package org.keycloak.social.google;

import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.services.oauth2.Oauth2;
import com.google.api.services.oauth2.model.Tokeninfo;
import com.google.api.services.oauth2.model.Userinfo;
import java.util.UUID;
import org.keycloak.services.messages.Messages;
import org.keycloak.social.AuthCallback;
import org.keycloak.social.AuthRequest;
import org.keycloak.social.SocialProvider;
import org.keycloak.social.SocialProviderConfig;
import org.keycloak.social.SocialProviderException;
import org.keycloak.social.SocialUser;

/* loaded from: input_file:WEB-INF/lib/keycloak-social-google-1.0-alpha-1-12062013.jar:org/keycloak/social/google/GoogleProvider.class */
public class GoogleProvider implements SocialProvider {
    private static final String DEFAULT_RESPONSE_TYPE = "code";
    private static final String AUTH_PATH = "https://accounts.google.com/o/oauth2/auth";
    private static final String DEFAULT_SCOPE = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email";
    private static final JacksonFactory JSON_FACTORY = new JacksonFactory();
    private static final NetHttpTransport TRANSPORT = new NetHttpTransport();

    @Override // org.keycloak.social.SocialProvider
    public String getId() {
        return "google";
    }

    @Override // org.keycloak.social.SocialProvider
    public AuthRequest getAuthUrl(SocialProviderConfig socialProviderConfig) throws SocialProviderException {
        String uuid = UUID.randomUUID().toString();
        return AuthRequest.create(uuid, "https://accounts.google.com/o/oauth2/auth").setQueryParam("client_id", socialProviderConfig.getKey()).setQueryParam("response_type", "code").setQueryParam("scope", DEFAULT_SCOPE).setQueryParam("redirect_uri", socialProviderConfig.getCallbackUrl()).setQueryParam("state", uuid).setAttribute("state", uuid).build();
    }

    @Override // org.keycloak.social.SocialProvider
    public String getName() {
        return "Google";
    }

    @Override // org.keycloak.social.SocialProvider
    public SocialUser processCallback(SocialProviderConfig socialProviderConfig, AuthCallback authCallback) throws SocialProviderException {
        String queryParam = authCallback.getQueryParam("code");
        try {
            if (!authCallback.getQueryParam("state").equals(authCallback.getAttribute("state"))) {
                throw new SocialProviderException("Invalid state");
            }
            GoogleCredential fromTokenResponse = new GoogleCredential.Builder().setJsonFactory((JsonFactory) JSON_FACTORY).setTransport((HttpTransport) TRANSPORT).setClientSecrets(socialProviderConfig.getKey(), socialProviderConfig.getSecret()).build().setFromTokenResponse((TokenResponse) new GoogleAuthorizationCodeTokenRequest(TRANSPORT, JSON_FACTORY, socialProviderConfig.getKey(), socialProviderConfig.getSecret(), queryParam, socialProviderConfig.getCallbackUrl().toString()).execute());
            Oauth2 build = new Oauth2.Builder(TRANSPORT, JSON_FACTORY, fromTokenResponse).build();
            Tokeninfo execute = build.tokeninfo().setAccessToken(fromTokenResponse.getAccessToken()).execute();
            if (execute.containsKey(Messages.ERROR)) {
                throw new SocialProviderException((String) execute.get(Messages.ERROR));
            }
            Userinfo execute2 = build.userinfo().get().execute();
            SocialUser socialUser = new SocialUser(execute2.getId());
            socialUser.setUsername(execute2.getEmail());
            socialUser.setFirstName(execute2.getGivenName());
            socialUser.setLastName(execute2.getFamilyName());
            socialUser.setEmail(execute2.getEmail());
            return socialUser;
        } catch (Exception e) {
            throw new SocialProviderException(e);
        }
    }

    @Override // org.keycloak.social.SocialProvider
    public String getRequestIdParamName() {
        return "state";
    }
}
