package org.wso2.carbon.identity.application.authenticator.google;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONValue;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.util.IdentityUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/google/GoogleOAuth2Authenticator.class */
public class GoogleOAuth2Authenticator extends OpenIDConnectAuthenticator {
    private static final long serialVersionUID = -4154255583070524018L;
    private static final Log log = LogFactory.getLog(GoogleOAuth2Authenticator.class);
    private static final Log diagnosticLog = LogFactory.getLog("diagnostics");
    private String tokenEndpoint;
    private String oAuthEndpoint;
    private String userInfoURL;

    private void initTokenEndpoint() {
        this.tokenEndpoint = (String) getAuthenticatorConfig().getParameterMap().get(GoogleOAuth2AuthenticationConstant.GOOGLE_TOKEN_ENDPOINT);
        if (StringUtils.isBlank(this.tokenEndpoint)) {
            this.tokenEndpoint = "https://accounts.google.com/o/oauth2/token";
        }
    }

    private void initOAuthEndpoint() {
        this.oAuthEndpoint = (String) getAuthenticatorConfig().getParameterMap().get(GoogleOAuth2AuthenticationConstant.GOOGLE_AUTHZ_ENDPOINT);
        if (StringUtils.isBlank(this.oAuthEndpoint)) {
            this.oAuthEndpoint = "https://accounts.google.com/o/oauth2/auth";
        }
    }

    private void initUserInfoURL() {
        this.userInfoURL = (String) getAuthenticatorConfig().getParameterMap().get(GoogleOAuth2AuthenticationConstant.GOOGLE_USERINFO_ENDPOINT);
        if (this.userInfoURL == null) {
            this.userInfoURL = "https://www.googleapis.com/oauth2/v3/userinfo";
        }
    }

    private String getUserInfoURL() {
        if (this.userInfoURL == null) {
            initUserInfoURL();
        }
        return this.userInfoURL;
    }

    protected String getAuthorizationServerEndpoint(Map<String, String> map) {
        if (StringUtils.isBlank(this.oAuthEndpoint)) {
            initOAuthEndpoint();
        }
        return this.oAuthEndpoint;
    }

    protected String getTokenEndpoint(Map<String, String> map) {
        if (StringUtils.isBlank(this.tokenEndpoint)) {
            initTokenEndpoint();
        }
        return this.tokenEndpoint;
    }

    protected String getScope(String str, Map<String, String> map) {
        return GoogleOAuth2AuthenticationConstant.GOOGLE_SCOPE;
    }

    protected String getAuthenticateUser(AuthenticationContext authenticationContext, Map<String, Object> map, OAuthClientResponse oAuthClientResponse) {
        return map.get("email") == null ? (String) map.get("sub") : (String) map.get("email");
    }

    protected String getUserInfoEndpoint(OAuthClientResponse oAuthClientResponse, Map<String, String> map) {
        return getUserInfoURL();
    }

    protected String getQueryString(Map<String, String> map) {
        return map.get(GoogleOAuth2AuthenticationConstant.ADDITIONAL_QUERY_PARAMS);
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName("ClientId");
        property.setDisplayName("Client ID");
        property.setRequired(true);
        property.setDescription("The client identifier value of the Google identity provider.");
        property.setDisplayOrder(1);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName("ClientSecret");
        property2.setDisplayName("Client secret");
        property2.setRequired(true);
        property2.setConfidential(true);
        property2.setDescription("The client secret value of the Google identity provider.");
        property2.setDisplayOrder(2);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setDisplayName("Callback URL");
        property3.setName("callbackUrl");
        property3.setDescription("The callback URL used to obtain Google credentials.");
        property3.setDisplayOrder(3);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setDisplayName("Additional Query Parameters");
        property4.setName(GoogleOAuth2AuthenticationConstant.ADDITIONAL_QUERY_PARAMS);
        property4.setValue("scope=openid email profile");
        property4.setDescription("Additional query parameters to be sent to Google.");
        property4.setDisplayOrder(4);
        arrayList.add(property4);
        return arrayList;
    }

    public String getFriendlyName() {
        return GoogleOAuth2AuthenticationConstant.GOOGLE_CONNECTOR_FRIENDLY_NAME;
    }

    public String getName() {
        return GoogleOAuth2AuthenticationConstant.GOOGLE_CONNECTOR_NAME;
    }

    public String getClaimDialectURI() {
        String claimDialectURI = super.getClaimDialectURI();
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(getName());
        if (authenticatorBean != null) {
            Map parameterMap = authenticatorBean.getParameterMap();
            if (parameterMap != null && parameterMap.containsKey(GoogleOAuth2AuthenticationConstant.CLAIM_DIALECT_URI_PARAMETER)) {
                claimDialectURI = (String) parameterMap.get(GoogleOAuth2AuthenticationConstant.CLAIM_DIALECT_URI_PARAMETER);
            } else if (log.isDebugEnabled()) {
                log.debug("Found no Parameter map for connector " + getName());
            }
        } else if (log.isDebugEnabled()) {
            log.debug("FileBasedConfigBuilder returned null AuthenticatorConfigs for the connector " + getName());
        }
        if (log.isDebugEnabled()) {
            log.debug("Authenticator " + getName() + " is using the claim dialect uri " + claimDialectURI);
        }
        diagnosticLog.info("Authenticator " + getName() + " is using the claim dialect uri " + claimDialectURI);
        return claimDialectURI;
    }

    protected void buildClaimMappings(Map<ClaimMapping, String> map, Map.Entry<String, Object> entry, String str) {
        String str2 = null;
        String str3 = "";
        if (StringUtils.isBlank(str)) {
            str = ",,,";
        }
        try {
            JSONArray jSONArray = (JSONArray) JSONValue.parseWithException(entry.getValue().toString());
            if (jSONArray != null && jSONArray.size() > 0) {
                Iterator it = jSONArray.iterator();
                while (it.hasNext()) {
                    str2 = str2 == null ? it.next().toString() : str2 + str + it.next().toString();
                }
            }
        } catch (Exception e) {
            str2 = entry.getValue().toString();
        }
        String claimDialectURI = getClaimDialectURI();
        if (super.getClaimDialectURI() != null && !super.getClaimDialectURI().equals(claimDialectURI)) {
            str3 = claimDialectURI + "/";
        }
        String str4 = str3 + entry.getKey();
        map.put(ClaimMapping.build(str4, str4, (String) null, false), str2);
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserClaims")) {
            log.debug("Adding claim mapping : " + str4 + " <> " + str4 + " : " + str2);
        }
    }

    protected Map<ClaimMapping, String> getSubjectAttributes(OAuthClientResponse oAuthClientResponse, Map<String, String> map) {
        String sendRequest;
        HashMap hashMap = new HashMap();
        try {
            sendRequest = sendRequest(getUserInfoEndpoint(oAuthClientResponse, map), oAuthClientResponse.getParam("access_token"));
        } catch (IOException e) {
            log.error("Communication error occurred while accessing user info endpoint", e);
            diagnosticLog.error("Communication error occurred while accessing user info endpoint. Error message: " + e.getMessage());
        }
        if (StringUtils.isBlank(sendRequest)) {
            if (log.isDebugEnabled()) {
                log.debug("Empty JSON response from user info endpoint. Unable to fetch user claims. Proceeding without user claims");
            }
            diagnosticLog.info("Empty JSON response from user info endpoint. Unable to fetch user claims. Proceeding without user claims");
            return hashMap;
        }
        Map parseJSON = JSONUtils.parseJSON(sendRequest);
        for (Map.Entry entry : parseJSON.entrySet()) {
            String str = (String) entry.getKey();
            Object value = entry.getValue();
            String claimDialectURI = getClaimDialectURI();
            if (super.getClaimDialectURI() != null && !super.getClaimDialectURI().equals(claimDialectURI)) {
                str = claimDialectURI + "/" + str;
            }
            if (value != null) {
                hashMap.put(ClaimMapping.build(str, str, (String) null, false), value.toString());
            }
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserClaims") && parseJSON.get(str) != null) {
                log.debug("Adding claims from end-point data mapping : " + str + " - " + parseJSON.get(str).toString());
            }
        }
        return hashMap;
    }
}
