package org.picketlink.social.standalone.google;

import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleRefreshTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.services.oauth2.Oauth2;
import com.google.api.services.oauth2.model.Tokeninfo;
import com.google.api.services.oauth2.model.Userinfo;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.picketlink.social.standalone.google.InteractionState;
import org.picketlink.social.standalone.oauth.OAuthConstants;
import org.picketlink.social.standalone.oauth.SocialException;
import org.picketlink.social.standalone.oauth.SocialExceptionCode;

/* loaded from: input_file:org/picketlink/social/standalone/google/GoogleProcessor.class */
public class GoogleProcessor {
    protected static Logger log = Logger.getLogger(GoogleProcessor.class);
    private final String returnURL;
    private final String clientID;
    private final String clientSecret;
    private final String accessType;
    private final String applicationName;
    private final SecureRandom secureRandom;
    private final Set<String> scopes = new HashSet();
    private final HttpTransport TRANSPORT = new NetHttpTransport();
    private final JacksonFactory JSON_FACTORY = new JacksonFactory();

    public GoogleProcessor(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        checkNotNullParam("clientID", str);
        checkNotNullParam("clientSecret", str2);
        checkNotNullParam("returnURL", str3);
        this.clientID = str;
        this.clientSecret = str2;
        this.returnURL = str3;
        this.accessType = str4 != null ? str4 : "offline";
        this.applicationName = str5 != null ? str5 : "someApp";
        str6 = str6 == null ? "SHA1PRNG" : str6;
        try {
            this.secureRandom = SecureRandom.getInstance(str6);
            addScopesFromString(str7 == null ? "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" : str7, this.scopes);
            if (log.isTraceEnabled()) {
                log.trace("configuration: clientId=" + str + ", clientSecret=" + str2 + ", returnURL=" + str3 + ", scope=" + this.scopes + ", accessType=" + str4 + ", applicationName=" + str5 + ", randomAlgorithm=" + str6);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Can't create secureRandom", e);
        }
    }

    public InteractionState processOAuthInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SocialException {
        return processOAuthInteractionImpl(httpServletRequest, httpServletResponse, this.scopes);
    }

    protected InteractionState processOAuthInteractionImpl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<String> set) throws IOException, SocialException {
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(GoogleConstants.ATTRIBUTE_AUTH_STATE);
        if (str == null || str.isEmpty()) {
            return initialInteraction(httpServletRequest, httpServletResponse, set);
        }
        if (!str.equals(InteractionState.State.AUTH.name())) {
            return new InteractionState(InteractionState.State.valueOf(str), null);
        }
        GoogleAccessTokenContext validateTokenAndUpdateScopes = validateTokenAndUpdateScopes(new GoogleAccessTokenContext(obtainAccessToken(httpServletRequest), ""));
        session.removeAttribute(GoogleConstants.ATTRIBUTE_AUTH_STATE);
        session.removeAttribute(GoogleConstants.ATTRIBUTE_VERIFICATION_STATE);
        return new InteractionState(InteractionState.State.FINISH, validateTokenAndUpdateScopes);
    }

    protected InteractionState initialInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<String> set) throws IOException {
        String generateSecureString = generateSecureString();
        String build = new GoogleAuthorizationCodeRequestUrl(this.clientID, this.returnURL, set).setState(generateSecureString).setAccessType(this.accessType).build();
        if (log.isTraceEnabled()) {
            log.trace("Starting OAuth2 interaction with Google+");
            log.trace("URL to send to Google+: " + build);
        }
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute(GoogleConstants.ATTRIBUTE_VERIFICATION_STATE, generateSecureString);
        session.setAttribute(GoogleConstants.ATTRIBUTE_AUTH_STATE, InteractionState.State.AUTH.name());
        httpServletResponse.sendRedirect(build);
        return new InteractionState(InteractionState.State.AUTH, null);
    }

    protected GoogleTokenResponse obtainAccessToken(HttpServletRequest httpServletRequest) throws SocialException {
        String str = (String) httpServletRequest.getSession().getAttribute(GoogleConstants.ATTRIBUTE_VERIFICATION_STATE);
        String parameter = httpServletRequest.getParameter(OAuthConstants.STATE_PARAMETER);
        if (str == null || parameter == null || !str.equals(parameter)) {
            throw new SocialException(SocialExceptionCode.INVALID_STATE, "Validation of state parameter failed. stateFromSession=" + str + ", stateFromRequest=" + parameter);
        }
        String parameter2 = httpServletRequest.getParameter(OAuthConstants.ERROR_PARAMETER);
        if (parameter2 != null) {
            if (OAuthConstants.ERROR_ACCESS_DENIED.equals(parameter2)) {
                throw new SocialException(SocialExceptionCode.USER_DENIED_SCOPE, parameter2);
            }
            throw new SocialException(SocialExceptionCode.UNKNOWN_ERROR, parameter2);
        }
        try {
            GoogleTokenResponse execute = new GoogleAuthorizationCodeTokenRequest(this.TRANSPORT, this.JSON_FACTORY, this.clientID, this.clientSecret, httpServletRequest.getParameter(OAuthConstants.CODE_PARAMETER), this.returnURL).execute();
            if (log.isTraceEnabled()) {
                log.trace("Successfully obtained accessToken from google: " + execute);
            }
            return execute;
        } catch (IOException e) {
            throw new SocialException(SocialExceptionCode.INVALID_CLIENT, "Error when obtaining access token from Google: " + e.getMessage(), e);
        }
    }

    public GoogleAccessTokenContext validateTokenAndUpdateScopes(GoogleAccessTokenContext googleAccessTokenContext) throws SocialException {
        Tokeninfo executeRequest = new GoogleRequest<Tokeninfo>() { // from class: org.picketlink.social.standalone.google.GoogleProcessor.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.social.standalone.google.GoogleRequest
            public Tokeninfo invokeRequest(GoogleAccessTokenContext googleAccessTokenContext2) throws IOException {
                GoogleTokenResponse tokenData = googleAccessTokenContext2.getTokenData();
                return (Tokeninfo) GoogleProcessor.this.getOAuth2Instance(googleAccessTokenContext2).tokeninfo().setAccessToken(GoogleProcessor.this.getGoogleCredential(tokenData).getAccessToken()).execute();
            }

            @Override // org.picketlink.social.standalone.google.GoogleRequest
            protected SocialException createException(IOException iOException) {
                return iOException instanceof HttpResponseException ? new SocialException(SocialExceptionCode.ACCESS_TOKEN_ERROR, "Error when obtaining tokenInfo: " + iOException.getMessage(), iOException) : new SocialException(SocialExceptionCode.IO_ERROR, "IO Error when obtaining tokenInfo: " + iOException.getMessage(), iOException);
            }
        }.executeRequest(googleAccessTokenContext, this);
        if (executeRequest.containsKey(OAuthConstants.ERROR_PARAMETER)) {
            throw new SocialException(SocialExceptionCode.ACCESS_TOKEN_ERROR, "Error during token validation: " + executeRequest.get(OAuthConstants.ERROR_PARAMETER).toString());
        }
        if (!executeRequest.getIssuedTo().equals(this.clientID)) {
            throw new SocialException(SocialExceptionCode.ACCESS_TOKEN_ERROR, "Token's client ID does not match app's. clientID from tokenINFO: " + executeRequest.getIssuedTo());
        }
        if (log.isTraceEnabled()) {
            log.trace("Successfully validated accessToken from google: " + executeRequest);
        }
        return new GoogleAccessTokenContext(googleAccessTokenContext.getTokenData(), executeRequest.getScope());
    }

    public Userinfo obtainUserInfo(GoogleAccessTokenContext googleAccessTokenContext) throws SocialException {
        final Oauth2 oAuth2Instance = getOAuth2Instance(googleAccessTokenContext);
        Userinfo executeRequest = new GoogleRequest<Userinfo>() { // from class: org.picketlink.social.standalone.google.GoogleProcessor.2
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.social.standalone.google.GoogleRequest
            public Userinfo invokeRequest(GoogleAccessTokenContext googleAccessTokenContext2) throws IOException {
                return (Userinfo) oAuth2Instance.userinfo().v2().me().get().execute();
            }

            @Override // org.picketlink.social.standalone.google.GoogleRequest
            protected SocialException createException(IOException iOException) {
                return iOException instanceof HttpResponseException ? new SocialException(SocialExceptionCode.ACCESS_TOKEN_ERROR, "Error when obtaining userInfo: " + iOException.getMessage(), iOException) : new SocialException(SocialExceptionCode.IO_ERROR, "IO Error when obtaining userInfo: " + iOException.getMessage(), iOException);
            }
        }.executeRequest(googleAccessTokenContext, this);
        if (log.isTraceEnabled()) {
            log.trace("Successfully obtained userInfo from google: " + executeRequest);
        }
        return executeRequest;
    }

    public Oauth2 getOAuth2Instance(GoogleAccessTokenContext googleAccessTokenContext) {
        return new Oauth2.Builder(this.TRANSPORT, this.JSON_FACTORY, getGoogleCredential(googleAccessTokenContext.getTokenData())).setApplicationName(this.applicationName).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GoogleCredential getGoogleCredential(GoogleTokenResponse googleTokenResponse) {
        return new GoogleCredential.Builder().setJsonFactory(this.JSON_FACTORY).setTransport(this.TRANSPORT).setClientSecrets(this.clientID, this.clientSecret).build().setFromTokenResponse(googleTokenResponse);
    }

    public void revokeToken(GoogleAccessTokenContext googleAccessTokenContext) throws SocialException {
        new GoogleRequest<Void>() { // from class: org.picketlink.social.standalone.google.GoogleProcessor.3
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.social.standalone.google.GoogleRequest
            public Void invokeRequest(GoogleAccessTokenContext googleAccessTokenContext2) throws IOException {
                GoogleTokenResponse tokenData = googleAccessTokenContext2.getTokenData();
                GoogleProcessor.this.TRANSPORT.createRequestFactory().buildGetRequest(new GenericUrl("https://accounts.google.com/o/oauth2/revoke?token=" + tokenData.getAccessToken())).execute();
                if (!log.isTraceEnabled()) {
                    return null;
                }
                log.trace("Revoked token " + tokenData);
                return null;
            }

            @Override // org.picketlink.social.standalone.google.GoogleRequest
            protected SocialException createException(IOException iOException) {
                return new SocialException(SocialExceptionCode.TOKEN_REVOCATION_FAILED, "Error when revoking token", iOException);
            }
        }.executeRequest(googleAccessTokenContext, this);
    }

    public void refreshToken(GoogleAccessTokenContext googleAccessTokenContext) {
        GoogleTokenResponse tokenData = googleAccessTokenContext.getTokenData();
        if (tokenData.getRefreshToken() == null) {
            throw new SocialException(SocialExceptionCode.GOOGLE_ERROR, "Given GoogleTokenResponse does not contain refreshToken");
        }
        try {
            GoogleTokenResponse execute = new GoogleRefreshTokenRequest(this.TRANSPORT, this.JSON_FACTORY, tokenData.getRefreshToken(), this.clientID, this.clientSecret).execute();
            tokenData.setAccessToken(execute.getAccessToken());
            if (log.isTraceEnabled()) {
                log.trace("AccessToken refreshed successfully with value " + execute.getAccessToken());
            }
        } catch (IOException e) {
            throw new SocialException(SocialExceptionCode.GOOGLE_ERROR, e.getMessage(), e);
        }
    }

    private void addScopesFromString(String str, Set<String> set) {
        for (String str2 : str.split(" ")) {
            set.add(str2);
        }
    }

    private void checkNotNullParam(String str, String str2) {
        if (str2 == null) {
            throw new IllegalArgumentException("Parameter '" + str + "' must be not null");
        }
    }

    protected String generateSecureString() {
        return String.valueOf(this.secureRandom.nextLong());
    }
}
