package com.atlassian.applinks.oauth.auth.servlets.serviceprovider;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkService;
import com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider;
import com.atlassian.applinks.core.RedirectController;
import com.atlassian.applinks.core.ServletPathConstants;
import com.atlassian.applinks.core.util.MessageFactory;
import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.auth.oauth.ConsumerTokenStoreService;
import com.atlassian.applinks.internal.common.docs.DocumentationLinker;
import com.atlassian.applinks.oauth.auth.servlets.AbstractOAuthConfigServlet;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.ui.AbstractApplinksServlet;
import com.atlassian.applinks.ui.auth.AdminUIAuthenticator;
import com.atlassian.applinks.ui.validators.CallbackParameterValidator;
import com.atlassian.plugin.webresource.WebResourceManager;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.templaterenderer.TemplateRenderer;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-9.0.12.jar:com/atlassian/applinks/oauth/auth/servlets/serviceprovider/AddConsumerReciprocalServlet.class */
public class AddConsumerReciprocalServlet extends AbstractOAuthConfigServlet {
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ConsumerTokenStoreService consumerTokenStoreService;
    private final WebSudoManager webSudoManager;
    private final CallbackParameterValidator callbackParameterValidator;
    private final RedirectController redirectController;
    public static final String ENABLE_OAUTH_AUTHENTICATION_PARAMETER = "enable-oauth";
    public static final String SUCCESS_PARAM = "success";
    public static final String CALLBACK_PARAM = "callback";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AddConsumerReciprocalServlet.class);

    public AddConsumerReciprocalServlet(I18nResolver i18nResolver, MessageFactory messageFactory, TemplateRenderer templateRenderer, WebResourceManager webResourceManager, ApplicationLinkService applicationLinkService, AdminUIAuthenticator adminUIAuthenticator, AuthenticationConfigurationManager authenticationConfigurationManager, ConsumerTokenStoreService consumerTokenStoreService, InternalHostApplication internalHostApplication, LoginUriProvider loginUriProvider, DocumentationLinker documentationLinker, WebSudoManager webSudoManager, XsrfTokenAccessor xsrfTokenAccessor, XsrfTokenValidator xsrfTokenValidator, CallbackParameterValidator callbackParameterValidator, RedirectController redirectController) {
        super(i18nResolver, messageFactory, templateRenderer, webResourceManager, applicationLinkService, adminUIAuthenticator, documentationLinker, loginUriProvider, internalHostApplication, xsrfTokenAccessor, xsrfTokenValidator);
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.consumerTokenStoreService = consumerTokenStoreService;
        this.webSudoManager = webSudoManager;
        this.callbackParameterValidator = callbackParameterValidator;
        this.redirectController = redirectController;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
            try {
                ApplicationLink requiredApplicationLink = getRequiredApplicationLink(httpServletRequest);
                boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter(ENABLE_OAUTH_AUTHENTICATION_PARAMETER));
                try {
                    if (parseBoolean) {
                        this.authenticationConfigurationManager.registerProvider(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class, Collections.emptyMap());
                        redirectOrPrintRedirectionWarning(httpServletRequest, httpServletResponse, this.i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.enabled"));
                    } else {
                        if (this.authenticationConfigurationManager.isConfigured(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class)) {
                            this.consumerTokenStoreService.removeAllConsumerTokens(requiredApplicationLink);
                        }
                        this.authenticationConfigurationManager.unregisterProvider(requiredApplicationLink.getId(), OAuthAuthenticationProvider.class);
                        redirectOrPrintRedirectionWarning(httpServletRequest, httpServletResponse, this.i18nResolver.getText("auth.oauth.config.serviceprovider.consumer.disabled"));
                    }
                } catch (Exception e) {
                    LOG.error("Error occurred when trying to " + (parseBoolean ? "enable" : "disable") + " OAuth authentication configuration for application link '" + requiredApplicationLink + "'", (Throwable) e);
                    httpServletResponse.sendRedirect(createAndValidateRedirectUrl(httpServletRequest, false, parseBoolean ? this.i18nResolver.getText("auth.oauth.config.error.reciprocal.config.enable") : this.i18nResolver.getText("auth.oauth.config.error.reciprocal.config.disable")));
                }
            } catch (AbstractApplinksServlet.NotFoundException e2) {
                httpServletResponse.sendRedirect(createAndValidateRedirectUrl(httpServletRequest, true, null));
            }
        } catch (WebSudoSessionException e3) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    public static String getReciprocalServletUrl(URI uri, ApplicationId applicationId, String str, String str2) {
        return URIUtil.uncheckedConcatenate(uri, ServletPathConstants.APPLINKS_CONFIG_SERVLET_PATH + "/oauth/outbound/apl/" + applicationId + "?callback=" + str + "&" + ENABLE_OAUTH_AUTHENTICATION_PARAMETER + "=" + str2).toString();
    }

    private void redirectOrPrintRedirectionWarning(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        this.redirectController.redirectOrPrintRedirectionWarning(httpServletResponse, createRedirectUrl(httpServletRequest, true, str));
    }

    private String createAndValidateRedirectUrl(HttpServletRequest httpServletRequest, boolean z, String str) {
        String createRedirectUrl = createRedirectUrl(httpServletRequest, z, str);
        this.callbackParameterValidator.validate(createRedirectUrl);
        return createRedirectUrl;
    }

    private String createRedirectUrl(HttpServletRequest httpServletRequest, boolean z, String str) {
        String requiredParameter = getRequiredParameter(httpServletRequest, "callback");
        if (requiredParameter.indexOf("?") == -1) {
            requiredParameter = requiredParameter + "?";
        }
        String format = String.format("%s&success=%s", requiredParameter, Boolean.valueOf(z));
        if (!StringUtils.isBlank(str)) {
            format = format + "&message=" + URIUtil.utf8Encode(str);
        }
        return format;
    }
}
