package com.google.gerrit.server.auth.oauth;

import com.google.common.base.Strings;
import com.google.gerrit.extensions.auth.oauth.OAuthLoginProvider;
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.server.account.AbstractRealm;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import org.eclipse.jgit.lib.Config;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/auth/oauth/OAuthRealm.class */
public class OAuthRealm extends AbstractRealm {
    private final DynamicMap<OAuthLoginProvider> loginProviders;
    private final Set<Account.FieldName> editableAccountFields = new HashSet();

    @Inject
    OAuthRealm(DynamicMap<OAuthLoginProvider> dynamicMap, @GerritServerConfig Config config) {
        this.loginProviders = dynamicMap;
        this.editableAccountFields.add(Account.FieldName.USER_NAME);
        if (config.getBoolean("oauth", null, "allowEditFullName", false)) {
            this.editableAccountFields.add(Account.FieldName.FULL_NAME);
        }
        if (config.getBoolean("oauth", null, "allowRegisterNewEmail", false)) {
            this.editableAccountFields.add(Account.FieldName.REGISTER_NEW_EMAIL);
        }
    }

    @Override // com.google.gerrit.server.account.Realm
    public boolean allowsEdit(Account.FieldName fieldName) {
        return this.editableAccountFields.contains(fieldName);
    }

    @Override // com.google.gerrit.server.account.Realm
    public AuthRequest authenticate(AuthRequest authRequest) throws AccountException {
        if (Strings.isNullOrEmpty(authRequest.getPassword())) {
            return authRequest;
        }
        if (Strings.isNullOrEmpty(authRequest.getAuthPlugin()) || Strings.isNullOrEmpty(authRequest.getAuthProvider())) {
            throw new AccountException("Cannot authenticate");
        }
        OAuthLoginProvider oAuthLoginProvider = this.loginProviders.get(authRequest.getAuthPlugin(), authRequest.getAuthProvider());
        if (oAuthLoginProvider == null) {
            throw new AccountException("Cannot authenticate");
        }
        try {
            OAuthUserInfo login = oAuthLoginProvider.login(authRequest.getUserName(), authRequest.getPassword());
            if (login == null) {
                throw new AccountException("Cannot authenticate");
            }
            if (!Strings.isNullOrEmpty(login.getEmailAddress()) && (Strings.isNullOrEmpty(authRequest.getUserName()) || !allowsEdit(Account.FieldName.REGISTER_NEW_EMAIL))) {
                authRequest.setEmailAddress(login.getEmailAddress());
            }
            if (!Strings.isNullOrEmpty(login.getDisplayName()) && (Strings.isNullOrEmpty(authRequest.getDisplayName()) || !allowsEdit(Account.FieldName.FULL_NAME))) {
                authRequest.setDisplayName(login.getDisplayName());
            }
            return authRequest;
        } catch (IOException e) {
            throw new AccountException("Cannot authenticate", e);
        }
    }

    @Override // com.google.gerrit.server.account.Realm
    public void onCreateAccount(AuthRequest authRequest, Account account) {
    }

    @Override // com.google.gerrit.server.account.Realm
    public Account.Id lookup(String str) {
        return null;
    }
}
