package com.slack.api.bolt.middleware.builtin;

import com.slack.api.bolt.AppConfig;
import com.slack.api.bolt.context.Context;
import com.slack.api.bolt.middleware.Middleware;
import com.slack.api.bolt.middleware.MiddlewareChain;
import com.slack.api.bolt.middleware.MiddlewareOps;
import com.slack.api.bolt.model.Bot;
import com.slack.api.bolt.model.Installer;
import com.slack.api.bolt.request.Request;
import com.slack.api.bolt.request.RequestType;
import com.slack.api.bolt.response.Response;
import com.slack.api.bolt.response.ResponseTypes;
import com.slack.api.bolt.service.InstallationService;
import com.slack.api.bolt.util.Responder;
import com.slack.api.methods.MethodsClient;
import com.slack.api.methods.SlackApiException;
import com.slack.api.methods.response.auth.AuthTestResponse;
import com.slack.api.model.block.LayoutBlock;
import com.slack.api.token_rotation.RefreshedToken;
import com.slack.api.token_rotation.TokenRotator;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/slack/api/bolt/middleware/builtin/MultiTeamsAuthorization.class */
public class MultiTeamsAuthorization implements Middleware {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MultiTeamsAuthorization.class);
    private final AppConfig config;
    private final InstallationService installationService;
    private final TokenRotator tokenRotator;
    private final ConcurrentMap<String, CachedAuthTestResponse> tokenToAuthTestCache = new ConcurrentHashMap();
    private final Optional<ScheduledExecutorService> tokenToAuthTestCacheCleaner;
    private boolean alwaysRequestUserTokenNeeded;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/slack/api/bolt/middleware/builtin/MultiTeamsAuthorization$CachedAuthTestResponse.class */
    public static class CachedAuthTestResponse {
        private AuthTestResponse response;
        private long cachedMillis;

        @Generated
        public AuthTestResponse getResponse() {
            return this.response;
        }

        @Generated
        public long getCachedMillis() {
            return this.cachedMillis;
        }

        @Generated
        public void setResponse(AuthTestResponse authTestResponse) {
            this.response = authTestResponse;
        }

        @Generated
        public void setCachedMillis(long j) {
            this.cachedMillis = j;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CachedAuthTestResponse)) {
                return false;
            }
            CachedAuthTestResponse cachedAuthTestResponse = (CachedAuthTestResponse) obj;
            if (!cachedAuthTestResponse.canEqual(this) || getCachedMillis() != cachedAuthTestResponse.getCachedMillis()) {
                return false;
            }
            AuthTestResponse response = getResponse();
            AuthTestResponse response2 = cachedAuthTestResponse.getResponse();
            return response == null ? response2 == null : response.equals(response2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof CachedAuthTestResponse;
        }

        @Generated
        public int hashCode() {
            long cachedMillis = getCachedMillis();
            int i = (1 * 59) + ((int) ((cachedMillis >>> 32) ^ cachedMillis));
            AuthTestResponse response = getResponse();
            return (i * 59) + (response == null ? 43 : response.hashCode());
        }

        @Generated
        public String toString() {
            return "MultiTeamsAuthorization.CachedAuthTestResponse(response=" + getResponse() + ", cachedMillis=" + getCachedMillis() + ")";
        }

        @Generated
        public CachedAuthTestResponse(AuthTestResponse authTestResponse, long j) {
            this.response = authTestResponse;
            this.cachedMillis = j;
        }
    }

    public boolean isAlwaysRequestUserTokenNeeded() {
        return this.alwaysRequestUserTokenNeeded;
    }

    public void setAlwaysRequestUserTokenNeeded(boolean z) {
        this.alwaysRequestUserTokenNeeded = z;
    }

    public MultiTeamsAuthorization(AppConfig appConfig, InstallationService installationService) {
        this.config = appConfig;
        this.installationService = installationService;
        this.tokenRotator = new TokenRotator(appConfig.getSlack().methods(), appConfig.getTokenRotationExpirationMillis(), appConfig.getClientId(), appConfig.getClientSecret());
        setAlwaysRequestUserTokenNeeded(appConfig.isAlwaysRequestUserTokenNeeded());
        if (!appConfig.isAuthTestCacheEnabled()) {
            this.tokenToAuthTestCacheCleaner = Optional.empty();
            return;
        }
        if (appConfig.getAuthTestCacheExpirationMillis() < 0) {
            this.tokenToAuthTestCacheCleaner = Optional.empty();
        } else {
            this.tokenToAuthTestCacheCleaner = Optional.of(buildTokenToAuthTestCacheCleaner(() -> {
                long currentTimeMillis = System.currentTimeMillis() - appConfig.getAuthTestCacheExpirationMillis();
                for (Map.Entry<String, CachedAuthTestResponse> entry : this.tokenToAuthTestCache.entrySet()) {
                    if (entry.getValue() == null || entry.getValue().getCachedMillis() < currentTimeMillis) {
                        this.tokenToAuthTestCache.remove(entry.getKey());
                    }
                }
            }));
        }
    }

    private ScheduledExecutorService buildTokenToAuthTestCacheCleaner(Runnable runnable) {
        ScheduledExecutorService createThreadScheduledExecutor = this.config.getExecutorServiceProvider().createThreadScheduledExecutor(MultiTeamsAuthorization.class.getSimpleName());
        createThreadScheduledExecutor.scheduleAtFixedRate(runnable, 120000L, 30000L, TimeUnit.MILLISECONDS);
        log.debug("The tokenToAuthTestCacheCleaner (daemon thread) started");
        return createThreadScheduledExecutor;
    }

    protected void finalize() throws Throwable {
        if (this.tokenToAuthTestCacheCleaner.isPresent()) {
            this.tokenToAuthTestCacheCleaner.get().shutdown();
        }
        super.finalize();
    }

    @Override // com.slack.api.bolt.middleware.Middleware
    public Response apply(Request request, Response response, MiddlewareChain middlewareChain) throws Exception {
        if (!MiddlewareOps.isNoAuthRequiredRequest(request.getRequestType()) && !MiddlewareOps.isNoTokenRequiredRequest(request)) {
            Context context = request.getContext();
            String str = null;
            String str2 = null;
            Bot findBot = this.installationService.findBot(context.getEnterpriseId(), context.getTeamId());
            Installer installer = null;
            if (findBot != null) {
                if (findBot.getBotRefreshToken() != null) {
                    Optional<RefreshedToken> performTokenRotation = this.tokenRotator.performTokenRotation(currentTokenBuilder -> {
                        return currentTokenBuilder.accessToken(findBot.getBotAccessToken()).refreshToken(findBot.getBotRefreshToken()).expiresAt(findBot.getBotTokenExpiresAt().longValue());
                    });
                    if (performTokenRotation.isPresent()) {
                        RefreshedToken refreshedToken = performTokenRotation.get();
                        findBot.setBotAccessToken(refreshedToken.getAccessToken());
                        findBot.setBotRefreshToken(refreshedToken.getRefreshToken());
                        findBot.setBotTokenExpiresAt(Long.valueOf(refreshedToken.getExpiresAt()));
                        this.installationService.saveBot(findBot);
                    }
                }
                str = findBot.getBotAccessToken();
            }
            if ((isAlwaysRequestUserTokenNeeded() || findBot == null) && context.getRequestUserId() != null) {
                installer = this.installationService.findInstaller(context.getEnterpriseId(), context.getTeamId(), context.getRequestUserId());
                if (installer != null) {
                    boolean z = false;
                    if (installer.getInstallerUserRefreshToken() != null) {
                        Optional<RefreshedToken> performTokenRotation2 = this.tokenRotator.performTokenRotation(currentTokenBuilder2 -> {
                            return currentTokenBuilder2.accessToken(installer.getInstallerUserAccessToken()).refreshToken(installer.getInstallerUserRefreshToken()).expiresAt(installer.getInstallerUserTokenExpiresAt().longValue());
                        });
                        z = 0 != 0 || performTokenRotation2.isPresent();
                        if (performTokenRotation2.isPresent()) {
                            RefreshedToken refreshedToken2 = performTokenRotation2.get();
                            installer.setInstallerUserAccessToken(refreshedToken2.getAccessToken());
                            installer.setInstallerUserRefreshToken(refreshedToken2.getRefreshToken());
                            installer.setInstallerUserTokenExpiresAt(Long.valueOf(refreshedToken2.getExpiresAt()));
                        }
                    }
                    if (installer.getBotRefreshToken() != null) {
                        Optional<RefreshedToken> performTokenRotation3 = this.tokenRotator.performTokenRotation(currentTokenBuilder3 -> {
                            return currentTokenBuilder3.accessToken(installer.getBotAccessToken()).refreshToken(installer.getBotRefreshToken()).expiresAt(installer.getBotTokenExpiresAt().longValue());
                        });
                        z = z || performTokenRotation3.isPresent();
                        if (performTokenRotation3.isPresent()) {
                            RefreshedToken refreshedToken3 = performTokenRotation3.get();
                            installer.setBotAccessToken(refreshedToken3.getAccessToken());
                            installer.setBotRefreshToken(refreshedToken3.getRefreshToken());
                            installer.setBotTokenExpiresAt(Long.valueOf(refreshedToken3.getExpiresAt()));
                        }
                    }
                    if (z) {
                        this.installationService.saveInstallerAndBot(installer);
                    }
                    str2 = installer.getInstallerUserAccessToken();
                }
            }
            if (str == null && str2 == null) {
                String responseUrl = request.getResponseUrl();
                if (responseUrl == null) {
                    return buildError(401, null, null, null);
                }
                Responder responder = new Responder(this.config.getSlack(), responseUrl);
                if (request.getRequestType() != null) {
                    List<LayoutBlock> installationGuideBlocks = this.installationService.getInstallationGuideBlocks(context.getEnterpriseId(), context.getTeamId(), context.getRequestUserId());
                    String installationGuideText = installationGuideBlocks == null ? this.installationService.getInstallationGuideText(context.getEnterpriseId(), context.getTeamId(), context.getRequestUserId()) : null;
                    if (request.getRequestType().equals(RequestType.Command)) {
                        if (installationGuideBlocks != null) {
                            responder.sendToCommand(slashCommandResponseBuilder -> {
                                return slashCommandResponseBuilder.responseType(ResponseTypes.ephemeral).blocks(installationGuideBlocks);
                            });
                        } else {
                            responder.sendToCommand(slashCommandResponseBuilder2 -> {
                                return slashCommandResponseBuilder2.responseType(ResponseTypes.ephemeral).text(installationGuideText);
                            });
                        }
                    } else if (installationGuideBlocks != null) {
                        responder.sendToAction(actionResponseBuilder -> {
                            return actionResponseBuilder.responseType(ResponseTypes.ephemeral).blocks(installationGuideBlocks);
                        });
                    } else {
                        responder.sendToAction(actionResponseBuilder2 -> {
                            return actionResponseBuilder2.responseType(ResponseTypes.ephemeral).text(installationGuideText);
                        });
                    }
                    return Response.builder().statusCode(200).build();
                }
            }
            try {
                String str3 = str != null ? str : str2;
                AuthTestResponse callAuthTest = callAuthTest(str3, this.config, context.client());
                if (!callAuthTest.isOk()) {
                    return handleAuthTestError(callAuthTest.getError(), findBot, installer, callAuthTest);
                }
                context.setAuthTestResponse(callAuthTest);
                context.setBotToken(str);
                Map<String, List<String>> httpResponseHeaders = callAuthTest.getHttpResponseHeaders();
                List<String> list = httpResponseHeaders != null ? httpResponseHeaders.get("x-oauth-scopes") : null;
                context.setBotScopes(list != null ? Arrays.asList(list.get(0).split(",")) : null);
                context.setRequestUserToken(str2);
                if (str2 != null && str3 != str2) {
                    Map<String, List<String>> httpResponseHeaders2 = callAuthTest(str2, this.config, context.client()).getHttpResponseHeaders();
                    List<String> list2 = httpResponseHeaders2 != null ? httpResponseHeaders2.get("x-oauth-scopes") : null;
                    context.setRequestUserScopes(list2 != null ? Arrays.asList(list2.get(0).split(",")) : null);
                }
                if (!callAuthTest.isEnterpriseInstall()) {
                    context.setTeamId(callAuthTest.getTeamId());
                }
                context.setEnterpriseId(callAuthTest.getEnterpriseId());
                context.setEnterpriseInstall(callAuthTest.isEnterpriseInstall());
                if (findBot != null) {
                    context.setBotId(findBot.getBotId());
                    context.setBotUserId(callAuthTest.getUserId());
                }
                return middlewareChain.next(request);
            } catch (SlackApiException e) {
                return buildError(503, null, null, e);
            } catch (IOException e2) {
                return buildError(503, null, e2, null);
            }
        }
        return middlewareChain.next(request);
    }

    protected AuthTestResponse callAuthTest(String str, AppConfig appConfig, MethodsClient methodsClient) throws IOException, SlackApiException {
        if (!appConfig.isAuthTestCacheEnabled()) {
            return methodsClient.authTest(authTestRequestBuilder -> {
                return authTestRequestBuilder.token(str);
            });
        }
        CachedAuthTestResponse cachedAuthTestResponse = this.tokenToAuthTestCache.get(str);
        if (cachedAuthTestResponse != null) {
            if (appConfig.getAuthTestCacheExpirationMillis() < 0) {
                return cachedAuthTestResponse.getResponse();
            }
            if (cachedAuthTestResponse.getCachedMillis() + appConfig.getAuthTestCacheExpirationMillis() > System.currentTimeMillis()) {
                return cachedAuthTestResponse.getResponse();
            }
        }
        AuthTestResponse authTest = methodsClient.authTest(authTestRequestBuilder2 -> {
            return authTestRequestBuilder2.token(str);
        });
        this.tokenToAuthTestCache.put(str, new CachedAuthTestResponse(authTest, System.currentTimeMillis()));
        return authTest;
    }

    protected Response handleAuthTestError(String str, Bot bot, Installer installer, AuthTestResponse authTestResponse) throws Exception {
        if (str.equals("account_inactive")) {
            if (bot != null) {
                this.installationService.deleteBot(bot);
            } else if (installer != null) {
                this.installationService.deleteInstaller(installer);
            }
        }
        return buildError(401, authTestResponse, null, null);
    }

    protected Response buildError(int i, AuthTestResponse authTestResponse, IOException iOException, SlackApiException slackApiException) {
        log.info("auth.test result: {}, io error: {}, api error: {}", authTestResponse, iOException, slackApiException);
        return Response.builder().statusCode(Integer.valueOf(i)).contentType(Response.CONTENT_TYPE_APPLICATION_JSON_UTF8).body("{\"error\":\"a request for an unknown workspace detected\"}").build();
    }
}
