package com.atlassian.oauth2.client.lib.web;

import com.atlassian.oauth2.client.RedirectUriSuffixGenerator;
import com.atlassian.oauth2.client.api.ClientConfiguration;
import com.atlassian.oauth2.client.util.ClientHttpsValidator;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import java.net.URI;
import java.util.Objects;
import java.util.function.Consumer;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.helpers.MessageFormatter;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/oauth2-client-plugin-3.1.1.jar:com/atlassian/oauth2/client/lib/web/AuthorizationCodeFlowUrlsProvider.class */
public class AuthorizationCodeFlowUrlsProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthorizationCodeFlowUrlsProvider.class);
    static final String REDIRECT_URL = "/plugins/servlet/oauth2/client/callback";
    static final String START_FLOW_ID = "startFlow";
    private final ApplicationProperties applicationProperties;
    private final ClientHttpsValidator clientHttpsValidator;
    private final RedirectUriSuffixGenerator redirectUriSuffixGenerator;

    public AuthorizationCodeFlowUrlsProvider(ApplicationProperties applicationProperties, ClientHttpsValidator clientHttpsValidator, RedirectUriSuffixGenerator redirectUriSuffixGenerator) {
        this.applicationProperties = applicationProperties;
        this.clientHttpsValidator = clientHttpsValidator;
        this.redirectUriSuffixGenerator = redirectUriSuffixGenerator;
    }

    @Nonnull
    public URI getRedirectUri(ClientConfiguration clientConfiguration) {
        return getRedirectUri(this.redirectUriSuffixGenerator.generateRedirectUriSuffix(clientConfiguration.getAuthorizationEndpoint()));
    }

    @Nonnull
    public URI getRedirectUri(String str) {
        return buildUri(uriBuilder -> {
            uriBuilder.path(str);
        });
    }

    public URI getInitFlowUrl(@Nonnull String str) {
        return buildUri(uriBuilder -> {
            uriBuilder.queryParam(START_FLOW_ID, str);
        });
    }

    @Nonnull
    public URI getProductBaseUrl() {
        return URI.create(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL));
    }

    private URI buildUri(Consumer<UriBuilder> consumer) {
        UriBuilder path = UriBuilder.fromUri(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL)).path(REDIRECT_URL);
        consumer.accept(path);
        URI normalize = path.build(new Object[0]).normalize();
        this.clientHttpsValidator.enforceSecureBaseUrl(normalize);
        return normalize;
    }

    public void validateRedirectUri(ClientConfiguration clientConfiguration, HttpServletRequest httpServletRequest) throws IllegalArgumentException {
        String generateRedirectUriSuffix = this.redirectUriSuffixGenerator.generateRedirectUriSuffix(clientConfiguration.getAuthorizationEndpoint());
        String substringAfterLast = StringUtils.substringAfterLast(StringUtils.removeEnd(httpServletRequest.getRequestURI(), "/"), "/");
        if (Objects.equals(generateRedirectUriSuffix, substringAfterLast)) {
            return;
        }
        String message = MessageFormatter.format("Expected provider {} but got {}.", generateRedirectUriSuffix, substringAfterLast).getMessage();
        logger.error(message);
        throw new IllegalArgumentException(message);
    }
}
