package org.nuxeo.ecm.platform.oauth2.openid;

import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.jackson.JacksonFactory;
import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.oauth2.openid.auth.OpenIDUserInfo;
import org.nuxeo.ecm.platform.oauth2.openid.auth.UserResolver;
import org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider;
import org.nuxeo.ecm.platform.ui.web.auth.service.LoginProviderLinkComputer;

/* loaded from: input_file:org/nuxeo/ecm/platform/oauth2/openid/OpenIDConnectProvider.class */
public class OpenIDConnectProvider implements LoginProviderLinkComputer {
    protected static final Log log = LogFactory.getLog(OpenIDConnectProvider.class);
    private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
    private static final JsonFactory JSON_FACTORY = new JacksonFactory();
    private boolean enabled;
    OAuth2ServiceProvider oauth2Provider;
    private String userInfoURL;
    private String icon;
    protected RedirectUriResolver redirectUriResolver;
    protected UserResolver userResolver;
    private String accessTokenKey;
    private Class<? extends OpenIDUserInfo> openIdUserInfoClass;

    public OpenIDConnectProvider(OAuth2ServiceProvider oAuth2ServiceProvider, String str, String str2, Class<? extends OpenIDUserInfo> cls, String str3, boolean z, RedirectUriResolver redirectUriResolver, Class<? extends UserResolver> cls2) {
        this.enabled = true;
        this.oauth2Provider = oAuth2ServiceProvider;
        this.userInfoURL = str2;
        this.openIdUserInfoClass = cls;
        this.icon = str3;
        this.enabled = z;
        this.accessTokenKey = str;
        this.redirectUriResolver = redirectUriResolver;
        try {
            this.userResolver = cls2.getConstructor(OpenIDConnectProvider.class).newInstance(this);
        } catch (Exception e) {
            log.error("Failed to instantiate UserResolver", e);
        }
    }

    public String getRedirectUri(HttpServletRequest httpServletRequest) {
        return this.redirectUriResolver.getRedirectUri(this, httpServletRequest);
    }

    public String createStateToken(HttpServletRequest httpServletRequest) {
        String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
        httpServletRequest.getSession().setAttribute("state_" + getName(), bigInteger);
        return bigInteger;
    }

    public boolean verifyStateToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("state").equals(httpServletRequest.getSession().getAttribute("state_" + getName()));
    }

    public String getAuthenticationUrl(HttpServletRequest httpServletRequest, String str) {
        AuthorizationCodeRequestUrl newAuthorizationUrl = this.oauth2Provider.getAuthorizationCodeFlow().newAuthorizationUrl();
        newAuthorizationUrl.setRedirectUri(getRedirectUri(httpServletRequest));
        newAuthorizationUrl.setState(createStateToken(httpServletRequest));
        return newAuthorizationUrl.build();
    }

    public String getName() {
        return this.oauth2Provider.getServiceName();
    }

    public String getIcon() {
        return this.icon;
    }

    /* JADX WARN: Code restructure failed: missing block: B:23:0x00a9, code lost:
    
        r7 = r0[1];
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getAccessToken(javax.servlet.http.HttpServletRequest r5, java.lang.String r6) {
        /*
            r4 = this;
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r4
            org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider r0 = r0.oauth2Provider     // Catch: java.io.IOException -> L2b
            org.nuxeo.ecm.platform.oauth2.providers.NuxeoOAuth2ServiceProvider r0 = (org.nuxeo.ecm.platform.oauth2.providers.NuxeoOAuth2ServiceProvider) r0     // Catch: java.io.IOException -> L2b
            com.google.api.client.auth.oauth2.AuthorizationCodeFlow r0 = r0.getAuthorizationCodeFlow()     // Catch: java.io.IOException -> L2b
            r9 = r0
            r0 = r4
            r1 = r5
            java.lang.String r0 = r0.getRedirectUri(r1)     // Catch: java.io.IOException -> L2b
            r10 = r0
            r0 = r9
            r1 = r6
            com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest r0 = r0.newTokenRequest(r1)     // Catch: java.io.IOException -> L2b
            r1 = r10
            com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest r0 = r0.setRedirectUri(r1)     // Catch: java.io.IOException -> L2b
            com.google.api.client.http.HttpResponse r0 = r0.executeUnparsed()     // Catch: java.io.IOException -> L2b
            r8 = r0
            goto L39
        L2b:
            r9 = move-exception
            org.apache.commons.logging.Log r0 = org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.log
            java.lang.String r1 = "Error during OAuth2 Authorization"
            r2 = r9
            r0.error(r1, r2)
        L39:
            r0 = r8
            java.lang.String r0 = r0.getContentType()
            r9 = r0
            r0 = r8
            java.lang.Class<com.google.api.client.auth.oauth2.TokenResponse> r1 = com.google.api.client.auth.oauth2.TokenResponse.class
            java.lang.Object r0 = r0.parseAs(r1)     // Catch: java.io.IOException -> L55
            com.google.api.client.auth.oauth2.TokenResponse r0 = (com.google.api.client.auth.oauth2.TokenResponse) r0     // Catch: java.io.IOException -> L55
            r10 = r0
            r0 = r10
            java.lang.String r0 = r0.getAccessToken()     // Catch: java.io.IOException -> L55
            r7 = r0
            goto L63
        L55:
            r10 = move-exception
            org.apache.commons.logging.Log r0 = org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.log
            java.lang.String r1 = "Unable to parse accesstoken as JSON"
            r2 = r10
            r0.debug(r1, r2)
        L63:
            r0 = r7
            boolean r0 = org.apache.commons.lang.StringUtils.isBlank(r0)
            if (r0 == 0) goto Lc8
            r0 = r8
            java.lang.String r0 = r0.parseAsString()     // Catch: java.io.IOException -> Lba
            r10 = r0
            r0 = r10
            java.lang.String r1 = "&"
            java.lang.String[] r0 = r0.split(r1)     // Catch: java.io.IOException -> Lba
            r11 = r0
            r0 = r11
            r12 = r0
            r0 = r12
            int r0 = r0.length     // Catch: java.io.IOException -> Lba
            r13 = r0
            r0 = 0
            r14 = r0
        L86:
            r0 = r14
            r1 = r13
            if (r0 >= r1) goto Lb7
            r0 = r12
            r1 = r14
            r0 = r0[r1]     // Catch: java.io.IOException -> Lba
            r15 = r0
            r0 = r15
            java.lang.String r1 = "="
            java.lang.String[] r0 = r0.split(r1)     // Catch: java.io.IOException -> Lba
            r16 = r0
            r0 = r16
            r1 = 0
            r0 = r0[r1]     // Catch: java.io.IOException -> Lba
            java.lang.String r1 = "access_token"
            boolean r0 = r0.equals(r1)     // Catch: java.io.IOException -> Lba
            if (r0 == 0) goto Lb1
            r0 = r16
            r1 = 1
            r0 = r0[r1]     // Catch: java.io.IOException -> Lba
            r7 = r0
            goto Lb7
        Lb1:
            int r14 = r14 + 1
            goto L86
        Lb7:
            goto Lc8
        Lba:
            r10 = move-exception
            org.apache.commons.logging.Log r0 = org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.log
            java.lang.String r1 = "Unable to parse accesstoken as plain text"
            r2 = r10
            r0.warn(r1, r2)
        Lc8:
            r0 = r7
            boolean r0 = org.apache.commons.lang.StringUtils.isBlank(r0)
            if (r0 == 0) goto Ld9
            org.apache.commons.logging.Log r0 = org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.log
            java.lang.String r1 = "Unable to parse access token from response."
            r0.error(r1)
        Ld9:
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.getAccessToken(javax.servlet.http.HttpServletRequest, java.lang.String):java.lang.String");
    }

    public OpenIDUserInfo getUserInfo(String str) {
        OpenIDUserInfo openIDUserInfo = null;
        HttpRequestFactory createRequestFactory = HTTP_TRANSPORT.createRequestFactory(new HttpRequestInitializer() { // from class: org.nuxeo.ecm.platform.oauth2.openid.OpenIDConnectProvider.1
            public void initialize(HttpRequest httpRequest) throws IOException {
                httpRequest.setParser(new JsonObjectParser(OpenIDConnectProvider.JSON_FACTORY));
            }
        });
        GenericUrl genericUrl = new GenericUrl(this.userInfoURL);
        genericUrl.set(this.accessTokenKey, str);
        try {
            String iOUtils = IOUtils.toString(createRequestFactory.buildGetRequest(genericUrl).execute().getContent(), "UTF-8");
            log.debug(iOUtils);
            openIDUserInfo = parseUserInfo(iOUtils);
        } catch (IOException e) {
            log.error("Unable to parse server response", e);
        }
        return openIDUserInfo;
    }

    public OpenIDUserInfo parseUserInfo(String str) throws IOException {
        return (OpenIDUserInfo) new JsonObjectParser(JSON_FACTORY).parseAndClose(new StringReader(str), this.openIdUserInfoClass);
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public UserResolver getUserResolver() {
        return this.userResolver;
    }

    public String computeUrl(HttpServletRequest httpServletRequest, String str) {
        return getAuthenticationUrl(httpServletRequest, str);
    }
}
