package com.atlassian.applinks.oauth.auth;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.core.auth.AbstractApplicationLinkResponseHandler;
import com.atlassian.applinks.internal.common.auth.oauth.ConsumerTokenStoreService;
import com.atlassian.sal.api.net.Response;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import net.oauth.OAuth;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-7.1.0.jar:com/atlassian/applinks/oauth/auth/OAuthRedirectingApplicationLinkResponseHandler.class */
public class OAuthRedirectingApplicationLinkResponseHandler extends AbstractApplicationLinkResponseHandler {
    public static final String WWW_AUTH_HEADER = "WWW-Authenticate";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuthRedirectingApplicationLinkResponseHandler.class);
    protected static final Set<String> TOKEN_PROBLEMS = ImmutableSet.of(OAuth.Problems.TOKEN_EXPIRED, OAuth.Problems.TOKEN_REJECTED, OAuth.Problems.TOKEN_REVOKED);
    protected final ConsumerTokenStoreService consumerTokenStoreService;
    protected final ApplicationId applicationId;
    protected final String username;
    protected boolean hasTokenProblems;
    protected String authenticationProblem;
    protected String authenticationProblemAdvice;
    protected List<OAuth.Parameter> allParameters;

    public OAuthRedirectingApplicationLinkResponseHandler(String str, ApplicationLinkRequest applicationLinkRequest, ConsumerTokenStoreService consumerTokenStoreService, ApplicationId applicationId, String str2, boolean z) {
        super(str, applicationLinkRequest, z);
        this.hasTokenProblems = false;
        this.authenticationProblem = null;
        this.authenticationProblemAdvice = null;
        this.consumerTokenStoreService = consumerTokenStoreService;
        this.username = str2;
        this.applicationId = applicationId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkForOAuthProblemAndRemoveConsumerTokenIfNecessary(Response response) {
        String str = response.getHeaders().get("WWW-Authenticate");
        if (StringUtils.isBlank(str)) {
            return;
        }
        this.allParameters = ImmutableList.copyOf((Collection) OAuthMessage.decodeAuthorization(str));
        for (OAuth.Parameter parameter : this.allParameters) {
            if (OAuthProblemException.OAUTH_PROBLEM.equals(parameter.getKey())) {
                log.debug("OAuth request rejected by peer.\nOur OAuth request header: Authorization: " + this.wrappedRequest.getHeaders().get("Authorization") + "\nFull OAuth response header: WWW-Authenticate: " + str);
                if (OAuth.Problems.TIMESTAMP_REFUSED.equals(parameter.getValue())) {
                    log.warn("Peer rejected the timestamp on our OAuth request. This might be due to a replay attack, but it's more likely our system clock is not synchronized with the server's clock. You may turn on debug logging to log the full contents of the OAuth response headers.");
                }
                if (this.consumerTokenStoreService != null && TOKEN_PROBLEMS.contains(parameter.getValue())) {
                    try {
                        this.consumerTokenStoreService.removeConsumerToken(this.applicationId, this.username);
                    } catch (RuntimeException e) {
                        log.error("Failed to delete consumer token for user '" + this.username + "'.", (Throwable) e);
                    }
                    this.hasTokenProblems = true;
                }
                this.authenticationProblem = parameter.getValue();
            }
            if (OAuth.Problems.OAUTH_PROBLEM_ADVICE.equals(parameter.getKey())) {
                this.authenticationProblemAdvice = parameter.getValue();
            }
        }
    }
}
