package com.atlassian.servicedesk.internal.util.tokens.jwt;

import com.atlassian.beehive.ClusterLock;
import com.atlassian.beehive.ClusterLockService;
import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.jwt.internal.security.SecretGenerator;
import io.atlassian.fugue.Option;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/util/tokens/jwt/JwtSecretKeyServiceImpl.class */
public class JwtSecretKeyServiceImpl implements JwtSecretKeyService {
    private static final String SHARED_SECRET_KEY_LOCK = JwtSecretKeyServiceImpl.class.getCanonicalName();
    private static final long LOCK_TIMEOUT_SECONDS = 60;
    private final Logger logger = LoggerFactory.getLogger(JwtSecretKeyServiceImpl.class);
    private final ClusterLockService clusterLockService;
    private final JwtSecretStore jwtSecretStore;

    @Autowired
    public JwtSecretKeyServiceImpl(ClusterLockService clusterLockService, JwtSecretStore jwtSecretStore) {
        this.clusterLockService = clusterLockService;
        this.jwtSecretStore = jwtSecretStore;
    }

    @Override // com.atlassian.servicedesk.internal.util.tokens.jwt.JwtSecretKeyService
    public String getSecretKey() {
        return (String) this.jwtSecretStore.getSecret().fold(() -> {
            return generateAndStoreSecret();
        }, str -> {
            return str;
        });
    }

    private String generateAndStoreSecret() {
        ClusterLock lockForName = this.clusterLockService.getLockForName(SHARED_SECRET_KEY_LOCK);
        try {
            try {
                boolean tryLock = lockForName.tryLock(LOCK_TIMEOUT_SECONDS, TimeUnit.SECONDS);
                if (!tryLock) {
                    throw new IllegalStateException("Failed to acquire update lock for generating jwt secret");
                }
                Option<String> secret = this.jwtSecretStore.getSecret();
                if (secret.isDefined()) {
                    String str = (String) secret.get();
                    if (tryLock) {
                        lockForName.unlock();
                    }
                    return str;
                }
                String generateSecret = generateSecret();
                this.jwtSecretStore.saveSecret(generateSecret);
                if (tryLock) {
                    lockForName.unlock();
                }
                return generateSecret;
            } catch (InterruptedException e) {
                this.logger.warn(String.format("interrupted while trying to obtain lock with key %s within %d seconds", SHARED_SECRET_KEY_LOCK, Long.valueOf(LOCK_TIMEOUT_SECONDS)));
                throw new IllegalStateException("Failed to acquire update lock for generating jwt secret");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                lockForName.unlock();
            }
            throw th;
        }
    }

    private String generateSecret() {
        return SecretGenerator.generateUrlSafeSharedSecret(SigningAlgorithm.HS256);
    }
}
