package com.atlassian.connect.spring.internal.request.jwt;

import com.atlassian.connect.spring.AtlassianHost;
import com.atlassian.connect.spring.internal.AtlassianConnectProperties;
import com.atlassian.connect.spring.internal.descriptor.AddonDescriptorLoader;
import com.atlassian.connect.spring.internal.jwt.CanonicalHttpRequest;
import com.atlassian.connect.spring.internal.jwt.CanonicalRequestUtil;
import com.atlassian.connect.spring.internal.request.AtlassianHostUriResolver;
import java.net.URI;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/connect/spring/internal/request/jwt/JwtGenerator.class */
public class JwtGenerator {
    private static final Logger log = LoggerFactory.getLogger(JwtGenerator.class);
    private AtlassianHostUriResolver hostUriResolver;
    private AddonDescriptorLoader addonDescriptorLoader;
    private AtlassianConnectProperties atlassianConnectProperties;
    private JwtQueryHashGenerator queryHashGenerator;

    @Autowired
    public JwtGenerator(AtlassianHostUriResolver atlassianHostUriResolver, AddonDescriptorLoader addonDescriptorLoader, AtlassianConnectProperties atlassianConnectProperties, JwtQueryHashGenerator jwtQueryHashGenerator) {
        this.hostUriResolver = atlassianHostUriResolver;
        this.addonDescriptorLoader = addonDescriptorLoader;
        this.atlassianConnectProperties = atlassianConnectProperties;
        this.queryHashGenerator = jwtQueryHashGenerator;
    }

    public String createJwtToken(HttpMethod httpMethod, URI uri) {
        assertUriAbsolute(uri);
        return internalCreateJwtToken(httpMethod, uri, getHostFromRequestUri(uri));
    }

    public String createJwtToken(HttpMethod httpMethod, URI uri, AtlassianHost atlassianHost) {
        assertUriAbsolute(uri);
        assertRequestToHost(uri, atlassianHost);
        return internalCreateJwtToken(httpMethod, uri, atlassianHost);
    }

    private String internalCreateJwtToken(HttpMethod httpMethod, URI uri, AtlassianHost atlassianHost) {
        CanonicalHttpRequest createCanonicalHttpRequest = this.queryHashGenerator.createCanonicalHttpRequest(httpMethod, uri, atlassianHost.getBaseUrl());
        log.debug("Generating JWT with canonical request: {}", CanonicalRequestUtil.toVerboseString(createCanonicalHttpRequest));
        return new JwtBuilder(Duration.of(this.atlassianConnectProperties.getJwtExpirationTime().intValue(), ChronoUnit.SECONDS)).issuer(this.addonDescriptorLoader.getDescriptor().getKey()).queryHash(this.queryHashGenerator.computeCanonicalRequestHash(createCanonicalHttpRequest)).signature(atlassianHost.getSharedSecret()).build();
    }

    private void assertUriAbsolute(URI uri) {
        if (!uri.isAbsolute()) {
            throw new IllegalArgumentException("The given URI is not absolute");
        }
    }

    private void assertRequestToHost(URI uri, AtlassianHost atlassianHost) {
        if (!AtlassianHostUriResolver.isRequestToHost(uri, atlassianHost)) {
            throw new IllegalArgumentException("The given URI is not under the base URL of the given host");
        }
    }

    private AtlassianHost getHostFromRequestUri(URI uri) {
        return this.hostUriResolver.getHostFromRequestUrl(uri).orElseThrow(() -> {
            return new IllegalArgumentException("The given URI is not under the base URL of any installed host");
        });
    }
}
