package com.atlassian.plugins.hipchat.rest;

import com.atlassian.annotations.Internal;
import com.atlassian.hipchat.api.ResourceError;
import com.atlassian.hipchat.api.Result;
import com.atlassian.plugins.hipchat.admin.XsrfTokenGenerator;
import com.atlassian.plugins.hipchat.api.link.HipChatLinkProvider;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2BeginData;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2CompleteData;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2FlowException;
import com.atlassian.plugins.hipchat.api.routes.DefaultHipChatRoutesProvider;
import com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.user.UserManager;
import java.net.URI;
import javax.annotation.concurrent.Immutable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.codehaus.jackson.annotate.JsonCreator;
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.annotate.JsonProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path(DefaultHipChatRoutesProvider.OAUTH2_RESOURCE_PATH)
/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:base-hipchat-integration-plugin-6.27.3.jar:com/atlassian/plugins/hipchat/rest/HipChatOAuth2Resource.class */
public class HipChatOAuth2Resource {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HipChatOAuth2Resource.class);
    private final Oauth2AuthoriseService oauth2AuthoriseService;
    private final XsrfTokenGenerator tokenGenerator;
    private final HipChatLinkProvider hipChatLinkProvider;
    private final UserManager userManager;

    @Internal
    @JsonIgnoreProperties(ignoreUnknown = true)
    @Immutable
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:base-hipchat-integration-plugin-6.27.3.jar:com/atlassian/plugins/hipchat/rest/HipChatOAuth2Resource$OauthRequestData.class */
    public static class OauthRequestData {
        public final String redirect;
        public final String redirectQuery;
        public final String redirectFragment;

        @JsonCreator
        public OauthRequestData(@JsonProperty("redirect") String str, @JsonProperty("redirectQuery") String str2, @JsonProperty("redirectFragment") String str3) {
            this.redirect = str;
            this.redirectQuery = str2;
            this.redirectFragment = str3;
        }
    }

    public HipChatOAuth2Resource(Oauth2AuthoriseService oauth2AuthoriseService, XsrfTokenGenerator xsrfTokenGenerator, HipChatLinkProvider hipChatLinkProvider, UserManager userManager) {
        this.oauth2AuthoriseService = oauth2AuthoriseService;
        this.tokenGenerator = xsrfTokenGenerator;
        this.hipChatLinkProvider = hipChatLinkProvider;
        this.userManager = userManager;
    }

    @Path("/begin")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response beginOauth2(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, OauthRequestData oauthRequestData) {
        Result<URI> beginOauth2 = this.oauth2AuthoriseService.beginOauth2(new Oauth2BeginData(httpServletRequest, URI.create(oauthRequestData.redirect), oauthRequestData.redirectQuery, oauthRequestData.redirectFragment), this.tokenGenerator.generateToken(httpServletRequest));
        if (!beginOauth2.isError()) {
            return Response.ok(beginOauth2.success()).build();
        }
        ResourceError error = beginOauth2.error();
        LOGGER.warn(error.getMessage(), error.toThrowable());
        return Response.serverError().entity(error).build();
    }

    @GET
    @Path("/complete")
    @Consumes({"application/json"})
    @Produces({"application/json"})
    public Response completeOauth2(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @QueryParam("code") String str, @QueryParam("state") String str2) {
        UserKey remoteUserKey = this.userManager.getRemoteUserKey();
        if (remoteUserKey == null) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        if (!this.hipChatLinkProvider.getDefaultLink().isEmpty() && this.tokenGenerator.validateToken(httpServletRequest, str2)) {
            Result<URI> completeOauth2 = this.oauth2AuthoriseService.completeOauth2(new Oauth2CompleteData(str, httpServletRequest, remoteUserKey));
            if (!completeOauth2.isError()) {
                return Response.temporaryRedirect(completeOauth2.success()).build();
            }
            ResourceError error = completeOauth2.error();
            Throwable throwable = error.toThrowable();
            LOGGER.warn(error.getMessage(), throwable);
            if (!(throwable instanceof Oauth2FlowException)) {
                return Response.serverError().entity(completeOauth2.error()).build();
            }
            Oauth2FlowException oauth2FlowException = (Oauth2FlowException) throwable;
            httpServletRequest.getSession().setAttribute("hipchat.oauth2.error", throwable.getMessage());
            httpServletRequest.getSession().setAttribute("hipchat.oauth2.error.status.code", Integer.valueOf(oauth2FlowException.getError().getStatusCode()));
            return Response.temporaryRedirect(oauth2FlowException.getRedirectUri()).build();
        }
        return Response.status(Response.Status.BAD_REQUEST).build();
    }

    @DELETE
    public Response deleteUserLink() {
        UserKey remoteUserKey = this.userManager.getRemoteUserKey();
        return remoteUserKey == null ? Response.status(Response.Status.FORBIDDEN).build() : !this.oauth2AuthoriseService.removeOauth2Configuration(remoteUserKey) ? Response.status(Response.Status.NOT_FOUND).build() : Response.noContent().build();
    }
}
