package com.atlassian.jira.ipd.mail;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.mail.MailException;
import com.atlassian.mail.auth.JiraMailOAuth2Credentials;
import com.atlassian.mail.msgraph.service.ExternalMailPuller;
import com.atlassian.mail.msgraph.settings.dto.MailSettingsDTO;
import com.atlassian.mail.msgraph.settings.providers.MicrosoftOAuthMailConnectionSettingsProvider;
import com.atlassian.mail.server.AbstractMSGraphMailServer;
import com.atlassian.mail.server.MailServer;
import com.atlassian.mail.server.auth.AuthenticationContextAware;
import com.atlassian.oauth2.client.api.storage.TokenHandler;
import com.atlassian.oauth2.client.api.storage.token.ClientTokenStorageService;
import com.atlassian.oauth2.client.api.storage.token.exception.RecoverableTokenException;
import com.atlassian.oauth2.client.api.storage.token.exception.UnrecoverableTokenException;
import io.atlassian.fugue.Either;
import io.atlassian.fugue.Option;
import java.time.Duration;
import java.util.function.Function;
import javax.mail.MessagingException;
import javax.mail.NoSuchProviderException;
import javax.mail.Session;
import javax.mail.Store;
import javax.mail.URLName;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/ipd/mail/DefaultIncomingConnectionVerifier.class */
public class DefaultIncomingConnectionVerifier implements ConnectionVerifier {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultIncomingConnectionVerifier.class);
    private static final long MAX_TIMEOUT = 10000;
    private static final long OAUTH_REFRESH_DURATION_IN_MIN = 5;
    private final ClientTokenStorageService clientTokenStorageService;
    private final TokenHandler tokenHandler;
    private final Function<MailServer, MicrosoftOAuthMailConnectionSettingsProvider> createProvider;

    @VisibleForTesting
    DefaultIncomingConnectionVerifier(ClientTokenStorageService clientTokenStorageService, TokenHandler tokenHandler, Function<MailServer, MicrosoftOAuthMailConnectionSettingsProvider> function) {
        this.clientTokenStorageService = clientTokenStorageService;
        this.tokenHandler = tokenHandler;
        this.createProvider = function;
    }

    public DefaultIncomingConnectionVerifier() {
        this.clientTokenStorageService = (ClientTokenStorageService) ComponentAccessor.getOSGiComponentInstanceOfType(ClientTokenStorageService.class);
        this.tokenHandler = (TokenHandler) ComponentAccessor.getOSGiComponentInstanceOfType(TokenHandler.class);
        this.createProvider = this::defaultCreateProvider;
    }

    @Override // com.atlassian.jira.ipd.mail.ConnectionVerifier
    public void verifyConnection(MailServer mailServer) throws Exception {
        try {
            if (mailServer instanceof AbstractMSGraphMailServer) {
                doVerifyMSGraphServer(mailServer);
            } else {
                doVerify(mailServer);
            }
        } catch (Exception e) {
            throw new MailException("Failed to connect to incoming mail server", e);
        }
    }

    private void doVerify(MailServer mailServer) throws NamingException, MailException, MessagingException {
        Store store = getStore(mailServer);
        Throwable th = null;
        try {
            try {
                if (mailServer instanceof AuthenticationContextAware) {
                    ((AuthenticationContextAware) mailServer).smartConnect(store);
                } else {
                    store.connect(mailServer.getHostname(), Integer.parseInt(mailServer.getPort()), mailServer.getUsername(), mailServer.getPassword());
                }
                verifyAccess(store);
                if (store != null) {
                    if (0 == 0) {
                        store.close();
                        return;
                    }
                    try {
                        store.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (store != null) {
                if (th != null) {
                    try {
                        store.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    store.close();
                }
            }
            throw th4;
        }
    }

    private void doVerifyMSGraphServer(MailServer mailServer) throws MailException {
        Option httpMailClient = this.createProvider.apply(mailServer).getHttpMailClient();
        if (!httpMailClient.isDefined()) {
            throw new MailException("HTTP mail client is not defined.");
        }
        Either verifyConnection = ((ExternalMailPuller) httpMailClient.get()).verifyConnection();
        if (verifyConnection.isLeft()) {
            throw new MailException("Failed to verify MSGraph mail server connection.", (Throwable) verifyConnection.left().get());
        }
    }

    private Option<String> getOAuthToken(String str) {
        if (!this.clientTokenStorageService.getById(str).isPresent()) {
            LOG.debug("Token with id {} cannot be found", str);
            return Option.none();
        }
        try {
            return Option.some(this.tokenHandler.getRefreshedToken(str, Duration.ofMinutes(5L)).getAccessToken());
        } catch (RecoverableTokenException e) {
            LOG.debug("Recoverable exception fetching OAuth token", e);
            return Option.none();
        } catch (UnrecoverableTokenException e2) {
            LOG.debug("OAuth token is unrecoverable - manual re-authorisation required", e2);
            return Option.none();
        }
    }

    private static void verifyAccess(Store store) throws MessagingException {
        store.getFolder("INBOX").open(1);
    }

    private Store getStore(MailServer mailServer) throws NamingException, MailException, NoSuchProviderException {
        Session cloneSessionWithMaxTimeout = ConnectionVerifier.cloneSessionWithMaxTimeout(mailServer.getSession(), 10000L);
        return mailServer instanceof AuthenticationContextAware ? cloneSessionWithMaxTimeout.getStore(new URLName(mailServer.getMailProtocol().getProtocol(), (String) null, Integer.parseInt(mailServer.getPort()), (String) null, (String) null, (String) null)) : cloneSessionWithMaxTimeout.getStore(mailServer.getMailProtocol().getProtocol());
    }

    private MicrosoftOAuthMailConnectionSettingsProvider defaultCreateProvider(MailServer mailServer) {
        JiraMailOAuth2Credentials credentials = ((AbstractMSGraphMailServer) mailServer).getAuthenticationContext().getCredentials();
        return new MicrosoftOAuthMailConnectionSettingsProvider(new MailSettingsDTO(0, mailServer.getUsername(), 0L, 10000L, "inbox"), () -> {
            return getOAuthToken(credentials.getTokenId());
        });
    }
}
