package org.nuxeo.ecm.restapi.server.jaxrs;

import com.google.api.client.auth.oauth2.Credential;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.codehaus.jackson.map.ObjectMapper;
import org.nuxeo.ecm.automation.server.jaxrs.RestOperationException;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.platform.oauth2.providers.AbstractOAuth2UserEmailProvider;
import org.nuxeo.ecm.platform.oauth2.providers.NuxeoOAuth2ServiceProvider;
import org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProviderRegistry;
import org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token;
import org.nuxeo.ecm.webengine.model.WebObject;
import org.nuxeo.ecm.webengine.model.impl.AbstractResource;
import org.nuxeo.ecm.webengine.model.impl.ResourceTypeImpl;
import org.nuxeo.runtime.api.Framework;

@WebObject(type = "oauth2")
/* loaded from: input_file:org/nuxeo/ecm/restapi/server/jaxrs/OAuth2Object.class */
public class OAuth2Object extends AbstractResource<ResourceTypeImpl> {
    @GET
    @Path("provider/{providerId}")
    public Response getProvider(@PathParam("providerId") String str, @Context HttpServletRequest httpServletRequest) throws IOException, RestOperationException {
        NuxeoOAuth2ServiceProvider provider = getProvider(str);
        HashMap hashMap = new HashMap();
        hashMap.put("serviceName", provider.getServiceName());
        hashMap.put("isAvailable", Boolean.valueOf(provider.isProviderAvailable()));
        hashMap.put("clientId", provider.getClientId());
        hashMap.put("authorizationURL", provider.getClientId() == null ? null : provider.getAuthorizationUrl(httpServletRequest));
        NuxeoOAuth2Token token = getToken(provider, httpServletRequest.getUserPrincipal().getName());
        boolean z = token != null;
        String serviceLogin = z ? token.getServiceLogin() : null;
        hashMap.put("isAuthorized", Boolean.valueOf(z));
        hashMap.put("userId", serviceLogin);
        return buildResponse(Response.Status.OK, hashMap);
    }

    @GET
    @Path("provider/{providerId}/token")
    public Response getToken(@PathParam("providerId") String str, @Context HttpServletRequest httpServletRequest) throws IOException, RestOperationException {
        Credential credential;
        NuxeoOAuth2ServiceProvider provider = getProvider(str);
        NuxeoOAuth2Token token = getToken(provider, httpServletRequest.getUserPrincipal().getName());
        if (token != null && (credential = getCredential(provider, token)) != null) {
            Long expiresInSeconds = credential.getExpiresInSeconds();
            if (expiresInSeconds != null && expiresInSeconds.longValue() <= 0) {
                credential.refreshToken();
            }
            HashMap hashMap = new HashMap();
            hashMap.put("token", credential.getAccessToken());
            return buildResponse(Response.Status.OK, hashMap);
        }
        return Response.status(Response.Status.NOT_FOUND).build();
    }

    private NuxeoOAuth2Token getToken(NuxeoOAuth2ServiceProvider nuxeoOAuth2ServiceProvider, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("serviceName", nuxeoOAuth2ServiceProvider.getId());
        hashMap.put("nuxeoLogin", str);
        return (NuxeoOAuth2Token) Framework.doPrivileged(() -> {
            DocumentModelList query = nuxeoOAuth2ServiceProvider.getCredentialDataStore().query(hashMap);
            if (query == null) {
                return null;
            }
            if (query.size() > 1) {
                throw new NuxeoException("Found multiple " + nuxeoOAuth2ServiceProvider.getId() + " accounts for " + str);
            }
            if (query.size() == 1) {
                return new NuxeoOAuth2Token((DocumentModel) query.get(0));
            }
            return null;
        });
    }

    private Credential getCredential(NuxeoOAuth2ServiceProvider nuxeoOAuth2ServiceProvider, NuxeoOAuth2Token nuxeoOAuth2Token) {
        return nuxeoOAuth2ServiceProvider.loadCredential(nuxeoOAuth2ServiceProvider instanceof AbstractOAuth2UserEmailProvider ? nuxeoOAuth2Token.getServiceLogin() : nuxeoOAuth2Token.getNuxeoLogin());
    }

    private NuxeoOAuth2ServiceProvider getProvider(String str) throws RestOperationException {
        NuxeoOAuth2ServiceProvider provider = ((OAuth2ServiceProviderRegistry) Framework.getService(OAuth2ServiceProviderRegistry.class)).getProvider(str);
        if (provider != null && (provider instanceof NuxeoOAuth2ServiceProvider)) {
            return provider;
        }
        RestOperationException restOperationException = new RestOperationException("Invalid provider: " + str);
        restOperationException.setStatus(400);
        throw restOperationException;
    }

    private Response buildResponse(Response.StatusType statusType, Object obj) throws IOException {
        String writeValueAsString = new ObjectMapper().writeValueAsString(obj);
        return Response.status(statusType).header("Content-Length", Integer.valueOf(writeValueAsString.getBytes("UTF-8").length)).type("application/json; charset=UTF-8").entity(writeValueAsString).build();
    }
}
