package com.atlassian.plugin.connect.plugin.auth.jwt;

import com.atlassian.jwt.JwtService;
import com.atlassian.jwt.core.HttpRequestCanonicalizer;
import com.atlassian.jwt.core.TimeUtil;
import com.atlassian.jwt.core.writer.JwtClaimsBuilder;
import com.atlassian.jwt.httpclient.CanonicalHttpUriRequest;
import com.atlassian.jwt.writer.JwtJsonBuilder;
import com.atlassian.jwt.writer.JwtJsonBuilderFactory;
import com.atlassian.plugin.connect.api.request.HttpMethod;
import com.atlassian.sal.api.user.UserProfile;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.message.BasicHeaderValueParser;
import org.apache.http.message.ParserCursor;
import org.apache.http.util.CharArrayBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/auth/jwt/JwtEncoder.class */
public class JwtEncoder {
    private final JwtJsonBuilderFactory jwtBuilderFactory;
    private final JwtService jwtService;
    private static final char[] QUERY_DELIMITERS = {'&'};
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JwtEncoder.class);
    private static final long JWT_EXPIRY_WINDOW_SECONDS_DEFAULT = TimeUnit.MINUTES.toSeconds(3);
    private static final String JWT_EXPIRY_SECONDS_PROPERTY = "com.atlassian.connect.jwt.expiry_seconds";
    private static final long JWT_EXPIRY_WINDOW_SECONDS = Long.getLong(JWT_EXPIRY_SECONDS_PROPERTY, JWT_EXPIRY_WINDOW_SECONDS_DEFAULT).longValue();

    public JwtEncoder(JwtJsonBuilderFactory jwtJsonBuilderFactory, JwtService jwtService) {
        this.jwtBuilderFactory = jwtJsonBuilderFactory;
        this.jwtService = jwtService;
    }

    public String encodeJwt(HttpMethod httpMethod, URI uri, URI uri2, Map<String, String[]> map, String str, String str2, Optional<UserProfile> optional) {
        Preconditions.checkArgument(null != httpMethod, "HttpMethod argument cannot be null");
        Preconditions.checkArgument(null != uri, "URI argument cannot be null");
        Preconditions.checkArgument(null != uri2, "base URI argument cannot be null");
        Preconditions.checkArgument(null != str2, "secret argument cannot be null");
        long currentTimeSeconds = TimeUtil.currentTimeSeconds();
        JwtJsonBuilder issuer = this.jwtBuilderFactory.jsonBuilder().issuedAt(currentTimeSeconds).expirationTime(currentTimeSeconds + JWT_EXPIRY_WINDOW_SECONDS).issuer(str);
        Map<String, String[]> map2 = map;
        try {
            if (!StringUtils.isEmpty(uri.getQuery())) {
                map2 = new HashMap(map);
                map2.putAll(constructParameterMap(uri));
            }
            CanonicalHttpUriRequest canonicalHttpUriRequest = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(uri, uri2), "", map2);
            log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(canonicalHttpUriRequest));
            JwtClaimsBuilder.appendHttpRequestClaims(issuer, canonicalHttpUriRequest);
            JwtUserContextBuilder.addUserContextObject(issuer, optional);
            return this.jwtService.issueJwt(issuer.build(), str2);
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static String extractRelativePath(URI uri, URI uri2) {
        String path = uri.getPath();
        String uri3 = uri.toString();
        String uri4 = uri2.toString();
        if (!StringUtils.isEmpty(uri3) && !StringUtils.isEmpty(uri4)) {
            if (uri3.startsWith(uri4)) {
                path = URI.create(StringUtils.removeStart(uri3, uri4)).getPath();
            } else if (uri.isAbsolute()) {
                throw new IllegalArgumentException(String.format("Do not ask for the target URL '%s' to be signed for an add-on with a base URL of '%s': an absolute target URL should begin with the base URL.", uri3, uri4));
            }
        }
        return path;
    }

    @VisibleForTesting
    public static Map<String, String[]> constructParameterMap(URI uri) throws UnsupportedEncodingException {
        String rawQuery = uri.getRawQuery();
        if (rawQuery == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        CharArrayBuffer charArrayBuffer = new CharArrayBuffer(rawQuery.length());
        charArrayBuffer.append(rawQuery);
        ParserCursor parserCursor = new ParserCursor(0, charArrayBuffer.length());
        while (!parserCursor.atEnd()) {
            NameValuePair parseNameValuePair = BasicHeaderValueParser.INSTANCE.parseNameValuePair(charArrayBuffer, parserCursor, QUERY_DELIMITERS);
            if (!StringUtils.isEmpty(parseNameValuePair.getName())) {
                String urlDecode = urlDecode(parseNameValuePair.getName());
                String urlDecode2 = urlDecode(parseNameValuePair.getValue());
                String[] strArr = (String[]) hashMap.get(urlDecode);
                String[] strArr2 = null == strArr ? new String[1] : (String[]) Arrays.copyOf(strArr, strArr.length + 1);
                strArr2[strArr2.length - 1] = urlDecode2;
                hashMap.put(urlDecode, strArr2);
            }
        }
        return hashMap;
    }

    private static String urlDecode(String str) throws UnsupportedEncodingException {
        if (null == str) {
            return null;
        }
        return URLDecoder.decode(str, "UTF-8");
    }
}
