package com.google.api.server.spi.auth;

import com.google.api.server.spi.Client;
import com.google.api.server.spi.Strings;
import com.google.api.server.spi.request.Attribute;
import com.google.api.server.spi.response.UnauthorizedException;
import endpoints.repackaged.com.google.api.client.http.GenericUrl;
import endpoints.repackaged.com.google.api.client.http.HttpRequest;
import endpoints.repackaged.com.google.api.client.util.Key;
import endpoints.repackaged.com.google.common.annotations.VisibleForTesting;
import endpoints.repackaged.com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/google/api/server/spi/auth/GoogleAuth.class */
public class GoogleAuth {
    private static final String TOKEN_INFO_ENDPOINT = "https://www.googleapis.com/oauth2/v2/tokeninfo?access_token=";

    @VisibleForTesting
    static final String AUTHORIZATION_HEADER = "Authorization";
    private static final Logger logger = Logger.getLogger(GoogleAuth.class.getName());
    private static final String BASE64_REGEX = "[a-zA-Z0-9+/=_-]{6,}+";
    private static final Pattern JWT_PATTERN = Pattern.compile(String.format("%s\\.%s\\.%s", BASE64_REGEX, BASE64_REGEX, BASE64_REGEX));

    @VisibleForTesting
    static final String[] ALLOWED_AUTH_SCHEMES = {UnauthorizedException.AUTH_SCHEME_BEARER, "OAuth"};

    @VisibleForTesting
    static final String[] BEARER_TOKEN_PARAMETER_NAMES = {"access_token", "bearer_token"};

    @VisibleForTesting
    static final String[] OAUTH2_TOKEN_PREFIXES = {"ya29.", "1/"};

    @VisibleForTesting
    static final List<String> SKIP_CLIENT_ID_CHECK_LIST = ImmutableList.of("*");

    /* loaded from: input_file:com/google/api/server/spi/auth/GoogleAuth$TokenInfo.class */
    public static class TokenInfo {

        @Key("email")
        public String email;

        @Key("issued_to")
        public String clientId;

        @Key("scope")
        public String scopes;

        @Key("user_id")
        public String userId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getAuthToken(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getAttribute(Attribute.AUTH_TOKEN) == null) {
            String authTokenFromHeader = getAuthTokenFromHeader(httpServletRequest.getHeader("Authorization"));
            if (authTokenFromHeader == null) {
                authTokenFromHeader = getAuthTokenFromQueryParameters(httpServletRequest);
            }
            httpServletRequest.setAttribute(Attribute.AUTH_TOKEN, authTokenFromHeader);
        }
        return (String) httpServletRequest.getAttribute(Attribute.AUTH_TOKEN);
    }

    private static String getAuthTokenFromQueryParameters(HttpServletRequest httpServletRequest) {
        for (String str : BEARER_TOKEN_PARAMETER_NAMES) {
            String parameter = httpServletRequest.getParameter(str);
            if (parameter != null) {
                return parameter;
            }
        }
        return null;
    }

    private static String getAuthTokenFromHeader(String str) {
        String matchAuthScheme = matchAuthScheme(str);
        if (matchAuthScheme == null || matchAuthScheme.length() >= str.length()) {
            return null;
        }
        return str.substring(matchAuthScheme.length() + 1);
    }

    private static String matchAuthScheme(String str) {
        if (str == null) {
            return null;
        }
        for (String str2 : ALLOWED_AUTH_SCHEMES) {
            if (str.startsWith(str2)) {
                return str2;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isJwt(String str) {
        if (str == null) {
            return false;
        }
        return JWT_PATTERN.matcher(str).matches();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isOAuth2Token(String str) {
        if (str == null) {
            return false;
        }
        String replaceFirst = str.trim().replaceFirst("^['\"]", "");
        for (String str2 : OAUTH2_TOKEN_PREFIXES) {
            if (replaceFirst.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkClientId(String str, List<String> list, boolean z) {
        if (Strings.isWhitelisted(str, list)) {
            return true;
        }
        return z && !Strings.isEmptyOrNull(list) && list.equals(SKIP_CLIENT_ID_CHECK_LIST);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkAudience(String str, List<String> list, String str2) {
        if (Strings.isWhitelisted(str, list)) {
            return true;
        }
        return !Strings.isEmptyOrWhitespace(str) && str.equals(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TokenInfo getTokenInfoRemote(String str) {
        try {
            return parseTokenInfo(Client.getInstance().getJsonHttpRequestFactory().buildGetRequest(new GenericUrl(TOKEN_INFO_ENDPOINT + str)));
        } catch (IOException e) {
            logger.log(Level.WARNING, "Failed to retrieve tokeninfo", (Throwable) e);
            return null;
        }
    }

    @VisibleForTesting
    static TokenInfo parseTokenInfo(HttpRequest httpRequest) throws IOException {
        TokenInfo tokenInfo = (TokenInfo) httpRequest.execute().parseAs(TokenInfo.class);
        if (tokenInfo != null && !Strings.isEmptyOrWhitespace(tokenInfo.email)) {
            return tokenInfo;
        }
        logger.log(Level.WARNING, "Access token does not contain email scope");
        return null;
    }
}
