package org.wso2.carbon.identity.application.authenticator.social.google;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.authenticator.social.facebook.FacebookAuthenticatorConstants;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.util.IdentityUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/social/google/GoogleOAuth2Authenticator.class */
public class GoogleOAuth2Authenticator extends OpenIDConnectAuthenticator {
    private static final long serialVersionUID = -4154255583070524018L;
    private static Log log = LogFactory.getLog(GoogleOAuth2Authenticator.class);

    protected String getAuthorizationServerEndpoint(Map<String, String> map) {
        return map.get(GoogleOAuth2AuthenticationConstant.GOOGLE_OAUTH_ENDPOINT);
    }

    protected String getTokenEndpoint(Map<String, String> map) {
        return map.get(GoogleOAuth2AuthenticationConstant.GOOGLE_TOKEN_ENDPOINT);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            if (authenticatorProperties == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Error while retrieving properties. Authenticator Properties cannot be null");
                }
                throw new AuthenticationFailedException("Error while retrieving properties. Authenticator Properties cannot be null");
            }
            String str = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String authorizationServerEndpoint = getAuthorizationServerEndpoint(authenticatorProperties) != null ? getAuthorizationServerEndpoint(authenticatorProperties) : authenticatorProperties.get("OAuth2AuthzEPUrl");
            String str2 = authenticatorProperties.get(GoogleOAuth2AuthenticationConstant.CALLBACK_URL);
            if (log.isDebugEnabled()) {
                log.debug("Google-callback-url : " + str2);
            }
            if (str2 == null) {
                str2 = IdentityUtil.getServerURL("commonauth");
            }
            String locationUri = OAuthClientRequest.authorizationLocation(authorizationServerEndpoint).setClientId(str).setRedirectURI(str2).setResponseType(FacebookAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE).setState(getState(authenticationContext.getContextIdentifier() + ",OIDC", authenticatorProperties)).buildQueryMessage().getLocationUri();
            String parameter = httpServletRequest.getParameter("domain");
            if (parameter != null) {
                locationUri = locationUri + "&fidp=" + parameter;
            }
            if (GoogleOAuth2AuthenticationConstant.QUERY_STRING != 0) {
                locationUri = !GoogleOAuth2AuthenticationConstant.QUERY_STRING.startsWith("&") ? locationUri + "&" + GoogleOAuth2AuthenticationConstant.QUERY_STRING : locationUri + GoogleOAuth2AuthenticationConstant.QUERY_STRING;
            }
            httpServletResponse.sendRedirect(locationUri);
        } catch (OAuthSystemException e) {
            throw new AuthenticationFailedException("Exception while building authorization code request", e);
        } catch (IOException e2) {
            throw new AuthenticationFailedException("Exception while sending to the login page", e2);
        }
    }

    protected String getScope(String str, Map<String, String> map) {
        return "openid";
    }

    protected String getAuthenticateUser(OAuthClientResponse oAuthClientResponse) {
        return oAuthClientResponse.getParam(FacebookAuthenticatorConstants.EMAIL);
    }

    protected Map<ClaimMapping, String> getSubjectAttributes(OAuthClientResponse oAuthClientResponse) {
        Map parseJSON;
        HashMap hashMap = new HashMap();
        try {
            String sendRequest = sendRequest(oAuthClientResponse.getParam(GoogleOAuth2AuthenticationConstant.GOOGLE_USERINFO_ENDPOINT), oAuthClientResponse.getParam("access_token"));
            if (StringUtils.isNotBlank(sendRequest) && (parseJSON = JSONUtils.parseJSON(sendRequest)) != null) {
                for (Map.Entry entry : parseJSON.entrySet()) {
                    hashMap.put(ClaimMapping.build((String) entry.getKey(), (String) entry.getKey(), (String) null, false), entry.getValue().toString());
                    if (log.isDebugEnabled()) {
                        log.debug("Adding claim from end-point data mapping : " + ((String) entry.getKey()) + " - " + entry.getValue());
                    }
                }
            }
        } catch (Exception e) {
            log.error("Error occurred while accessing google user info endpoint", e);
        }
        return hashMap;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(FacebookAuthenticatorConstants.CLIENT_ID);
        property.setDisplayName("Client Id");
        property.setRequired(true);
        property.setDescription("Enter Google IDP client identifier value");
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(FacebookAuthenticatorConstants.CLIENT_SECRET);
        property2.setDisplayName("Client Secret");
        property2.setRequired(true);
        property2.setConfidential(true);
        property2.setDescription("Enter Google IDP client secret value");
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setDisplayName("Callback Url");
        property3.setName(GoogleOAuth2AuthenticationConstant.CALLBACK_URL);
        property3.setRequired(true);
        property3.setDescription("Enter value corresponding to callback url.");
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setDisplayName("Google Oauth Endpoint");
        property4.setName(GoogleOAuth2AuthenticationConstant.GOOGLE_OAUTH_ENDPOINT);
        property4.setValue("https://accounts.google.com/o/oauth2/auth");
        property4.setDescription("Enter value corresponding to google oauth endpoint.");
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setDisplayName("Google Token Endpoint");
        property5.setName(GoogleOAuth2AuthenticationConstant.GOOGLE_TOKEN_ENDPOINT);
        property5.setValue("https://accounts.google.com/o/oauth2/token");
        property5.setDescription("Enter value corresponding to google token endpoint.");
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setDisplayName("Google User Info Endpoint");
        property6.setName(GoogleOAuth2AuthenticationConstant.GOOGLE_USERINFO_ENDPOINT);
        property6.setValue("https://www.googleapis.com/oauth2/v3/userinfo?schema=openid");
        property6.setDescription("Enter value corresponding to google user info endpoint.");
        arrayList.add(property6);
        return arrayList;
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            String str = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_ID);
            String str2 = authenticatorProperties.get(FacebookAuthenticatorConstants.CLIENT_SECRET);
            String tokenEndpoint = getTokenEndpoint(authenticatorProperties) != null ? getTokenEndpoint(authenticatorProperties) : authenticatorProperties.get("OAuth2TokenEPUrl");
            String str3 = authenticatorProperties.get(GoogleOAuth2AuthenticationConstant.CALLBACK_URL);
            log.debug("callBackUrl : " + str3);
            if (str3 == null) {
                str3 = IdentityUtil.getServerURL("commonauth");
            }
            Map map = (Map) authenticationContext.getProperty("oidc:param.map");
            if (map != null && map.containsKey("redirect_uri")) {
                str3 = (String) map.get("redirect_uri");
            }
            OAuthClientResponse oAuthResponse = getOAuthResponse(getAccessRequest(tokenEndpoint, str, str2, str3, OAuthAuthzResponse.oauthCodeAuthzResponse(httpServletRequest).getCode()), new OAuthClient(new URLConnectionClient()), null);
            String str4 = "";
            String str5 = "";
            if (oAuthResponse != null) {
                str4 = oAuthResponse.getParam("access_token");
                str5 = oAuthResponse.getParam("id_token");
            }
            if (str4 == null || (str5 == null && requiredIDToken(authenticatorProperties))) {
                throw new AuthenticationFailedException("Authentication Failed");
            }
            authenticationContext.setProperty("access_token", str4);
            if (str5 == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication Failed");
                }
                throw new AuthenticationFailedException("Authentication Failed");
            }
            authenticationContext.setProperty("id_token", str5);
            String str6 = new String(Base64.decodeBase64(str5.split("\\.")[1].getBytes()), Charset.forName("utf-8"));
            if (log.isDebugEnabled()) {
                log.debug("Id token json string : " + str6);
            }
            Map parseJSON = JSONUtils.parseJSON(str6);
            if (parseJSON == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Decoded json object is null");
                }
                throw new AuthenticationFailedException("Decoded json object is null");
            }
            Map<ClaimMapping, String> subjectAttributes = getSubjectAttributes(oAuthResponse);
            AuthenticatedUser createFederateAuthenticatedUserFromSubjectIdentifier = AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier((String) parseJSON.get(FacebookAuthenticatorConstants.EMAIL));
            createFederateAuthenticatedUserFromSubjectIdentifier.setUserAttributes(subjectAttributes);
            authenticationContext.setSubject(createFederateAuthenticatedUserFromSubjectIdentifier);
        } catch (OAuthProblemException e) {
            throw new AuthenticationFailedException("Error occurred while acquiring access token", e);
        }
    }

    private OAuthClientResponse getOAuthResponse(OAuthClientRequest oAuthClientRequest, OAuthClient oAuthClient, OAuthClientResponse oAuthClientResponse) throws AuthenticationFailedException {
        OAuthClientResponse oAuthClientResponse2 = oAuthClientResponse;
        try {
            oAuthClientResponse2 = oAuthClient.accessToken(oAuthClientRequest);
        } catch (OAuthProblemException e) {
            if (log.isDebugEnabled()) {
                log.debug("Exception while requesting access token", e);
            }
        } catch (OAuthSystemException e2) {
            if (log.isDebugEnabled()) {
                log.debug("Exception while requesting access token", e2);
            }
            throw new AuthenticationFailedException("Exception while requesting access token", e2);
        }
        return oAuthClientResponse2;
    }

    private OAuthClientRequest getAccessRequest(String str, String str2, String str3, String str4, String str5) throws AuthenticationFailedException {
        try {
            return OAuthClientRequest.tokenLocation(str).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(str2).setClientSecret(str3).setRedirectURI(str4).setCode(str5).buildBodyMessage();
        } catch (OAuthSystemException e) {
            throw new AuthenticationFailedException("Exception while building request for request access token", e);
        }
    }

    public String getFriendlyName() {
        return GoogleOAuth2AuthenticationConstant.GOOGLE_CONNECTOR_FRIENDLY_NAME;
    }

    public String getName() {
        return GoogleOAuth2AuthenticationConstant.GOOGLE_CONNECTOR_NAME;
    }

    private String sendRequest(String str, String str2) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("claim url: " + str + " & accessToken : " + str2);
        }
        if (str == null) {
            return "";
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str3 = readLine;
            if (str3 == null) {
                break;
            }
            sb.append(str3).append("\n");
            readLine = bufferedReader.readLine();
        }
        bufferedReader.close();
        if (log.isDebugEnabled()) {
            log.debug("response: " + sb.toString());
        }
        return sb.toString();
    }
}
