package com.atlassian.confluence.plugins.previews.jwt;

import com.atlassian.config.ConfigurationException;
import com.atlassian.confluence.setup.settings.SettingsManager;
import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.jwt.core.HttpRequestCanonicalizer;
import com.atlassian.jwt.core.writer.JwtClaimsBuilder;
import com.atlassian.jwt.core.writer.NimbusJwtWriterFactory;
import com.atlassian.jwt.httpclient.CanonicalHttpUriRequest;
import com.atlassian.jwt.writer.JwtJsonBuilder;
import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/confluence/plugins/previews/jwt/JwtTokenGenerator.class */
public class JwtTokenGenerator {
    private static final String JWT_EXPIRY_SECONDS_PROPERTY = "com.atlassian.confluence_previews.jwt.expiry_seconds";
    private static final int JWT_EXPIRY_WINDOW_SECONDS_DEFAULT = 60;
    private static final int JWT_EXPIRY_WINDOW_SECONDS = Integer.getInteger(JWT_EXPIRY_SECONDS_PROPERTY, JWT_EXPIRY_WINDOW_SECONDS_DEFAULT).intValue();
    private static final Logger log = LoggerFactory.getLogger(JwtTokenGenerator.class);
    private final SettingsManager settingsManager;
    private final ConfluencePreviewsJwtIssuer jwtIssuer;

    @Autowired
    public JwtTokenGenerator(@Nonnull ConfluencePreviewsJwtIssuer confluencePreviewsJwtIssuer, @Nonnull SettingsManager settingsManager) throws ConfigurationException {
        this.jwtIssuer = confluencePreviewsJwtIssuer;
        this.settingsManager = settingsManager;
    }

    public int getJWTExpiryWindowSeconds() {
        return JWT_EXPIRY_WINDOW_SECONDS;
    }

    public String generate(String str, String str2, URI uri, String str3) {
        return generate(str, str2, uri, URI.create(this.settingsManager.getGlobalSettings().getBaseUrl()), str3, this.jwtIssuer.getSharedSecret());
    }

    public String generate(String str, String str2, URI uri, URI uri2, String str3, String str4) {
        return encodeJwt(str, str2, uri, uri2, str3, this.jwtIssuer.getName(), str4);
    }

    private String encodeJwt(String str, String str2, URI uri, URI uri2, String str3, String str4, String str5) {
        Preconditions.checkNotNull(str2);
        Preconditions.checkNotNull(uri);
        Preconditions.checkNotNull(uri2);
        Preconditions.checkNotNull(str5);
        JwtJsonBuilder subject = new JwtTokenLogic().createJsonBuilder(str3, str4, JWT_EXPIRY_WINDOW_SECONDS).subject(str);
        Map emptyMap = Collections.emptyMap();
        try {
            if (!StringUtils.isEmpty(uri.getQuery())) {
                emptyMap = new HashMap();
                emptyMap.putAll(constructParameterMap(uri));
            }
            CanonicalHttpUriRequest canonicalHttpUriRequest = new CanonicalHttpUriRequest(str2, extractRelativePath(uri, uri2), "", emptyMap);
            log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(canonicalHttpUriRequest));
            JwtClaimsBuilder.appendHttpRequestClaims(subject, canonicalHttpUriRequest);
            return new NimbusJwtWriterFactory().macSigningWriter(SigningAlgorithm.HS256, str5).jsonToJwt(subject.build());
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private String extractRelativePath(URI uri, URI uri2) {
        String rawPath = uri.getRawPath();
        String uri3 = uri.toString();
        String uri4 = uri2.toString();
        if (StringUtils.isEmpty(uri3) || StringUtils.isEmpty(uri4)) {
            return rawPath;
        }
        if (uri3.startsWith(uri4)) {
            return URI.create(StringUtils.removeStart(uri3, uri4)).getRawPath();
        }
        if (uri.isAbsolute()) {
            throw new IllegalArgumentException(String.format("Do not ask for the target URL '%s' to be signed for an add-on with a base URL of '%s': an absolute target URL should begin with the base URL.", uri3, uri4));
        }
        return rawPath;
    }

    private Map<String, String[]> constructParameterMap(URI uri) throws UnsupportedEncodingException {
        String query = uri.getQuery();
        HashMap hashMap = new HashMap();
        Arrays.stream(query.split("&")).map(str -> {
            return str.split("=");
        }).forEach(strArr -> {
            hashMap.putIfAbsent(strArr[0], new ArrayList());
            ((List) hashMap.get(strArr[0])).add(strArr[1]);
        });
        HashMap hashMap2 = new HashMap();
        hashMap.forEach((str2, list) -> {
        });
        return hashMap2;
    }
}
