package com.atlassian.oauth.serviceprovider.internal.servlet;

import com.atlassian.oauth.serviceprovider.Clock;
import com.atlassian.oauth.serviceprovider.InvalidTokenException;
import com.atlassian.oauth.serviceprovider.ServiceProviderToken;
import com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuth;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-oauth-service-provider-plugin-2.0.3.jar:com/atlassian/oauth/serviceprovider/internal/servlet/TokenLoaderImpl.class */
public final class TokenLoaderImpl implements TokenLoader {
    private final ServiceProviderTokenStore store;
    private final Clock clock;

    public TokenLoaderImpl(@Qualifier("tokenStore") ServiceProviderTokenStore serviceProviderTokenStore, Clock clock) {
        this.store = (ServiceProviderTokenStore) Preconditions.checkNotNull(serviceProviderTokenStore, "store");
        this.clock = (Clock) Preconditions.checkNotNull(clock, "clock");
    }

    @Override // com.atlassian.oauth.serviceprovider.internal.servlet.TokenLoader
    public ServiceProviderToken getTokenForAuthorization(HttpServletRequest httpServletRequest) throws OAuthProblemException, IOException {
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        message.requireParameters(OAuth.OAUTH_TOKEN);
        try {
            ServiceProviderToken serviceProviderToken = this.store.get(message.getToken());
            if (serviceProviderToken == null || serviceProviderToken.isAccessToken()) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
            if (serviceProviderToken.getAuthorization() == ServiceProviderToken.Authorization.AUTHORIZED || serviceProviderToken.getAuthorization() == ServiceProviderToken.Authorization.DENIED) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);
            }
            if (serviceProviderToken.hasExpired(this.clock)) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
            }
            return serviceProviderToken;
        } catch (InvalidTokenException e) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
    }
}
