package com.atlassian.oauth.serviceprovider.internal.servlet.user;

import com.atlassian.oauth.serviceprovider.ServiceProviderToken;
import com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore;
import com.atlassian.oauth.serviceprovider.TokenPropertiesFactory;
import com.atlassian.oauth.serviceprovider.internal.oauth2.OAuth2OsgiServiceFactory;
import com.atlassian.oauth2.provider.api.client.Client;
import com.atlassian.oauth2.provider.api.external.OAuth2ProviderService;
import com.atlassian.oauth2.provider.api.token.refresh.RefreshToken;
import com.atlassian.oauth2.scopes.api.Scope;
import com.atlassian.plugins.custom_apps.CustomAppStore;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.message.LocaleResolver;
import java.net.URI;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.springframework.web.servlet.DispatcherServlet;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-oauth-service-provider-plugin-5.0.7.jar:com/atlassian/oauth/serviceprovider/internal/servlet/user/AccessTokensServletContext.class */
public class AccessTokensServletContext {
    private final LocaleResolver localeResolver;
    private final ApplicationProperties applicationProperties;
    private final ServiceProviderTokenStore store;
    private final OAuth2OsgiServiceFactory oAuth2OsgiServiceFactory;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-oauth-service-provider-plugin-5.0.7.jar:com/atlassian/oauth/serviceprovider/internal/servlet/user/AccessTokensServletContext$TokenRepresentation.class */
    public static final class TokenRepresentation {
        private static final String URL_REGEX_PATTERN = "((.*?)(https?://\\S+))";
        private final String token;
        private final String consumerName;
        private final URI consumerUri;
        private final Date authorizationDate;
        private final String[] scopes;
        private final String revokeUrl;
        private final boolean oauth2;

        TokenRepresentation(ServiceProviderToken serviceProviderToken) {
            this.token = serviceProviderToken.getToken();
            this.consumerName = resolveConsumerName(serviceProviderToken);
            this.consumerUri = parseUriFromDescription(serviceProviderToken.getConsumer().getDescription());
            this.authorizationDate = new Date(serviceProviderToken.getCreationTime());
            this.scopes = null;
            this.revokeUrl = null;
            this.oauth2 = false;
        }

        private static URI parseUriFromDescription(String str) {
            if (StringUtils.isEmpty(str)) {
                return null;
            }
            Matcher matcher = Pattern.compile(URL_REGEX_PATTERN).matcher(str.trim());
            if (!matcher.matches()) {
                return null;
            }
            try {
                return URI.create(matcher.group(3));
            } catch (IllegalArgumentException e) {
                return null;
            }
        }

        TokenRepresentation(Client client, RefreshToken refreshToken, String str) {
            this.token = refreshToken.getId();
            this.consumerName = client.getName();
            this.consumerUri = URI.create(client.getRedirects().get(0));
            this.authorizationDate = new Date(refreshToken.getAuthorizationDate().longValue());
            this.scopes = getScopes(refreshToken.getScope());
            this.revokeUrl = str + "/" + refreshToken.getId();
            this.oauth2 = true;
        }

        private String[] getScopes(Scope scope) {
            List<String> list = (List) scope.getScopeAndInheritedScopes().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList());
            filterOutAdminIfSystemAdminPresent(list);
            lowestScopeFirst(list);
            return (String[]) list.toArray(new String[0]);
        }

        private void filterOutAdminIfSystemAdminPresent(List<String> list) {
            if (list.contains("SYSTEM_ADMIN")) {
                list.remove("ADMIN_WRITE");
                list.remove("ADMIN");
            }
        }

        private void lowestScopeFirst(List<String> list) {
            Collections.reverse(list);
        }

        private String resolveConsumerName(ServiceProviderToken serviceProviderToken) {
            return serviceProviderToken.hasProperty(TokenPropertiesFactory.ALTERNAME_CONSUMER_NAME) ? serviceProviderToken.getProperty(TokenPropertiesFactory.ALTERNAME_CONSUMER_NAME) : serviceProviderToken.getConsumer().getName();
        }

        public String getToken() {
            return this.token;
        }

        public String getConsumerName() {
            return this.consumerName;
        }

        public String getConsumerHostName() {
            URI consumerUri = getConsumerUri();
            if (consumerUri == null) {
                return null;
            }
            return consumerUri.getHost();
        }

        public URI getConsumerUri() {
            return this.consumerUri;
        }

        public Date getCreationTime() {
            return this.authorizationDate;
        }

        public String[] getScopes() {
            return this.scopes;
        }

        public String getRevokeUrl() {
            return this.revokeUrl;
        }

        public boolean isOauth2() {
            return this.oauth2;
        }
    }

    public AccessTokensServletContext(LocaleResolver localeResolver, ApplicationProperties applicationProperties, ServiceProviderTokenStore serviceProviderTokenStore, OAuth2OsgiServiceFactory oAuth2OsgiServiceFactory) {
        this.localeResolver = (LocaleResolver) Objects.requireNonNull(localeResolver, DispatcherServlet.LOCALE_RESOLVER_BEAN_NAME);
        this.applicationProperties = (ApplicationProperties) Objects.requireNonNull(applicationProperties, "applicationProperties");
        this.store = (ServiceProviderTokenStore) Objects.requireNonNull(serviceProviderTokenStore, "store");
        this.oAuth2OsgiServiceFactory = (OAuth2OsgiServiceFactory) Objects.requireNonNull(oAuth2OsgiServiceFactory, "oAuth2OsgiServiceFactory");
    }

    @Nonnull
    public Map<String, Object> getContext(String str) {
        Locale locale = this.localeResolver.getLocale();
        HashMap hashMap = new HashMap();
        hashMap.put("tokenItems", getTokenRepresentations(str));
        hashMap.put("dateFormat", DateFormat.getDateInstance(2, locale));
        hashMap.put("timeFormat", DateFormat.getTimeInstance(3, locale));
        hashMap.put("productName", StringUtils.capitalize(this.applicationProperties.getDisplayName().toLowerCase()));
        hashMap.put(CustomAppStore.BASE_URL, this.applicationProperties.getBaseUrl(UrlMode.CANONICAL));
        hashMap.put("scopeDescriptions", this.oAuth2OsgiServiceFactory.getScopeDescriptionService().map((v0) -> {
            return v0.getScopeDescriptionsWithTitle();
        }).orElse(Collections.emptyMap()));
        return hashMap;
    }

    private List<TokenRepresentation> getTokenRepresentations(String str) {
        return (List) Stream.concat(getOAuth1TokenRepresentations(str), getOAuth2TokenRepresentations()).collect(Collectors.toList());
    }

    private Stream<TokenRepresentation> getOAuth1TokenRepresentations(String str) {
        return StreamSupport.stream(this.store.getAccessTokensForUser(str).spliterator(), false).map(TokenRepresentation::new);
    }

    private Stream<TokenRepresentation> getOAuth2TokenRepresentations() {
        return (Stream) this.oAuth2OsgiServiceFactory.getOAuth2ProviderService().map(oAuth2ProviderService -> {
            String revocationEndpoint = oAuth2ProviderService.getOAuth2AuthorizationServerMetadata().getRevocationEndpoint();
            return getOAuth2TokensForClients(oAuth2ProviderService).entrySet().stream().flatMap(entry -> {
                return ((List) entry.getValue()).stream().map(refreshToken -> {
                    return new TokenRepresentation((Client) entry.getKey(), refreshToken, revocationEndpoint);
                });
            });
        }).orElse(Stream.empty());
    }

    private Map<Client, List<RefreshToken>> getOAuth2TokensForClients(OAuth2ProviderService oAuth2ProviderService) {
        HashMap hashMap = new HashMap();
        for (RefreshToken refreshToken : oAuth2ProviderService.listCurrentUsersRefreshTokens()) {
            if (hashMap.containsKey(refreshToken.getClientId())) {
                ((List) ((Pair) hashMap.get(refreshToken.getClientId())).getRight()).add(refreshToken);
            } else {
                oAuth2ProviderService.findClient(refreshToken.getClientId()).ifPresent(client -> {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(refreshToken);
                    hashMap.put(refreshToken.getClientId(), Pair.of(client, arrayList));
                });
            }
        }
        return (Map) hashMap.values().stream().collect(Collectors.toMap((v0) -> {
            return v0.getLeft();
        }, (v0) -> {
            return v0.getRight();
        }));
    }
}
