package com.atlassian.gadgets.renderer.internal.servlet;

import com.atlassian.sal.api.user.UserManager;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.auth.SecurityTokenDecoder;
import org.apache.shindig.auth.SecurityTokenException;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:com/atlassian/gadgets/renderer/internal/servlet/SecurityTokenServlet.class */
public class SecurityTokenServlet extends HttpServlet {
    private final SecurityTokenDecoder decoder;
    private final UserManager userManager;

    public SecurityTokenServlet(@Qualifier("nonExpirableBlobCrypterSecurityTokenDecoder") SecurityTokenDecoder securityTokenDecoder, UserManager userManager) {
        this.decoder = (SecurityTokenDecoder) Preconditions.checkNotNull(securityTokenDecoder, "decoder");
        this.userManager = (UserManager) Preconditions.checkNotNull(userManager, "userManager");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String remoteUsername = this.userManager.getRemoteUsername(httpServletRequest);
        JSONObject jSONObject = new JSONObject();
        int i = 0;
        String str = "st.0";
        while (true) {
            String str2 = str;
            if (httpServletRequest.getParameter(str2) == null) {
                httpServletResponse.setContentType("application/json");
                try {
                    jSONObject.write(httpServletResponse.getWriter());
                    return;
                } catch (JSONException e) {
                    throw new ServletException(e);
                }
            }
            SecurityToken decode = decode(httpServletRequest.getParameter(str2), httpServletRequest.getRequestURL().toString());
            if (decode == null || !Objects.equal(remoteUsername, decode.getViewerId())) {
                break;
            }
            try {
                jSONObject.put(str2, decode.getUpdatedToken());
            } catch (JSONException e2) {
            }
            i++;
            str = "st." + i;
        }
        httpServletResponse.sendError(HttpResponse.SC_BAD_REQUEST);
    }

    private SecurityToken decode(String str, String str2) {
        try {
            return this.decoder.createToken(ImmutableMap.of(SecurityTokenDecoder.SECURITY_TOKEN_NAME, str, SecurityTokenDecoder.ACTIVE_URL_NAME, str2));
        } catch (SecurityTokenException e) {
            return null;
        }
    }
}
