package com.atlassian.applinks.core.auth.oauth;

import com.atlassian.applinks.api.ApplicationId;
import com.atlassian.applinks.api.ApplicationLinkRequest;
import com.atlassian.applinks.core.auth.AbstractApplicationLinkResponseHandler;
import com.atlassian.sal.api.net.Response;
import com.google.common.collect.ImmutableSet;
import java.util.Set;
import net.oauth.OAuth;
import net.oauth.OAuthMessage;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/applinks/core/auth/oauth/OAuthRedirectingApplicationLinkResponseHandler.class */
public class OAuthRedirectingApplicationLinkResponseHandler extends AbstractApplicationLinkResponseHandler {
    private static final Logger log = LoggerFactory.getLogger(OAuthRedirectingApplicationLinkResponseHandler.class);
    protected static final Set<String> TOKEN_PROBLEMS = ImmutableSet.of("token_expired", "token_rejected", "token_revoked");
    protected final ConsumerTokenStoreService consumerTokenStoreService;
    protected final ApplicationId applicationId;
    protected final String username;
    protected boolean hasTokenProblems;

    public OAuthRedirectingApplicationLinkResponseHandler(ApplicationLinkRequest applicationLinkRequest, ConsumerTokenStoreService consumerTokenStoreService, ApplicationId applicationId, String str, boolean z) {
        super(applicationLinkRequest, z);
        this.hasTokenProblems = false;
        this.consumerTokenStoreService = consumerTokenStoreService;
        this.username = str;
        this.applicationId = applicationId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkForOAuthProblemAndRemoveConsumerTokenIfNecessary(Response response) {
        String str = (String) response.getHeaders().get("WWW-Authenticate");
        if (StringUtils.isBlank(str)) {
            return;
        }
        for (OAuth.Parameter parameter : OAuthMessage.decodeAuthorization(str)) {
            if ("oauth_problem".equals(parameter.getKey())) {
                log.debug("OAuth request rejected by peer.\nOur OAuth request header: Authorization: " + this.wrappedRequest.getHeaders().get("Authorization") + "\nFull OAuth response header: WWW-Authenticate: " + str);
                if ("timestamp_refused".equals(parameter.getValue())) {
                    log.warn("Peer rejected the timestamp on our OAuth request. This might be due to a replay attack, but it's more likely our system clock is not synchronized with the server's clock. You may turn on debug logging to log the full contents of the OAuth response headers.");
                }
                if (this.consumerTokenStoreService != null && TOKEN_PROBLEMS.contains(parameter.getValue())) {
                    try {
                        this.consumerTokenStoreService.removeConsumerToken(this.applicationId, this.username);
                    } catch (RuntimeException e) {
                        log.error("Failed to delete consumer token for user '" + this.username + "'.", e);
                    }
                    this.hasTokenProblems = true;
                }
            }
        }
    }
}
