package com.atlassian.applinks.oauth.auth.twolo.impersonation;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthWithImpersonationAuthenticationProvider;
import com.atlassian.applinks.core.ElevatedPermissionsService;
import com.atlassian.applinks.core.auth.OrphanedTrustAwareAuthenticatorProviderPluginModule;
import com.atlassian.applinks.core.auth.OrphanedTrustCertificate;
import com.atlassian.applinks.host.spi.InternalHostApplication;
import com.atlassian.applinks.internal.common.auth.oauth.OAuthAutoConfigurator;
import com.atlassian.applinks.internal.common.auth.oauth.ServiceProviderStoreService;
import com.atlassian.applinks.internal.common.permission.PermissionLevel;
import com.atlassian.applinks.internal.common.status.oauth.OAuthConfig;
import com.atlassian.applinks.oauth.auth.twolo.AbstractTwoLeggedOAuthAuthenticatorProviderPluginModule;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationException;
import com.atlassian.applinks.spi.auth.AuthenticationConfigurationManager;
import com.atlassian.applinks.spi.auth.AuthenticationScenario;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.consumer.ConsumerService;
import com.atlassian.sal.api.net.RequestFactory;
import com.google.common.base.Throwables;
import java.util.concurrent.Callable;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-oauth-plugin-9.0.15.jar:com/atlassian/applinks/oauth/auth/twolo/impersonation/TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.class */
public class TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule extends AbstractTwoLeggedOAuthAuthenticatorProviderPluginModule implements OrphanedTrustAwareAuthenticatorProviderPluginModule {
    private final AuthenticationConfigurationManager authenticationConfigurationManager;
    private final ConsumerService consumerService;
    private final OAuthAutoConfigurator oAuthAutoConfigurator;
    private final RequestFactory requestFactory;
    private final ServiceProviderStoreService serviceProviderStoreService;
    private final ElevatedPermissionsService elevatedPermissions;

    public TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule(AuthenticationConfigurationManager authenticationConfigurationManager, ConsumerService consumerService, OAuthAutoConfigurator oAuthAutoConfigurator, InternalHostApplication internalHostApplication, RequestFactory requestFactory, ServiceProviderStoreService serviceProviderStoreService, ElevatedPermissionsService elevatedPermissionsService) {
        super(internalHostApplication);
        this.authenticationConfigurationManager = authenticationConfigurationManager;
        this.consumerService = consumerService;
        this.requestFactory = requestFactory;
        this.oAuthAutoConfigurator = oAuthAutoConfigurator;
        this.serviceProviderStoreService = serviceProviderStoreService;
        this.elevatedPermissions = elevatedPermissionsService;
    }

    @Override // com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule
    public AuthenticationProvider getAuthenticationProvider(final ApplicationLink applicationLink) {
        TwoLeggedOAuthWithImpersonationAuthenticationProvider twoLeggedOAuthWithImpersonationAuthenticationProvider = null;
        if (this.authenticationConfigurationManager.isConfigured(applicationLink.getId(), TwoLeggedOAuthWithImpersonationAuthenticationProvider.class)) {
            twoLeggedOAuthWithImpersonationAuthenticationProvider = new TwoLeggedOAuthWithImpersonationAuthenticationProvider() { // from class: com.atlassian.applinks.oauth.auth.twolo.impersonation.TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.1
                @Override // com.atlassian.applinks.api.auth.ImpersonatingAuthenticationProvider
                public ApplicationLinkRequestFactory getRequestFactory(String str) {
                    return new TwoLeggedOAuthWithImpersonationRequestFactoryImpl(applicationLink, TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.this.authenticationConfigurationManager, TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.this.consumerService, TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.this.requestFactory, str);
                }
            };
        }
        return twoLeggedOAuthWithImpersonationAuthenticationProvider;
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public boolean isApplicable(AuthenticationScenario authenticationScenario, ApplicationLink applicationLink) {
        return authenticationScenario.isCommonUserBase() && authenticationScenario.isTrusted();
    }

    @Override // com.atlassian.applinks.core.auth.OrphanedTrustAwareAuthenticatorProviderPluginModule
    public boolean isApplicable(String str) {
        return OrphanedTrustCertificate.Type.OAUTH.name().equals(str);
    }

    @Override // com.atlassian.applinks.spi.auth.IncomingTrustAuthenticationProviderPluginModule
    public boolean incomingEnabled(ApplicationLink applicationLink) {
        Consumer consumer = this.serviceProviderStoreService.getConsumer(applicationLink);
        return consumer != null && consumer.getTwoLOAllowed() && consumer.getTwoLOImpersonationAllowed();
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public void enable(final RequestFactory requestFactory, final ApplicationLink applicationLink) throws AuthenticationConfigurationException {
        try {
            this.elevatedPermissions.executeAs(PermissionLevel.SYSADMIN, new Callable<Void>() { // from class: com.atlassian.applinks.oauth.auth.twolo.impersonation.TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    TwoLeggedOAuthWithImpersonationAuthenticatorProviderPluginModule.this.oAuthAutoConfigurator.enable(OAuthConfig.createOAuthWithImpersonationConfig(), applicationLink, requestFactory);
                    return null;
                }
            });
        } catch (Exception e) {
            Throwables.propagateIfInstanceOf(e, AuthenticationConfigurationException.class);
            throw new AuthenticationConfigurationException(e);
        }
    }

    @Override // com.atlassian.applinks.spi.auth.AutoConfiguringAuthenticatorProviderPluginModule
    public void disable(RequestFactory requestFactory, ApplicationLink applicationLink) throws AuthenticationConfigurationException {
    }

    @Override // com.atlassian.applinks.oauth.auth.twolo.AbstractTwoLeggedOAuthAuthenticatorProviderPluginModule, com.atlassian.applinks.spi.auth.AuthenticationProviderPluginModule
    public Class<? extends AuthenticationProvider> getAuthenticationProviderClass() {
        return TwoLeggedOAuthWithImpersonationAuthenticationProvider.class;
    }
}
