package com.atlassian.confluence.notifications;

import com.atlassian.config.ConfigurationException;
import com.atlassian.confluence.setup.settings.SettingsManager;
import com.atlassian.fugue.Option;
import com.atlassian.jwt.JwtIssuer;
import com.atlassian.jwt.JwtService;
import com.atlassian.jwt.core.HttpRequestCanonicalizer;
import com.atlassian.jwt.core.TimeUtil;
import com.atlassian.jwt.core.writer.JsonSmartJwtJsonBuilder;
import com.atlassian.jwt.core.writer.JwtClaimsBuilder;
import com.atlassian.jwt.httpclient.CanonicalHttpUriRequest;
import com.atlassian.jwt.writer.JwtJsonBuilder;
import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.message.BasicHeaderValueParser;
import org.apache.http.message.ParserCursor;
import org.apache.http.util.CharArrayBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/notifications/JwtTokenGenerator.class */
public class JwtTokenGenerator {
    private static final String XSRF_SUBJECT_PREFIX = "xsrf:";
    private final JwtService jwtService;
    private final SettingsManager settingsManager;
    private final JwtIssuer jwtIssuer;
    private static final char[] QUERY_DELIMITERS = {'&'};
    private static final String JWT_EXPIRY_SECONDS_PROPERTY = "com.atlassian.confluence_notifications.jwt.expiry_seconds";
    private static final int JWT_EXPIRY_WINDOW_SECONDS_DEFAULT = 604800;
    private static final int JWT_EXPIRY_WINDOW_SECONDS = Integer.getInteger(JWT_EXPIRY_SECONDS_PROPERTY, JWT_EXPIRY_WINDOW_SECONDS_DEFAULT).intValue();
    private static final Logger log = LoggerFactory.getLogger(JwtTokenGenerator.class);

    public JwtTokenGenerator(@Nonnull JwtService jwtService, @Nonnull JwtIssuer jwtIssuer, @Nonnull SettingsManager settingsManager) throws ConfigurationException {
        this.jwtIssuer = jwtIssuer;
        this.jwtService = jwtService;
        this.settingsManager = settingsManager;
    }

    private static String urlDecode(String str) throws UnsupportedEncodingException {
        if (null == str) {
            return null;
        }
        return URLDecoder.decode(str, "UTF-8");
    }

    public Option<String> generate(String str, URI uri, String str2) {
        return Option.some(generate(str, uri, URI.create(this.settingsManager.getGlobalSettings().getBaseUrl()), str2, this.jwtIssuer.getSharedSecret()));
    }

    public String generate(String str, URI uri, URI uri2, String str2, String str3) {
        return encodeJwt(str, uri, uri2, str2, this.jwtIssuer.getName(), this.jwtService, str3);
    }

    public String encodeJwt(String str, URI uri, URI uri2, String str2, String str3, JwtService jwtService, String str4) {
        Preconditions.checkArgument(null != str, "HttpMethod argument cannot be null");
        Preconditions.checkArgument(null != uri, "URI argument cannot be null");
        Preconditions.checkArgument(null != uri2, "base URI argument cannot be null");
        Preconditions.checkArgument(null != str4, "secret argument cannot be null");
        JwtJsonBuilder issuer = new JsonSmartJwtJsonBuilder().issuedAt(TimeUtil.currentTimeSeconds()).expirationTime(TimeUtil.currentTimePlusNSeconds(JWT_EXPIRY_WINDOW_SECONDS)).issuer(str3);
        issuer.subject(XSRF_SUBJECT_PREFIX + str2);
        Map emptyMap = Collections.emptyMap();
        try {
            if (!StringUtils.isEmpty(uri.getQuery())) {
                emptyMap = new HashMap();
                emptyMap.putAll(constructParameterMap(uri));
            }
            CanonicalHttpUriRequest canonicalHttpUriRequest = new CanonicalHttpUriRequest(str, extractRelativePath(uri, uri2), "", emptyMap);
            log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(canonicalHttpUriRequest));
            JwtClaimsBuilder.appendHttpRequestClaims(issuer, canonicalHttpUriRequest);
            return jwtService.issueJwt(issuer.build(), str4);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String extractRelativePath(URI uri, URI uri2) {
        String path = uri.getPath();
        String uri3 = uri.toString();
        String uri4 = uri2.toString();
        if (!StringUtils.isEmpty(uri3) && !StringUtils.isEmpty(uri4)) {
            if (uri3.startsWith(uri4)) {
                path = URI.create(StringUtils.removeStart(uri3, uri4)).getPath();
            } else if (uri.isAbsolute()) {
                throw new IllegalArgumentException(String.format("Do not ask for the target URL '%s' to be signed for an add-on with a base URL of '%s': an absolute target URL should begin with the base URL.", uri3, uri4));
            }
        }
        return path;
    }

    private Map<String, String[]> constructParameterMap(URI uri) throws UnsupportedEncodingException {
        String rawQuery = uri.getRawQuery();
        if (rawQuery == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(rawQuery.length());
        charArrayBuffer.append(rawQuery);
        ParserCursor parserCursor = new ParserCursor(0, charArrayBuffer.length());
        while (!parserCursor.atEnd()) {
            NameValuePair parseNameValuePair = BasicHeaderValueParser.DEFAULT.parseNameValuePair(charArrayBuffer, parserCursor, QUERY_DELIMITERS);
            if (!StringUtils.isEmpty(parseNameValuePair.getName())) {
                String urlDecode = urlDecode(parseNameValuePair.getName());
                String urlDecode2 = urlDecode(parseNameValuePair.getValue());
                String[] strArr = (String[]) hashMap.get(urlDecode);
                String[] strArr2 = null == strArr ? new String[1] : (String[]) Arrays.copyOf(strArr, strArr.length + 1);
                strArr2[strArr2.length - 1] = urlDecode2;
                hashMap.put(urlDecode, strArr2);
            }
        }
        return hashMap;
    }
}
