package com.atlassian.jira.mobile.auth;

import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.google.common.annotations.VisibleForTesting;
import java.net.URI;
import java.net.URISyntaxException;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/atlassian/jira/mobile/auth/AuthUrlProvider.class */
public class AuthUrlProvider {
    private static final Logger log = LoggerFactory.getLogger(AuthUrlProvider.class);
    private static final URI ROOT_PATH = URI.create("/");
    private final ApplicationProperties appProps;
    private final LoginUriProvider loginUriProvider;

    @Autowired
    public AuthUrlProvider(ApplicationProperties applicationProperties, LoginUriProvider loginUriProvider) {
        this.appProps = applicationProperties;
        this.loginUriProvider = loginUriProvider;
    }

    public String getLoginUrl(HttpServletRequest httpServletRequest) {
        return getLoginUrl(null, httpServletRequest);
    }

    public String getLoginUrl(String str, HttpServletRequest httpServletRequest) {
        return normalizedUrlString(processUri(this.loginUriProvider.getLoginUri(getRedirectUri(str, httpServletRequest)), httpServletRequest));
    }

    public String getLogoutUrl(HttpServletRequest httpServletRequest) {
        return normalizedUrlString(processUri(SecurityConfigFactory.getInstance().getLogoutURL(), httpServletRequest));
    }

    @VisibleForTesting
    URI getRedirectUri(String str, HttpServletRequest httpServletRequest) {
        URI create = URI.create(this.appProps.getBaseUrl(UrlMode.ABSOLUTE));
        URI processUri = processUri(str, httpServletRequest);
        if (processUri.isAbsolute()) {
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Redirection URI '{}' is absolute; replacing with local instance base URL to prevent open redirect", processUri);
                }
                processUri = processUri(new URI(null, null, processUri.getPath(), processUri.getQuery(), processUri.getFragment()), httpServletRequest);
            } catch (URISyntaxException e) {
                processUri = create;
            }
        }
        URI normalize = create.resolve(processUri.toString()).normalize();
        if (log.isDebugEnabled()) {
            log.debug("Redirection URI parsed as '{}'", normalize);
        }
        return normalize;
    }

    private String normalizedUrlString(URI uri) {
        return (uri.isAbsolute() ? uri : ROOT_PATH.resolve(uri.toString())).normalize().toString();
    }

    private URI processUri(String str, HttpServletRequest httpServletRequest) {
        return processUri(URI.create(str == null ? httpServletRequest.getRequestURI() : str), httpServletRequest);
    }

    private URI processUri(@Nonnull URI uri, HttpServletRequest httpServletRequest) {
        if (uri.isAbsolute()) {
            if (log.isDebugEnabled()) {
                log.debug("Processed URI '{}'; initial location was absolute, so returning that.");
            }
            return uri;
        }
        URI create = URI.create(httpServletRequest.getContextPath());
        URI resolve = ROOT_PATH.resolve(create.toString() + "/" + create.relativize(uri));
        if (log.isDebugEnabled()) {
            log.debug("Processed URI '{}'; converted from initial location '{}' relative to context '{}'", new Object[]{resolve, uri, create});
        }
        return resolve;
    }
}
