package com.atlassian.event.remote.impl.auth;

import com.atlassian.applinks.api.ApplicationLink;
import com.atlassian.applinks.api.ApplicationLinkRequestFactory;
import com.atlassian.applinks.api.auth.Anonymous;
import com.atlassian.applinks.api.auth.AuthenticationProvider;
import com.atlassian.applinks.api.auth.types.TwoLeggedOAuthAuthenticationProvider;
import com.atlassian.event.remote.internal.auth.RequestAuthorizor;
import com.atlassian.oauth.Consumer;
import com.atlassian.oauth.serviceprovider.ServiceProviderConsumerStore;
import com.atlassian.plugin.spring.scanner.annotation.export.ExportAsService;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.sal.api.auth.OAuthRequestVerifierFactory;
import com.atlassian.sal.api.user.UserManager;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@ExportAsService({RequestAuthorizor.class})
@Component
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-remote-event-common-plugin-1.0.5.jar:com/atlassian/event/remote/impl/auth/DefaultRequestAuthorizor.class */
public class DefaultRequestAuthorizor implements RequestAuthorizor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultRequestAuthorizor.class);
    public static final String ATLASSIAN_DEV_MODE = "atlassian.dev.mode";
    public static final String OAUTH_INCOMING_CONSUMER_KEY = "oauth.incoming.consumerkey";
    private final OAuthRequestVerifierFactory oAuthRequestVerifierFactory;
    private final ServiceProviderConsumerStore consumerStore;
    private final UserManager userManager;
    private volatile RequestAuthorizor.Mode mode = RequestAuthorizor.Mode.NORMAL;

    @Autowired
    public DefaultRequestAuthorizor(@ComponentImport OAuthRequestVerifierFactory oAuthRequestVerifierFactory, @ComponentImport ServiceProviderConsumerStore serviceProviderConsumerStore, @ComponentImport UserManager userManager) {
        this.oAuthRequestVerifierFactory = oAuthRequestVerifierFactory;
        this.consumerStore = serviceProviderConsumerStore;
        this.userManager = userManager;
    }

    @Override // com.atlassian.event.remote.internal.auth.RequestAuthorizor
    public boolean isAuthorized() {
        switch (this.mode) {
            case ALLOW_ALL:
                return true;
            case BLOCK_ALL:
                return false;
            default:
                return this.oAuthRequestVerifierFactory.getInstance(null).isVerified() && this.userManager.getRemoteUserKey() == null;
        }
    }

    @Override // com.atlassian.event.remote.internal.auth.RequestAuthorizor
    public void setMode(RequestAuthorizor.Mode mode) {
        if (!isDevMode()) {
            throw new UnsupportedOperationException("Setting the authorization mode is only available in dev-mode.\nUse the system property 'atlassian.dev.mode=true' to set this.");
        }
        this.mode = mode;
    }

    @Override // com.atlassian.event.remote.internal.auth.RequestAuthorizor
    public Iterable<Class<? extends AuthenticationProvider>> getAllowedAuthenticationProviders() {
        return Lists.newArrayList(TwoLeggedOAuthAuthenticationProvider.class);
    }

    @Override // com.atlassian.event.remote.internal.auth.RequestAuthorizor
    public Map<Class<? extends AuthenticationProvider>, Boolean> getAuthenticationProviderStatuses(ApplicationLink applicationLink) {
        return ImmutableMap.of(TwoLeggedOAuthAuthenticationProvider.class, Boolean.valueOf(is2LOConfigured(applicationLink)));
    }

    @Override // com.atlassian.event.remote.internal.auth.RequestAuthorizor
    public ApplicationLinkRequestFactory getAuthorizedRequestFactory(ApplicationLink applicationLink) {
        ApplicationLinkRequestFactory applicationLinkRequestFactory = null;
        if (is2LOConfigured(applicationLink)) {
            applicationLinkRequestFactory = applicationLink.createNonImpersonatingAuthenticatedRequestFactory();
        } else {
            log.debug("Missing 2LO for {}, trying anonymous", applicationLink);
        }
        return applicationLinkRequestFactory != null ? applicationLinkRequestFactory : applicationLink.createAuthenticatedRequestFactory(Anonymous.class);
    }

    private boolean is2LOConfigured(ApplicationLink applicationLink) {
        Consumer consumer;
        Object property = applicationLink.getProperty("oauth.incoming.consumerkey");
        if (property == null || (consumer = this.consumerStore.get(property.toString())) == null) {
            return false;
        }
        return consumer.getTwoLOAllowed();
    }

    private boolean isDevMode() {
        return Boolean.getBoolean("atlassian.dev.mode");
    }
}
