package com.atlassian.connect.spring.internal.request.oauth2;

import com.atlassian.connect.spring.AtlassianHost;
import com.atlassian.connect.spring.AtlassianHostUser;
import java.net.URI;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

@Component
/* loaded from: input_file:com/atlassian/connect/spring/internal/request/oauth2/OAuth2RestTemplateFactory.class */
public class OAuth2RestTemplateFactory {
    private static final URI DEV_AUTHORIZATION_SERVER_URL = URI.create("https://auth.dev.atlassian.io");
    private static final URI PRODUCTION_AUTHORIZATION_SERVER_URL = URI.create("https://auth.atlassian.io");
    private final OAuth2JwtAssertionGenerator jwtAssertionGenerator;
    private final RestTemplateBuilder restTemplateBuilder;
    private final RestTemplate accessTokenProviderRestTemplate;
    private final String atlassianConnectClientVersion;

    @Autowired
    public OAuth2RestTemplateFactory(OAuth2JwtAssertionGenerator oAuth2JwtAssertionGenerator, RestTemplateBuilder restTemplateBuilder, @Value("${atlassian.connect.client-version}") String str) {
        this.jwtAssertionGenerator = oAuth2JwtAssertionGenerator;
        this.restTemplateBuilder = restTemplateBuilder;
        this.accessTokenProviderRestTemplate = restTemplateBuilder.build();
        this.atlassianConnectClientVersion = str;
    }

    @Cacheable({"oauth-2-clients"})
    public OAuth2RestTemplate getOAuth2RestTemplate(AtlassianHostUser atlassianHostUser) {
        assertValidHostUser(atlassianHostUser);
        URI authorizationServerBaseUrl = getAuthorizationServerBaseUrl(atlassianHostUser.getHost());
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(createProtectedResourceDetails(atlassianHostUser, authorizationServerBaseUrl));
        this.restTemplateBuilder.configure(oAuth2RestTemplate);
        oAuth2RestTemplate.setAccessTokenProvider(createAccessTokenProvider(atlassianHostUser, authorizationServerBaseUrl));
        oAuth2RestTemplate.getInterceptors().add(createRequestInterceptor(atlassianHostUser));
        return oAuth2RestTemplate;
    }

    public RestTemplate getAccessTokenProviderRestTemplate() {
        return this.accessTokenProviderRestTemplate;
    }

    private void assertValidHostUser(AtlassianHostUser atlassianHostUser) {
        if (StringUtils.isEmpty(atlassianHostUser.getHost().getOauthClientId())) {
            throw new IllegalArgumentException("Can not act as a user for a host with no OAuthClientId. Make sure you have ACT_AS_USER scope specified in your descriptor.");
        }
        if (atlassianHostUser.getUserAccountId().isPresent()) {
            return;
        }
        if (atlassianHostUser.getUserKey() == null || !atlassianHostUser.getUserKey().isPresent()) {
            throw new IllegalArgumentException("The provided AtlassianHostUser did not specify a user to act as.");
        }
    }

    private URI getAuthorizationServerBaseUrl(AtlassianHost atlassianHost) {
        return URI.create(atlassianHost.getBaseUrl()).getHost().endsWith(".jira-dev.com") ? DEV_AUTHORIZATION_SERVER_URL : PRODUCTION_AUTHORIZATION_SERVER_URL;
    }

    private OAuth2ProtectedResourceDetails createProtectedResourceDetails(AtlassianHostUser atlassianHostUser, URI uri) {
        return new JwtBearerResourceDetails(atlassianHostUser.getHost().getClientKey(), atlassianHostUser.getHost().getSharedSecret(), uri.toASCIIString());
    }

    private JwtBearerAccessTokenProvider createAccessTokenProvider(AtlassianHostUser atlassianHostUser, URI uri) {
        return new JwtBearerAccessTokenProvider(atlassianHostUser, uri, this.accessTokenProviderRestTemplate, this.jwtAssertionGenerator);
    }

    private OAuth2HttpRequestInterceptor createRequestInterceptor(AtlassianHostUser atlassianHostUser) {
        return new OAuth2HttpRequestInterceptor(atlassianHostUser.getHost(), this.atlassianConnectClientVersion);
    }
}
