package org.nuxeo.ecm.platform.oauth2.providers;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.ecm.platform.oauth2.tokens.NuxeoOAuth2Token;
import org.nuxeo.ecm.platform.oauth2.tokens.OAuth2TokenStore;
import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;

/* loaded from: input_file:org/nuxeo/ecm/platform/oauth2/providers/NuxeoOAuth2ServiceProvider.class */
public class NuxeoOAuth2ServiceProvider implements OAuth2ServiceProvider {
    public static final String SCHEMA = "oauth2ServiceProvider";
    protected static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
    protected static final JsonFactory JSON_FACTORY = new JacksonFactory();
    public static final String CODE_URL_PARAMETER = "code";
    public static final String ERROR_URL_PARAMETER = "error";
    protected String serviceName;
    protected Long id;
    protected String description;
    private String tokenServerURL;
    private String authorizationServerURL;
    protected String userAuthorizationURL;
    private String clientId;
    private String clientSecret;
    private List<String> scopes;
    private boolean enabled;
    protected OAuth2ServiceUserStore serviceUserStore;
    protected OAuth2TokenStore tokenStore;

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getAuthorizationUrl(HttpServletRequest httpServletRequest) {
        return getAuthorizationCodeFlow().newAuthorizationUrl().setRedirectUri(getCallbackUrl(httpServletRequest)).build();
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getAuthorizationUrl(String str) {
        return getAuthorizationCodeFlow().newAuthorizationUrl().setRedirectUri(getCallbackUrl(str)).build();
    }

    protected String getCallbackUrl(HttpServletRequest httpServletRequest) {
        return getCallbackUrl(VirtualHostHelper.getBaseURL(httpServletRequest));
    }

    protected String getCallbackUrl(String str) {
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return str + "/site/oauth2/" + this.serviceName + "/callback";
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public Credential handleAuthorizationCallback(HttpServletRequest httpServletRequest) {
        String error = getError(httpServletRequest);
        if (error != null) {
            throw new NuxeoException("There was an error: \"" + error + "\".");
        }
        String authorizationCode = getAuthorizationCode(httpServletRequest);
        if (authorizationCode == null) {
            throw new NuxeoException("There is not code provided as QueryParam.");
        }
        try {
            AuthorizationCodeFlow authorizationCodeFlow = getAuthorizationCodeFlow();
            TokenResponse execute = authorizationCodeFlow.newTokenRequest(authorizationCode).setScopes(this.scopes.isEmpty() ? null : this.scopes).setRedirectUri(getCallbackUrl(httpServletRequest)).execute();
            return authorizationCodeFlow.createAndStoreCredential(execute, getOrCreateServiceUser(httpServletRequest, execute.getAccessToken()));
        } catch (IOException e) {
            throw new NuxeoException("Failed to retrieve credential", e);
        }
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public Credential loadCredential(String str) {
        String serviceUserId = getServiceUserId(str);
        if (serviceUserId == null) {
            return null;
        }
        try {
            return getAuthorizationCodeFlow().loadCredential(serviceUserId);
        } catch (IOException e) {
            throw new NuxeoException("Failed to load credential for " + str, e);
        }
    }

    protected String getServiceUserId(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(NuxeoOAuth2Token.KEY_NUXEO_LOGIN, str);
        return getServiceUserStore().find(hashMap);
    }

    protected String getOrCreateServiceUser(HttpServletRequest httpServletRequest, String str) throws IOException {
        String name = httpServletRequest.getUserPrincipal().getName();
        String serviceUserId = getServiceUserId(name);
        if (serviceUserId == null) {
            serviceUserId = getServiceUserStore().store(name);
        }
        return serviceUserId;
    }

    public AuthorizationCodeFlow getAuthorizationCodeFlow() {
        return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), HTTP_TRANSPORT, JSON_FACTORY, new GenericUrl(this.tokenServerURL), new ClientParametersAuthentication(this.clientId, this.clientSecret), this.clientId, this.authorizationServerURL).setScopes(this.scopes).setCredentialDataStore(getCredentialDataStore()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth2ServiceUserStore getServiceUserStore() {
        if (this.serviceUserStore == null) {
            this.serviceUserStore = new OAuth2ServiceUserStore(this.serviceName);
        }
        return this.serviceUserStore;
    }

    public OAuth2TokenStore getCredentialDataStore() {
        if (this.tokenStore == null) {
            this.tokenStore = new OAuth2TokenStore(this.serviceName);
        }
        return this.tokenStore;
    }

    protected String getError(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("error");
        if (StringUtils.isBlank(parameter)) {
            return null;
        }
        return parameter;
    }

    protected String getAuthorizationCode(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            return null;
        }
        return parameter;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getServiceName() {
        return this.serviceName;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public Long getId() {
        return this.id;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getDescription() {
        return this.description;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getTokenServerURL() {
        return this.tokenServerURL;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getUserAuthorizationURL() {
        return this.userAuthorizationURL;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getClientId() {
        return this.clientId;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getClientSecret() {
        return this.clientSecret;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public List<String> getScopes() {
        return this.scopes;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public String getAuthorizationServerURL() {
        return this.authorizationServerURL;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setEnabled(Boolean bool) {
        this.enabled = bool.booleanValue();
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public boolean isProviderAvailable() {
        return (!isEnabled() || getClientSecret() == null || getClientId() == null) ? false : true;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setServiceName(String str) {
        this.serviceName = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setId(Long l) {
        this.id = l;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setDescription(String str) {
        this.description = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setTokenServerURL(String str) {
        this.tokenServerURL = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setUserAuthorizationURL(String str) {
        this.userAuthorizationURL = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setAuthorizationServerURL(String str) {
        this.authorizationServerURL = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setClientId(String str) {
        this.clientId = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    @Override // org.nuxeo.ecm.platform.oauth2.providers.OAuth2ServiceProvider
    public void setScopes(String... strArr) {
        this.scopes = strArr == null ? Collections.emptyList() : Arrays.asList(strArr);
    }
}
