package org.keycloak.social.google;

import java.util.UUID;
import org.json.JSONObject;
import org.keycloak.social.AuthCallback;
import org.keycloak.social.AuthRequest;
import org.keycloak.social.SocialProvider;
import org.keycloak.social.SocialProviderConfig;
import org.keycloak.social.SocialProviderException;
import org.keycloak.social.SocialUser;
import org.keycloak.social.utils.SimpleHttp;

/* loaded from: input_file:org/keycloak/social/google/GoogleProvider.class */
public class GoogleProvider implements SocialProvider {
    private static final String DEFAULT_RESPONSE_TYPE = "code";
    private static final String AUTH_PATH = "https://accounts.google.com/o/oauth2/auth";
    private static final String TOKEN_PATH = "https://accounts.google.com/o/oauth2/token";
    private static final String PROFILE_PATH = "https://www.googleapis.com/plus/v1/people/me/openIdConnect";
    private static final String DEFAULT_SCOPE = "openid profile email";

    public String getId() {
        return "google";
    }

    public AuthRequest getAuthUrl(SocialProviderConfig socialProviderConfig) throws SocialProviderException {
        String uuid = UUID.randomUUID().toString();
        return AuthRequest.create(uuid, AUTH_PATH).setQueryParam("client_id", socialProviderConfig.getKey()).setQueryParam("response_type", DEFAULT_RESPONSE_TYPE).setQueryParam("scope", DEFAULT_SCOPE).setQueryParam("redirect_uri", socialProviderConfig.getCallbackUrl()).setQueryParam("state", uuid).setAttribute("state", uuid).build();
    }

    public String getName() {
        return "Google";
    }

    public SocialUser processCallback(SocialProviderConfig socialProviderConfig, AuthCallback authCallback) throws SocialProviderException {
        String queryParam = authCallback.getQueryParam(DEFAULT_RESPONSE_TYPE);
        try {
            if (!authCallback.getQueryParam("state").equals(authCallback.getAttribute("state"))) {
                throw new SocialProviderException("Invalid state");
            }
            JSONObject asJson = SimpleHttp.doGet(PROFILE_PATH).header("Authorization", "Bearer " + SimpleHttp.doPost(TOKEN_PATH).param(DEFAULT_RESPONSE_TYPE, queryParam).param("client_id", socialProviderConfig.getKey()).param("client_secret", socialProviderConfig.getSecret()).param("redirect_uri", socialProviderConfig.getCallbackUrl()).param("grant_type", "authorization_code").asJson().getString("access_token")).asJson();
            SocialUser socialUser = new SocialUser(asJson.getString("sub"));
            socialUser.setUsername(asJson.getString("email"));
            socialUser.setFirstName(asJson.optString("given_name"));
            socialUser.setLastName(asJson.optString("family_name"));
            socialUser.setEmail(asJson.optString("email"));
            return socialUser;
        } catch (Exception e) {
            throw new SocialProviderException(e);
        }
    }

    public String getRequestIdParamName() {
        return "state";
    }
}
