package com.atlassian.oauth2.client.storage;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.oauth2.client.api.ClientToken;
import com.atlassian.oauth2.client.api.ClientTokenMetadata;
import com.atlassian.oauth2.client.api.lib.token.TokenService;
import com.atlassian.oauth2.client.api.lib.token.TokenServiceException;
import com.atlassian.oauth2.client.api.storage.TokenHandler;
import com.atlassian.oauth2.client.api.storage.config.ClientConfigStorageService;
import com.atlassian.oauth2.client.api.storage.config.ClientConfigurationEntity;
import com.atlassian.oauth2.client.api.storage.event.ClientTokenRecoverableEvent;
import com.atlassian.oauth2.client.api.storage.event.ClientTokenUnrecoverableEvent;
import com.atlassian.oauth2.client.api.storage.token.ClientTokenEntity;
import com.atlassian.oauth2.client.api.storage.token.ClientTokenStorageService;
import com.atlassian.oauth2.client.api.storage.token.exception.AccessTokenExpiredException;
import com.atlassian.oauth2.client.api.storage.token.exception.ConfigurationNotFoundException;
import com.atlassian.oauth2.client.api.storage.token.exception.RecoverableTokenException;
import com.atlassian.oauth2.client.api.storage.token.exception.RefreshTokenExpiredException;
import com.atlassian.oauth2.client.api.storage.token.exception.TokenNotFoundException;
import com.atlassian.oauth2.client.api.storage.token.exception.UnrecoverableTokenException;
import com.atlassian.oauth2.client.properties.SystemProperty;
import com.atlassian.oauth2.common.concurrent.KeyedLocks;
import com.google.common.base.Throwables;
import java.time.Clock;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.0.8.jar:com/atlassian/oauth2/client/storage/DefaultTokenHandler.class */
public class DefaultTokenHandler implements TokenHandler {

    @VisibleForTesting
    static final int MAX_EXECUTE_ATTEMPTS = 2;
    private final ClientTokenStorageService clientTokenStorageService;
    private final ClientConfigStorageService clientConfigStorageService;
    private final TokenService tokenService;
    private final Clock clock;
    private final KeyedLocks<String> tokenLocks = new KeyedLocks<>(SystemProperty.DEFAULT_MONITOR_STRIPE_COUNT.getValue().intValue());
    private final Duration minFailingPeriodForUnrecoverable;
    private final EventPublisher eventPublisher;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultTokenHandler.class);
    private static final Duration LARGE_MARGIN = Duration.ofDays(3650);

    public DefaultTokenHandler(ClientTokenStorageService clientTokenStorageService, ClientConfigStorageService clientConfigStorageService, TokenService tokenService, Clock clock, Duration duration, EventPublisher eventPublisher) {
        this.clientTokenStorageService = clientTokenStorageService;
        this.clientConfigStorageService = clientConfigStorageService;
        this.tokenService = tokenService;
        this.clock = clock;
        this.minFailingPeriodForUnrecoverable = duration;
        this.eventPublisher = eventPublisher;
    }

    @Override // com.atlassian.oauth2.client.api.storage.TokenHandler
    public <T> T execute(String str, TokenHandler.ClientTokenCallback<T> clientTokenCallback) throws UnrecoverableTokenException, RecoverableTokenException {
        return (T) execute(str, clientTokenCallback, LARGE_MARGIN);
    }

    @Override // com.atlassian.oauth2.client.api.storage.TokenHandler
    public <T> T execute(String str, TokenHandler.ClientTokenCallback<T> clientTokenCallback, Duration duration) throws UnrecoverableTokenException, RecoverableTokenException {
        ClientTokenEntity clientTokenEntity = null;
        TokenHandler.InvalidTokenException invalidTokenException = null;
        for (int i = 1; i <= 2; i++) {
            clientTokenEntity = getRefreshedToken(str, duration, false);
            try {
                T apply = clientTokenCallback.apply(clientTokenEntity);
                updateToken(clientTokenEntity, builder -> {
                    builder.status(ClientTokenMetadata.ClientTokenStatus.VALID);
                });
                return apply;
            } catch (TokenHandler.InvalidTokenException e) {
                invalidTokenException = e;
                logger.debug("Token with ID {} reported as invalid during attempt {} of {}", str, Integer.valueOf(i), 2);
                logger.trace("Exception caught: ", (Throwable) e);
            }
        }
        return (T) handleFailure(clientTokenEntity, invalidTokenException.getMessage(), invalidTokenException);
    }

    @Override // com.atlassian.oauth2.client.api.storage.TokenHandler
    public ClientTokenEntity getRefreshedToken(String str) throws UnrecoverableTokenException, RecoverableTokenException {
        return getRefreshedToken(str, LARGE_MARGIN);
    }

    @Override // com.atlassian.oauth2.client.api.storage.TokenHandler
    public ClientTokenEntity getRefreshedToken(String str, Duration duration) throws UnrecoverableTokenException, RecoverableTokenException {
        return getRefreshedToken(str, duration, true);
    }

    private ClientTokenEntity getRefreshedToken(String str, Duration duration, boolean z) throws UnrecoverableTokenException, RecoverableTokenException {
        try {
            return (ClientTokenEntity) this.tokenLocks.executeWithLock(str, () -> {
                return refreshTokenIfNeeded(this.clientTokenStorageService.getByIdOrFail(str), duration, z);
            });
        } catch (Exception e) {
            Throwables.propagateIfPossible(e, UnrecoverableTokenException.class, RecoverableTokenException.class);
            throw new RuntimeException("Unexpected exception", e);
        }
    }

    private ClientTokenEntity refreshTokenIfNeeded(ClientTokenEntity clientTokenEntity, Duration duration, boolean z) throws UnrecoverableTokenException, RecoverableTokenException {
        if (clientTokenEntity.getStatus() == ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE) {
            throw new UnrecoverableTokenException("Token already marked as invalid");
        }
        if (clientTokenEntity.getRefreshToken() != null) {
            return this.tokenService.isRefreshNeeded(clientTokenEntity, duration) ? refreshToken(clientTokenEntity, z) : clientTokenEntity;
        }
        if (!clientTokenEntity.getAccessTokenExpiration().isBefore(this.clock.instant().minus((TemporalAmount) SystemProperty.MAX_CLOCK_SKEW.getValue()))) {
            return clientTokenEntity;
        }
        updateToken(clientTokenEntity, builder -> {
            builder.status(ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE);
        });
        throw new AccessTokenExpiredException("Cannot refresh the access token as the refresh token is not present");
    }

    private ClientTokenEntity refreshToken(ClientTokenEntity clientTokenEntity, boolean z) throws UnrecoverableTokenException, RecoverableTokenException {
        Optional<ClientConfigurationEntity> byId = this.clientConfigStorageService.getById(clientTokenEntity.getConfigId());
        if (!byId.isPresent()) {
            updateToken(clientTokenEntity, builder -> {
                builder.status(ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE);
            });
            throw new ConfigurationNotFoundException("Cannot refresh token as client configuration does not exist");
        }
        try {
            ClientToken forceRefresh = this.tokenService.forceRefresh(byId.get(), clientTokenEntity);
            boolean z2 = z && clientTokenEntity.getStatus() == ClientTokenMetadata.ClientTokenStatus.RECOVERABLE;
            return updateToken(clientTokenEntity, builder2 -> {
                builder2.updateFrom(forceRefresh).lastRefreshed(this.clock.instant()).status(z2 ? ClientTokenMetadata.ClientTokenStatus.UNKNOWN : clientTokenEntity.getStatus()).incrementRefreshCount();
            });
        } catch (TokenServiceException e) {
            if (!clientTokenEntity.getRefreshTokenExpiration().isBefore(this.clock.instant().minus((TemporalAmount) SystemProperty.MAX_CLOCK_SKEW.getValue()))) {
                return (ClientTokenEntity) handleFailure(clientTokenEntity, "An error has occurred while refreshing OAuth token", e);
            }
            updateToken(clientTokenEntity, builder3 -> {
                builder3.status(ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE);
            });
            throw new RefreshTokenExpiredException("Cannot refresh the access token as the refresh token has expired");
        }
    }

    private <T> T handleFailure(ClientTokenEntity clientTokenEntity, String str, Exception exc) throws RecoverableTokenException, UnrecoverableTokenException {
        if (clientTokenEntity.getStatus() != ClientTokenMetadata.ClientTokenStatus.RECOVERABLE || Duration.between(clientTokenEntity.getLastStatusUpdated(), this.clock.instant()).compareTo(this.minFailingPeriodForUnrecoverable) < 0) {
            throw new RecoverableTokenException(str, exc, updateToken(clientTokenEntity, builder -> {
                builder.status(ClientTokenMetadata.ClientTokenStatus.RECOVERABLE);
            }).getLastStatusUpdated());
        }
        updateToken(clientTokenEntity, builder2 -> {
            builder2.status(ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE);
        });
        throw new UnrecoverableTokenException("Token already marked as invalid");
    }

    private ClientTokenEntity updateToken(ClientTokenEntity clientTokenEntity, Consumer<ClientTokenEntity.Builder> consumer) throws TokenNotFoundException {
        ClientTokenEntity.Builder builder = ClientTokenEntity.builder(clientTokenEntity);
        consumer.accept(builder);
        if (!clientTokenEntity.getStatus().equals(builder.getStatus()) || builder.getLastStatusUpdated() == null) {
            builder.lastStatusUpdated(this.clock.instant());
        }
        ClientTokenEntity build = builder.build();
        if (!clientTokenEntity.getStatus().equals(build.getStatus())) {
            if (build.getStatus().equals(ClientTokenMetadata.ClientTokenStatus.RECOVERABLE)) {
                this.eventPublisher.publish(new ClientTokenRecoverableEvent(build.getId()));
            } else if (build.getStatus().equals(ClientTokenMetadata.ClientTokenStatus.UNRECOVERABLE)) {
                this.eventPublisher.publish(new ClientTokenUnrecoverableEvent(build.getId()));
            }
        }
        return Objects.equals(clientTokenEntity, build) ? build : this.clientTokenStorageService.save(build);
    }

    @VisibleForTesting
    int getTokensUnderRefreshCount() {
        return this.tokenLocks.size();
    }
}
