package com.atlassian.oauth.serviceprovider.internal.servlet;

import aQute.bnd.annotation.component.Component;
import com.atlassian.oauth.Request;
import com.atlassian.oauth.serviceprovider.Clock;
import com.atlassian.oauth.serviceprovider.InvalidTokenException;
import com.atlassian.oauth.serviceprovider.ServiceProviderToken;
import com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore;
import com.atlassian.oauth.serviceprovider.internal.OAuthConverter;
import com.atlassian.oauth.serviceprovider.internal.TokenFactory;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-oauth-service-provider-plugin-5.0.4.jar:com/atlassian/oauth/serviceprovider/internal/servlet/AccessTokenServlet.class */
public class AccessTokenServlet extends TransactionalServlet {
    private final Logger log;
    private final TokenFactory factory;
    private final OAuthValidator validator;
    private final ApplicationProperties applicationProperties;
    private final OAuthConverter converter;
    private final ServiceProviderTokenStore tokenStore;
    private final Clock clock;

    public AccessTokenServlet(@Qualifier("tokenStore") ServiceProviderTokenStore serviceProviderTokenStore, TokenFactory tokenFactory, OAuthValidator oAuthValidator, ApplicationProperties applicationProperties, OAuthConverter oAuthConverter, TransactionTemplate transactionTemplate, Clock clock) {
        super(transactionTemplate);
        this.log = LoggerFactory.getLogger(getClass());
        this.tokenStore = (ServiceProviderTokenStore) Objects.requireNonNull(serviceProviderTokenStore, "store");
        this.factory = (TokenFactory) Objects.requireNonNull(tokenFactory, Component.FACTORY);
        this.validator = (OAuthValidator) Objects.requireNonNull(oAuthValidator, "validator");
        this.applicationProperties = (ApplicationProperties) Objects.requireNonNull(applicationProperties, "applicationProperties");
        this.converter = (OAuthConverter) Objects.requireNonNull(oAuthConverter, "converter");
        this.clock = (Clock) Objects.requireNonNull(clock, "clock");
    }

    @Override // com.atlassian.oauth.serviceprovider.internal.servlet.TransactionalServlet
    public void doPostInTransaction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
            message.requireParameters(OAuth.OAUTH_TOKEN);
            try {
                ServiceProviderToken serviceProviderToken = this.tokenStore.get(message.getToken());
                if (serviceProviderToken == null) {
                    throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
                }
                if (serviceProviderToken.isRequestToken()) {
                    checkRequestToken(message, serviceProviderToken);
                } else {
                    checkAccessToken(message, serviceProviderToken);
                }
                try {
                    this.validator.validateMessage(message, this.converter.toOAuthAccessor(serviceProviderToken));
                    ServiceProviderToken put = this.tokenStore.put(this.factory.generateAccessToken(serviceProviderToken));
                    this.tokenStore.removeAndNotify(serviceProviderToken.getToken());
                    httpServletResponse.setContentType("text/plain");
                    OAuth.formEncode(OAuth.newList(OAuth.OAUTH_TOKEN, put.getToken(), OAuth.OAUTH_TOKEN_SECRET, put.getTokenSecret(), Request.OAUTH_EXPIRES_IN, Long.toString(put.getTimeToLive() / 1000), Request.OAUTH_SESSION_HANDLE, put.getSession().getHandle(), Request.OAUTH_AUTHORIZATION_EXPIRES_IN, Long.toString(put.getSession().getTimeToLive() / 1000)), httpServletResponse.getOutputStream());
                } catch (OAuthProblemException e) {
                    OAuthProblemUtils.logOAuthProblem(message, e, this.log);
                    throw e;
                }
            } catch (InvalidTokenException e2) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
        } catch (Exception e3) {
            OAuthServlet.handleException(httpServletResponse, e3, this.applicationProperties.getBaseUrl(), true);
        }
    }

    private void checkRequestToken(OAuthMessage oAuthMessage, ServiceProviderToken serviceProviderToken) throws Exception {
        if (serviceProviderToken.hasExpired(this.clock)) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
        }
        if (serviceProviderToken.getAuthorization() == ServiceProviderToken.Authorization.NONE) {
            throw new OAuthProblemException(OAuth.Problems.PERMISSION_UNKNOWN);
        }
        if (serviceProviderToken.getAuthorization() == ServiceProviderToken.Authorization.DENIED) {
            throw new OAuthProblemException(OAuth.Problems.PERMISSION_DENIED);
        }
        if (!serviceProviderToken.getConsumer().getKey().equals(oAuthMessage.getConsumerKey())) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        if (ServiceProviderToken.Version.V_1_0_A.equals(serviceProviderToken.getVersion())) {
            oAuthMessage.requireParameters(OAuth.OAUTH_VERIFIER);
            if (!serviceProviderToken.getVerifier().equals(oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER))) {
                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
            }
        }
    }

    private void checkAccessToken(OAuthMessage oAuthMessage, ServiceProviderToken serviceProviderToken) throws Exception {
        if (serviceProviderToken.getSession() == null) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        oAuthMessage.requireParameters(Request.OAUTH_SESSION_HANDLE);
        if (!serviceProviderToken.getSession().getHandle().equals(oAuthMessage.getParameter(Request.OAUTH_SESSION_HANDLE))) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        if (serviceProviderToken.getSession().hasExpired(this.clock)) {
            throw new OAuthProblemException(OAuth.Problems.PERMISSION_DENIED);
        }
    }
}
