package com.atlassian.plugins.hipchat.oauth2;

import com.atlassian.fugue.Effect;
import com.atlassian.fugue.Option;
import com.atlassian.fugue.Suppliers;
import com.atlassian.hipchat.api.HipChatScope;
import com.atlassian.hipchat.api.ResourceError;
import com.atlassian.hipchat.api.Result;
import com.atlassian.hipchat.api.session.GenerateTokenResult;
import com.atlassian.hipchat.api.session.SessionResult;
import com.atlassian.hipchat.api.users.User;
import com.atlassian.hipchat.api.users.UserService;
import com.atlassian.plugins.hipchat.ao.AOHipChatUser;
import com.atlassian.plugins.hipchat.api.CallbackType;
import com.atlassian.plugins.hipchat.api.HipChatLink;
import com.atlassian.plugins.hipchat.api.HipChatUserId;
import com.atlassian.plugins.hipchat.api.link.HipChatLinkProvider;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2BeginData;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2CompleteData;
import com.atlassian.plugins.hipchat.api.oauth2.Oauth2FlowException;
import com.atlassian.plugins.hipchat.api.routes.HipChatRoutesProvider;
import com.atlassian.plugins.hipchat.descriptor.HipChatScopesManager;
import com.atlassian.plugins.hipchat.user.HipChatAOUserManager;
import com.atlassian.plugins.hipchat.user.HipChatUserMapper;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.usersettings.UserSettings;
import com.atlassian.sal.api.usersettings.UserSettingsBuilder;
import com.atlassian.sal.api.usersettings.UserSettingsService;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Functions;
import com.google.common.collect.Sets;
import java.net.URI;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:base-hipchat-integration-plugin-6.27.3.jar:com/atlassian/plugins/hipchat/oauth2/DefaultOauth2AuthoriseService.class */
public class DefaultOauth2AuthoriseService implements Oauth2AuthoriseService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultOauth2AuthoriseService.class);

    @VisibleForTesting
    static final String OAUTH_2_REDIRECT_SESSION_KEY = "oauth2redirect";

    @VisibleForTesting
    static final String OAUTH_2_REDIRECT_QUERY_SESSION_KEY = "oauth2redirectQuery";

    @VisibleForTesting
    static final String OAUTH_2_REDIRECT_FRAGMENT = "oauth2redirectFragment";

    @VisibleForTesting
    static final String OAUTH2_COMPLETED = "oauth2.configuration.completed";
    static final long WAIT_FOR_USER = 10;
    private final HipChatLinkProvider hipChatLinkProvider;
    private final HipChatUserMapper userKeyHipChatUserMapper;
    private final HipChatAOUserManager hipChatAOUserManager;
    private final HipChatRoutesProvider hipChatRoutesProvider;
    private final UserSettingsService userSettingsService;
    private final I18nResolver i18nResolver;
    private final HipChatScopesManager hipChatScopesManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService$2, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:base-hipchat-integration-plugin-6.27.3.jar:com/atlassian/plugins/hipchat/oauth2/DefaultOauth2AuthoriseService$2.class */
    public class AnonymousClass2 implements Function<HipChatUserId, Boolean> {
        final /* synthetic */ UserKey val$userKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService$2$1, reason: invalid class name */
        /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:base-hipchat-integration-plugin-6.27.3.jar:com/atlassian/plugins/hipchat/oauth2/DefaultOauth2AuthoriseService$2$1.class */
        public class AnonymousClass1 implements Effect<HipChatLink> {
            final /* synthetic */ Option val$user;

            AnonymousClass1(Option option) {
                this.val$user = option;
            }

            @Override // com.atlassian.fugue.Effect
            public void apply(HipChatLink hipChatLink) {
                hipChatLink.getAddonApi().sessions().deleteSession(((AOHipChatUser) this.val$user.get()).getUserToken()).fold(new Function<Throwable, Void>() { // from class: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService.2.1.1
                    @Override // com.google.common.base.Function
                    public Void apply(Throwable th) {
                        DefaultOauth2AuthoriseService.LOG.error("Exception deleting OAuth session for user " + AnonymousClass2.this.val$userKey, th);
                        return null;
                    }
                }, new Function<Result<Void>, Void>() { // from class: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService.2.1.2
                    @Override // com.google.common.base.Function
                    public Void apply(Result<Void> result) {
                        return (Void) result.fold(new Function<ResourceError, Void>() { // from class: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService.2.1.2.1
                            @Override // com.google.common.base.Function
                            public Void apply(ResourceError resourceError) {
                                DefaultOauth2AuthoriseService.LOG.error("Unexpected status " + resourceError.getStatusCode() + ", " + resourceError.getMessage() + " deleting OAuth session for user " + AnonymousClass2.this.val$userKey);
                                return null;
                            }
                        }, Functions.constant(null));
                    }
                });
            }
        }

        AnonymousClass2(UserKey userKey) {
            this.val$userKey = userKey;
        }

        @Override // com.google.common.base.Function
        public Boolean apply(HipChatUserId hipChatUserId) {
            Option<AOHipChatUser> byUserKey = DefaultOauth2AuthoriseService.this.hipChatAOUserManager.getByUserKey(this.val$userKey);
            if (byUserKey.isDefined()) {
                DefaultOauth2AuthoriseService.this.hipChatLinkProvider.getDefaultLink().foreach(new AnonymousClass1(byUserKey));
            } else {
                DefaultOauth2AuthoriseService.LOG.warn("No AOHipChatUser for UserKey '" + this.val$userKey + "', not deleting session from HipChat");
            }
            return Boolean.valueOf(DefaultOauth2AuthoriseService.this.userKeyHipChatUserMapper.removeHipChatUserMapping(this.val$userKey));
        }
    }

    public DefaultOauth2AuthoriseService(HipChatLinkProvider hipChatLinkProvider, HipChatUserMapper hipChatUserMapper, HipChatAOUserManager hipChatAOUserManager, HipChatRoutesProvider hipChatRoutesProvider, UserSettingsService userSettingsService, I18nResolver i18nResolver, HipChatScopesManager hipChatScopesManager) {
        this.hipChatLinkProvider = hipChatLinkProvider;
        this.userKeyHipChatUserMapper = hipChatUserMapper;
        this.hipChatAOUserManager = hipChatAOUserManager;
        this.hipChatRoutesProvider = hipChatRoutesProvider;
        this.userSettingsService = userSettingsService;
        this.i18nResolver = i18nResolver;
        this.hipChatScopesManager = hipChatScopesManager;
    }

    @Override // com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService
    public Result<URI> beginOauth2(Oauth2BeginData oauth2BeginData, String str) {
        Option<HipChatLink> defaultLink = this.hipChatLinkProvider.getDefaultLink();
        if (defaultLink.isEmpty()) {
            return Result.error("hipchat link not found");
        }
        URI generateOauth2Uri = defaultLink.get().getAddonApi().sessions().generateOauth2Uri(this.hipChatRoutesProvider.oauth2Callbacks().get(CallbackType.Oauth2), str, (HipChatScope[]) getHipChatUserScopes().toArray(HipChatScope.EMPTY_SCOPES_ARRAY));
        HttpSession session = oauth2BeginData.getServletRequest().getSession();
        session.setAttribute(OAUTH_2_REDIRECT_SESSION_KEY, oauth2BeginData.getRedirect());
        session.setAttribute(OAUTH_2_REDIRECT_QUERY_SESSION_KEY, oauth2BeginData.getRedirectQuery());
        session.setAttribute(OAUTH_2_REDIRECT_FRAGMENT, oauth2BeginData.getFragment());
        return Result.success(generateOauth2Uri);
    }

    private Set<HipChatScope> getHipChatUserScopes() {
        return Sets.intersection(this.hipChatScopesManager.getLastSynchronisedScopes(), Sets.newHashSet(HipChatScope.ViewGroup, HipChatScope.ManageRooms, HipChatScope.AdminGroup));
    }

    @Override // com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService
    public Result<URI> completeOauth2(Oauth2CompleteData oauth2CompleteData) {
        URI extractRedirectFromRequest = extractRedirectFromRequest(oauth2CompleteData.getRequest());
        Option<HipChatLink> defaultLink = this.hipChatLinkProvider.getDefaultLink();
        if (defaultLink.isEmpty()) {
            return makeErrorWithRedirectUri(extractRedirectFromRequest, "hipchat link not found");
        }
        try {
            HipChatLink hipChatLink = defaultLink.get();
            Result result = (Result) hipChatLink.getAddonApi().sessions().generateOauth2Token(oauth2CompleteData.getCode(), new HipChatScope[0]).get();
            if (result.isError()) {
                return makeErrorWithRedirectUri(extractRedirectFromRequest, result.error());
            }
            Result result2 = (Result) hipChatLink.getAddonApi().sessions().getSession(((GenerateTokenResult) result.success()).getAccessToken()).get();
            if (result2.isError()) {
                return makeErrorWithRedirectUri(extractRedirectFromRequest, result2.error());
            }
            String id = ((SessionResult) result2.success()).getOwner().getId();
            UserService users = defaultLink.get().getAddonApi().users();
            String text = this.i18nResolver.getText("hipchat.user.unknown");
            try {
                Result result3 = (Result) users.getUser(id).get(10L, TimeUnit.SECONDS);
                if (result3.isSuccess()) {
                    text = ((User) result3.success()).getName();
                }
            } catch (TimeoutException e) {
            }
            return this.userKeyHipChatUserMapper.mapHipChatUser(oauth2CompleteData.getUserKey(), new HipChatUserId(id, hipChatLink.getId()), text, hipChatLink, result.option(), getHipChatUserScopes()).isDefined() ? Result.success(extractRedirectFromRequest) : makeErrorWithRedirectUri(extractRedirectFromRequest, "unable to map user " + oauth2CompleteData.getUserKey() + " with hipchat user " + id);
        } catch (Exception e2) {
            return makeErrorWithRedirectUri(extractRedirectFromRequest, new ResourceError(e2));
        }
    }

    @Override // com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService
    public void setOauth2ConfigurationCompleted(UserKey userKey) {
        this.userSettingsService.updateUserSettings(userKey, new Function<UserSettingsBuilder, UserSettings>() { // from class: com.atlassian.plugins.hipchat.oauth2.DefaultOauth2AuthoriseService.1
            @Override // com.google.common.base.Function
            public UserSettings apply(@Nonnull UserSettingsBuilder userSettingsBuilder) {
                userSettingsBuilder.put(DefaultOauth2AuthoriseService.OAUTH2_COMPLETED, true);
                return userSettingsBuilder.build();
            }
        });
    }

    @Override // com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService
    public boolean isOauth2ConfigurationCompleted(@Nonnull UserKey userKey) {
        return this.userSettingsService.getUserSettings(userKey).getBoolean(OAUTH2_COMPLETED).getOrElse((Option<Boolean>) false).booleanValue();
    }

    @Override // com.atlassian.plugins.hipchat.oauth2.Oauth2AuthoriseService
    public boolean removeOauth2Configuration(@Nonnull UserKey userKey) {
        return ((Boolean) this.userKeyHipChatUserMapper.findHipChatUser(userKey).fold(Suppliers.alwaysFalse(), new AnonymousClass2(userKey))).booleanValue();
    }

    private URI extractRedirectFromRequest(HttpServletRequest httpServletRequest) {
        try {
            URI self = this.hipChatRoutesProvider.self();
            Object attribute = httpServletRequest.getSession().getAttribute(OAUTH_2_REDIRECT_SESSION_KEY);
            String str = (String) httpServletRequest.getSession().getAttribute(OAUTH_2_REDIRECT_QUERY_SESSION_KEY);
            String str2 = (String) httpServletRequest.getSession().getAttribute(OAUTH_2_REDIRECT_FRAGMENT);
            if (attribute == null) {
                httpServletRequest.getSession().removeAttribute(OAUTH_2_REDIRECT_SESSION_KEY);
                return self;
            }
            try {
                UriBuilder replaceQuery = UriBuilder.fromUri(self).path(String.valueOf(attribute)).replaceQuery(StringUtils.defaultString(str));
                if (StringUtils.isNotBlank(str2)) {
                    replaceQuery.fragment(str2);
                }
                URI build = replaceQuery.build(new Object[0]);
                httpServletRequest.getSession().removeAttribute(OAUTH_2_REDIRECT_SESSION_KEY);
                return build;
            } catch (IllegalArgumentException e) {
                return self;
            } catch (UriBuilderException e2) {
                httpServletRequest.getSession().removeAttribute(OAUTH_2_REDIRECT_SESSION_KEY);
                return self;
            }
        } finally {
            httpServletRequest.getSession().removeAttribute(OAUTH_2_REDIRECT_SESSION_KEY);
        }
    }

    private Result<URI> makeErrorWithRedirectUri(URI uri, String str) {
        return makeErrorWithRedirectUri(uri, new ResourceError(new Exception(str)));
    }

    private Result<URI> makeErrorWithRedirectUri(URI uri, ResourceError resourceError) {
        return Result.error(new Oauth2FlowException(resourceError, uri));
    }
}
