package com.atlassian.jira.plugins.importer.github.fetch.auth;

import com.atlassian.jira.plugins.importer.github.fetch.RobustGitHubClient;
import com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator;
import com.atlassian.jira.plugins.importer.github.util.HttpClientFactory;
import com.atlassian.jira.util.I18nHelper;
import com.google.common.base.Optional;
import com.google.common.base.Splitter;
import com.google.common.collect.Iterables;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import javax.annotation.Nullable;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.log4j.Logger;
import org.codehaus.jackson.map.ObjectMapper;
import org.eclipse.egit.github.core.client.GitHubClient;
import org.eclipse.egit.github.core.client.IGitHubConstants;
import org.eclipse.egit.github.core.service.UserService;
import org.osgi.framework.Constants;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-importers-github-plugin-2.0.8.jar:com/atlassian/jira/plugins/importer/github/fetch/auth/GithubAuthenticatorImpl.class */
public class GithubAuthenticatorImpl implements GithubAuthenticator {
    public static final String IMPORTER_TOKEN_NAME = "JIRA-Github-Importer";
    private static final String GITHUB_CLASSIC_URL = "https://api.github.com";
    private final I18nHelper i18nHelper;
    private String username;
    private String url;
    private String password;
    private String validAuthToken;
    private final Logger log = Logger.getLogger(getClass());
    private final HttpClient client = HttpClientFactory.createHttpClient();
    private boolean is2FA = false;
    private boolean isEnterprise = false;
    private int authorizationId = -1;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-importers-github-plugin-2.0.8.jar:com/atlassian/jira/plugins/importer/github/fetch/auth/GithubAuthenticatorImpl$AuthorizationRequest.class */
    public static class AuthorizationRequest {
        public String[] scopes;
        public String note;

        private AuthorizationRequest(String[] strArr, String str) {
            this.scopes = strArr;
            this.note = str;
        }

        public static AuthorizationRequest getDefault() {
            return new AuthorizationRequest(new String[]{"repo"}, GithubAuthenticatorImpl.IMPORTER_TOKEN_NAME);
        }

        public static String getDefaultAsJson() throws IOException {
            return new ObjectMapper().writeValueAsString(getDefault());
        }
    }

    public GithubAuthenticatorImpl(I18nHelper i18nHelper) {
        this.i18nHelper = i18nHelper;
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public void setGithubEnterpriseUrl(String str) {
        this.url = str;
        this.isEnterprise = true;
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public GithubAuthenticator.AuthorizationResponse authenticateGithub(String str, String str2) {
        this.username = str;
        this.password = str2;
        return getAccessToken(null);
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public GithubAuthenticator.AuthorizationResponse authenticateAndValidateGithubToken(String str) {
        try {
            if (new UserService(buildAuthenticatedClient(str)).getUser() == null) {
                return GithubAuthenticator.AuthorizationResponse.error("Invalid token");
            }
            this.validAuthToken = str;
            return GithubAuthenticator.AuthorizationResponse.ok(str);
        } catch (IOException e) {
            return GithubAuthenticator.AuthorizationResponse.error("Invalid token");
        }
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public GithubAuthenticator.AuthorizationResponse tryAuthenticateWith2FAToken(String str) throws IllegalStateException {
        return getAccessToken(str);
    }

    private String getText(String str) {
        return this.i18nHelper.getText(str);
    }

    private String getText(String str, Object... objArr) {
        return this.i18nHelper.getText(str, objArr);
    }

    private GithubAuthenticator.AuthorizationResponse getAccessToken(@Nullable String str) {
        try {
            GithubAuthenticator.AuthorizationResponse createNewAccessToken = createNewAccessToken(str);
            if (createNewAccessToken.getState() == GithubAuthenticator.AuthState.ERROR && GithubAuthenticator.AuthorizationResponse.ALREADY_EXISTS_ERROR.equals(createNewAccessToken.getError())) {
                deleteAuthorization(getAuthorizationId(str), str);
                createNewAccessToken = createNewAccessToken(str);
            }
            return createNewAccessToken;
        } catch (IOException e) {
            String text = getText("com.atlassian.jira.plugins.importer.github.error.cannot.connect", e.getMessage());
            this.log.error(text, e);
            return GithubAuthenticator.AuthorizationResponse.error(text);
        } catch (Exception e2) {
            String text2 = getText("com.atlassian.jira.plugins.importer.github.error.unknown", e2.getMessage());
            this.log.error(text2, e2);
            return GithubAuthenticator.AuthorizationResponse.error(text2);
        }
    }

    private GithubAuthenticator.AuthorizationResponse createNewAccessToken(@Nullable String str) throws Exception {
        HttpUriRequest httpUriRequest = null;
        try {
            try {
                try {
                    HttpPost httpPost = new HttpPost(UriBuilder.fromPath(buildAPIUrl() + IGitHubConstants.SEGMENT_AUTHORIZATIONS).build(new Object[0]).toString());
                    httpPost.addHeader(BasicScheme.authenticate((Credentials) new UsernamePasswordCredentials(this.username, this.password), "UTF-8", false));
                    httpPost.setEntity(new StringEntity(AuthorizationRequest.getDefaultAsJson()));
                    if (str != null) {
                        httpPost.addHeader("X-GitHub-OTP", str);
                    }
                    HttpResponse execute = this.client.execute(httpPost);
                    InputStream content = execute.getEntity().getContent();
                    StatusLine statusLine = execute.getStatusLine();
                    int statusCode = statusLine.getStatusCode();
                    if (statusCode == 201) {
                        JsonElement parse = new JsonParser().parse(new InputStreamReader(content, "UTF-8"));
                        this.authorizationId = parse.getAsJsonObject().get("id").getAsInt();
                        this.validAuthToken = parse.getAsJsonObject().get("token").getAsString();
                        GithubAuthenticator.AuthorizationResponse ok = GithubAuthenticator.AuthorizationResponse.ok(this.validAuthToken);
                        IOUtils.closeQuietly(content);
                        return ok;
                    }
                    if (statusCode == 422) {
                        httpPost.abort();
                        GithubAuthenticator.AuthorizationResponse alreadyExists = GithubAuthenticator.AuthorizationResponse.alreadyExists();
                        IOUtils.closeQuietly(content);
                        return alreadyExists;
                    }
                    if (statusCode != 401) {
                        throw new IOException(getText("com.atlassian.jira.plugins.importer.github.error.incorrect.status", statusLine));
                    }
                    GithubAuthenticator.AuthorizationResponse handleUnauthorized = handleUnauthorized(execute);
                    IOUtils.closeQuietly(content);
                    return handleUnauthorized;
                } catch (Exception e) {
                    if (0 != 0) {
                        httpUriRequest.abort();
                    }
                    throw e;
                }
            } catch (IOException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    private int getAuthorizationId(String str) throws IOException {
        HttpGet httpGet = null;
        InputStream inputStream = null;
        try {
            try {
                httpGet = new HttpGet(UriBuilder.fromPath(buildAPIUrl() + IGitHubConstants.SEGMENT_AUTHORIZATIONS).build(new Object[0]).toString());
                httpGet.addHeader(BasicScheme.authenticate((Credentials) new UsernamePasswordCredentials(this.username, this.password), "UTF-8", false));
                if (str != null) {
                    httpGet.addHeader("X-GitHub-OTP", str);
                }
                inputStream = this.client.execute(httpGet).getEntity().getContent();
                int authorizationId = getAuthorizationId(inputStream);
                IOUtils.closeQuietly(inputStream);
                return authorizationId;
            } catch (RuntimeException e) {
                if (httpGet != null) {
                    httpGet.abort();
                }
                throw e;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private int getAuthorizationId(InputStream inputStream) throws IOException {
        JsonArray asJsonArray = new JsonParser().parse(new InputStreamReader(inputStream, "UTF-8")).getAsJsonArray();
        for (int i = 0; i < asJsonArray.size(); i++) {
            JsonObject asJsonObject = asJsonArray.get(i).getAsJsonObject();
            JsonElement jsonElement = asJsonObject.get("note");
            if (jsonElement != null && jsonElement.isJsonPrimitive() && IMPORTER_TOKEN_NAME.equals(jsonElement.getAsString())) {
                this.authorizationId = asJsonObject.get("id").getAsInt();
                return this.authorizationId;
            }
        }
        throw new IOException("Cannot find auth token for: JIRA-Github-Importer");
    }

    private void deleteAuthorization(int i, String str) throws Exception {
        HttpDelete httpDelete = null;
        try {
            httpDelete = new HttpDelete(UriBuilder.fromPath(buildAPIUrl() + "/authorizations/" + i).build(new Object[0]).toString());
            httpDelete.addHeader(BasicScheme.authenticate((Credentials) new UsernamePasswordCredentials(this.username, this.password), "UTF-8", false));
            if (str != null) {
                httpDelete.addHeader("X-GitHub-OTP", str);
            }
            this.client.execute(httpDelete);
        } catch (RuntimeException e) {
            if (httpDelete != null) {
                httpDelete.abort();
            }
            throw e;
        }
    }

    private GithubAuthenticator.AuthorizationResponse handleUnauthorized(HttpResponse httpResponse) {
        Optional<String> optional = get2FAHeader(httpResponse);
        if (!optional.isPresent()) {
            return GithubAuthenticator.AuthorizationResponse.error(getText("com.atlassian.jira.plugins.importer.github.error.incorrect.username.or.password"));
        }
        this.is2FA = true;
        return Constants.FRAMEWORK_BUNDLE_PARENT_APP.equals(optional.get()) ? GithubAuthenticator.AuthorizationResponse.actionRequired(GithubAuthenticator.AuthState.TWO_FACTOR_AUTH_REQUIRED_APP) : GithubAuthenticator.AuthorizationResponse.actionRequired(GithubAuthenticator.AuthState.TWO_FACTOR_AUTH_REQUIRED_SMS);
    }

    private String buildAPIUrl() {
        return this.isEnterprise ? String.format("%s/api/v3", this.url) : "https://api.github.com";
    }

    private Optional<String> get2FAHeader(HttpResponse httpResponse) {
        Header firstHeader = httpResponse.getFirstHeader("X-GitHub-OTP");
        return firstHeader == null ? Optional.absent() : Optional.of(Iterables.get(Splitter.on(';').trimResults().split(firstHeader.getValue()), 1));
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public boolean isTwoFactorAuthenticationEnabled() {
        return this.is2FA;
    }

    private void deleteAuthorization() {
        HttpDelete httpDelete = null;
        InputStream inputStream = null;
        try {
            try {
                httpDelete = new HttpDelete(UriBuilder.fromPath(buildAPIUrl() + "/authorizations/" + this.authorizationId).build(new Object[0]).toString());
                HttpResponse execute = this.client.execute(httpDelete);
                if (execute.getStatusLine().getStatusCode() != 204) {
                    this.log.warn("Cannot delete github authorization with id: " + this.authorizationId);
                }
                inputStream = execute.getEntity().getContent();
                IOUtils.closeQuietly(inputStream);
            } catch (IOException e) {
                this.log.warn("Cannot delete github authorization with id: " + this.authorizationId);
                IOUtils.closeQuietly(inputStream);
            } catch (RuntimeException e2) {
                if (httpDelete != null) {
                    httpDelete.abort();
                }
                throw e2;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public void cleanUp() {
        if (this.authorizationId > 0) {
            deleteAuthorization();
        }
        this.authorizationId = -1;
        this.username = null;
        this.password = null;
        this.url = null;
        this.client.getConnectionManager().shutdown();
    }

    @Override // com.atlassian.jira.plugins.importer.github.fetch.auth.GithubAuthenticator
    public GitHubClient buildAuthenticatedClient() {
        return buildAuthenticatedClient(this.validAuthToken);
    }

    public GitHubClient buildAuthenticatedClient(String str) {
        RobustGitHubClient robustGitHubClient;
        if (this.url != null) {
            try {
                URL url = new URL(this.url);
                robustGitHubClient = new RobustGitHubClient(url.getHost(), url.getPort(), url.getProtocol());
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        } else {
            robustGitHubClient = new RobustGitHubClient();
        }
        robustGitHubClient.setOAuth2Token(str);
        return robustGitHubClient;
    }
}
