.Anonymous;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.applink.ApplinkHelper;
import com.atlassian.applinks.internal.common.capabilities.ApplinksCapabilities;
import com.atlassian.applinks.internal.common.capabilities.RemoteApplicationCapabilities;
import com.atlassian.applinks.internal.common.capabilities.RemoteCapabilitiesService;
import com.atlassian.applinks.internal.common.exception.InvalidArgumentException;
import com.atlassian.applinks.internal.common.exception.NoAccessException;
import com.atlassian.applinks.internal.common.exception.NoSuchApplinkException;
import com.atlassian.applinks.internal.permission.PermissionValidationService;
import com.atlassian.applinks.internal.status.error.ApplinkErrorType;
import com.atlassian.applinks.internal.status.error.ApplinkStatusException;
import com.atlassian.applinks.internal.status.error.NetworkErrorTranslator;
import com.atlassian.applinks.internal.status.error.SimpleApplinkStatusException;
import com.atlassian.applinks.internal.status.oauth.ApplinkOAuthStatus;
import com.atlassian.applinks.internal.status.oauth.remote.ApplinkAuthenticationOAuthFetchStrategy;
import com.atlassian.applinks.internal.status.remote.NoOutgoingAuthenticationException;
import com.atlassian.applinks.internal.status.remote.NoRemoteApplinkException;
import com.atlassian.applinks.spi.application.ApplicationIdUtil;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.sal.api.net.ResponseException;
import java.util.EnumSet;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/applinks/internal/status/oauth/remote/DefaultRemoteOAuthStatusService.class */
public class DefaultRemoteOAuthStatusService implements RemoteOAuthStatusService {
    private static final EnumSet<ApplinkErrorType> INCOMPATIBLE_LINKS = EnumSet.of(ApplinkErrorType.GENERIC_LINK, ApplinkErrorType.NON_ATLASSIAN, ApplinkErrorType.REMOTE_VERSION_INCOMPATIBLE);
    private static final String FAILED_TO_FETCH_OAUTH_STATUS_MESSAGE = "Failed to fetch OAuth status";
    private final ApplinkHelper applinkHelper;
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final InternalHostApplication internalHostApplication;
    private final OAuthConnectionVerifier oAuthConnectionVerifier;
    private final PermissionValidationService permissionValidationService;
    private final RemoteCapabilitiesService remoteCapabilitiesService;

    @Autowired
    public DefaultRemoteOAuthStatusService(ApplinkHelper applinkHelper, AuthenticationConfigurationManager authenticationConfigurationManager, InternalHostApplication internalHostApplication, OAuthConnectionVerifier oAuthConnectionVerifier, PermissionValidationService permissionValidationService, RemoteCapabilitiesService remoteCapabilitiesService) {
        this.applinkHelper = applinkHelper;
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.internalHostApplication = internalHostApplication;
        this.oAuthConnectionVerifier = oAuthConnectionVerifier;
        this.permissionValidationService = permissionValidationService;
        this.remoteCapabilitiesService = remoteCapabilitiesService;
    }

    @Override // com.atlassian.applinks.internal.status.oauth.remote.RemoteOAuthStatusService
    @Nonnull
    public ApplinkOAuthStatus fetchOAuthStatus(@Nonnull ApplicationId applicationId) throws NoSuchApplinkException, NoAccessException, ApplinkStatusException {
        return fetchOAuthStatus(this.applinkHelper.getApplicationLink(applicationId));
    }

    @Override // com.atlassian.applinks.internal.status.oauth.remote.RemoteOAuthStatusService
    @Nonnull
    public ApplinkOAuthStatus fetchOAuthStatus(@Nonnull ApplicationLink applicationLink) throws ApplinkStatusException, NoAccessException {
        this.permissionValidationService.validateAdmin();
        try {
            return fetchInternal(applicationLink);
        } catch (ResponseException e) {
            throw NetworkErrorTranslator.toApplinkErrorException(e, FAILED_TO_FETCH_OAUTH_STATUS_MESSAGE);
        }
    }

    private ApplinkOAuthStatus fetchInternal(@Nonnull ApplicationLink applicationLink) throws ResponseException, NoRemoteApplinkException, NoAccessException {
        OAuthStatusFetchStrategy fetchStrategy = getFetchStrategy(applicationLink, getCapabilities(applicationLink, 1L, TimeUnit.HOURS));
        ApplinkOAuthStatus fetch = fetchStrategy.fetch(this.internalHostApplication.getId(), applicationLink);
        if (fetch != null) {
            return fetch;
        }
        ApplinkOAuthStatus fetch2 = fetchStrategy.fetch(generateFallbackId(), applicationLink);
        if (fetch2 != null) {
            return fetch2;
        }
        throw new NoRemoteApplinkException(applicationLink.getRpcUrl() + " does not have Application Link to the local application");
    }

    private RemoteApplicationCapabilities getCapabilities(@Nonnull ApplicationLink applicationLink, long j, TimeUnit timeUnit) throws NoAccessException {
        try {
            return this.remoteCapabilitiesService.getCapabilities(applicationLink, j, timeUnit);
        } catch (InvalidArgumentException e) {
            throw new AssertionError("Unexpected InvalidArgumentException when getting capabilities", e);
        }
    }

    private OAuthStatusFetchStrategy getFetchStrategy(ApplicationLink applicationLink, RemoteApplicationCapabilities remoteApplicationCapabilities) {
        if (isIncompatible(remoteApplicationCapabilities)) {
            throw new SimpleApplinkStatusException(remoteApplicationCapabilities.getError().getType());
        }
        if (remoteApplicationCapabilities.getCapabilities().contains(ApplinksCapabilities.STATUS_API)) {
            return new StatusApiOAuthFetchStrategy(Anonymous.class);
        }
        Class<? extends AuthenticationProvider> authProvider = getAuthProvider(applicationLink);
        if (remoteApplicationCapabilities.getApplinksVersion() != null && remoteApplicationCapabilities.getApplinksVersion().getMajor() >= 5) {
            return new ApplinkAuthenticationOAuthFetchStrategy.For5x(authProvider, this.oAuthConnectionVerifier);
        }
        if (remoteApplicationCapabilities.getApplinksVersion() != null && remoteApplicationCapabilities.getApplinksVersion().getMajor() == 4) {
            return new ApplinkAuthenticationOAuthFetchStrategy.For4x(authProvider, this.oAuthConnectionVerifier);
        }
        if (remoteApplicationCapabilities.getApplinksVersion() != null) {
            throw new SimpleApplinkStatusException(ApplinkErrorType.REMOTE_VERSION_INCOMPATIBLE);
        }
        return new OAuthStatusFetchStrategyChain(new ApplinkAuthenticationOAuthFetchStrategy.For5x(authProvider, this.oAuthConnectionVerifier), new ApplinkAuthenticationOAuthFetchStrategy.For4x(authProvider, this.oAuthConnectionVerifier));
    }

    private static boolean isIncompatible(RemoteApplicationCapabilities remoteApplicationCapabilities) {
        return remoteApplicationCapabilities.hasError() && INCOMPATIBLE_LINKS.contains(remoteApplicationCapabilities.getError().getType());
    }

    private ApplicationId generateFallbackId() {
        return ApplicationIdUtil.generate(this.internalHostApplication.getBaseUrl());
    }

    private Class<? extends AuthenticationProvider> getAuthProvider(ApplicationLink applicationLink) {
        if (this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class)) {
            return TwoLeggedOAuthWithImpersonationAuthenticationProvider.class;
        }
        if (this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), OAuthAuthenticationProvider.class)) {
            return OAuthAuthenticationProvider.class;
        }
        throw new NoOutgoingAuthenticationException("Neither 3LO nor 2LOi auth configured");
    }
}
