package org.crazyyak.dev.security.providers;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.crazyyak.dev.common.exceptions.ApiException;
import org.crazyyak.dev.security.domain.CurrentUser;
import org.crazyyak.dev.security.domain.CurrentUserSource;
import org.crazyyak.dev.security.domain.CurrentUserStore;
import org.crazyyak.dev.webapis.google.users.GoogleUsersUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:WEB-INF/lib/yak-dev-security-2.4.0.jar:org/crazyyak/dev/security/providers/GooglePlusSecurityProvider.class */
public class GooglePlusSecurityProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final Log log = LogFactory.getLog(GooglePlusSecurityProvider.class);
    private final String clientSecret;
    private final String clientId;
    private final CurrentUserStore store;
    private final ObjectMapper objectMapper;

    public GooglePlusSecurityProvider(CurrentUserStore currentUserStore, ObjectMapper objectMapper, String str, String str2) {
        this.store = currentUserStore;
        this.objectMapper = objectMapper;
        this.clientId = str;
        this.clientSecret = str2;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (!ProviderUtils.isGoogleAuthentication(usernamePasswordAuthenticationToken) || userDetails == null) {
            throw new BadCredentialsException("Invalid user name or password");
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        try {
            if (!ProviderUtils.isGoogleAuthentication(usernamePasswordAuthenticationToken)) {
                throw new UsernameNotFoundException("Not Goolge Authentication");
            }
            CurrentUserSource currentUserSourceByEmail = this.store.getCurrentUserSourceByEmail(GoogleUsersUtils.getUserInfo(GoogleUsersUtils.getAuthResponse(usernamePasswordAuthenticationToken.getCredentials().toString(), this.clientId, this.clientSecret).getAccessToken()).getEmail());
            if (currentUserSourceByEmail == null) {
                throw new BadCredentialsException("Invalid user name or password");
            }
            return new CurrentUser(currentUserSourceByEmail);
        } catch (Throwable th) {
            throw ApiException.internalServerError("Exception during Google-Authentication", th, new String[0]);
        }
    }
}
