package org.rapidoid.oauth;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.util.Map;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.GitHubTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.hsqldb.Tokens;
import org.rapidoid.RapidoidThing;
import org.rapidoid.ctx.Ctxs;
import org.rapidoid.ctx.UserInfo;
import org.rapidoid.data.JSON;
import org.rapidoid.http.HttpUtils;
import org.rapidoid.http.Req;
import org.rapidoid.http.ReqHandler;
import org.rapidoid.http.customize.Customization;
import org.rapidoid.log.Log;
import org.rapidoid.u.U;
import org.rapidoid.util.Msc;
import org.rapidoid.value.Value;

/* loaded from: input_file:org/rapidoid/oauth/OAuthTokenHandler.class */
public class OAuthTokenHandler extends RapidoidThing implements ReqHandler {
    private final OAuthProvider provider;
    private final Customization customization;
    private final Value<String> oauthDomain;
    private final OAuthStateCheck stateCheck;
    private final Value<String> clientId;
    private final Value<String> clientSecret;
    private final String callbackPath;

    public OAuthTokenHandler(OAuthProvider oAuthProvider, Customization customization, Value<String> value, OAuthStateCheck oAuthStateCheck, Value<String> value2, Value<String> value3, String str) {
        this.provider = oAuthProvider;
        this.customization = customization;
        this.oauthDomain = value;
        this.stateCheck = oAuthStateCheck;
        this.clientId = value2;
        this.clientSecret = value3;
        this.callbackPath = str;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.rapidoid.lambda.OneParamLambda
    public Object execute(Req req) throws Exception {
        String param = req.param(org.apache.oltu.oauth2.common.OAuth.OAUTH_CODE);
        String param2 = req.param(org.apache.oltu.oauth2.common.OAuth.OAUTH_STATE);
        Log.debug("Received OAuth code", org.apache.oltu.oauth2.common.OAuth.OAUTH_CODE, param, org.apache.oltu.oauth2.common.OAuth.OAUTH_STATE, param2);
        if (param == null || U.isEmpty(param2)) {
            String param3 = req.param(OAuthError.OAUTH_ERROR);
            if (param3 == null) {
                throw U.rte("Invalid OAuth request!");
            }
            Log.warn("OAuth error", OAuthError.OAUTH_ERROR, param3);
            throw U.rte("OAuth error!");
        }
        String str = this.clientId.str().get();
        String str2 = this.clientSecret.str().get();
        char charAt = param2.charAt(0);
        U.must(charAt == 'P' || charAt == 'N', "Invalid OAuth state prefix!");
        U.must(this.stateCheck.isValidState(param2.substring(1), str2, req.sessionId()), "Invalid OAuth state!");
        Log.debug("OAuth validated", "popup", Boolean.valueOf(charAt == 'P'));
        String orNull = this.oauthDomain.getOrNull();
        OAuthClientRequest.TokenRequestBuilder code = OAuthClientRequest.tokenLocation(this.provider.getTokenEndpoint()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(str).setClientSecret(str2).setRedirectURI(U.notEmpty(orNull) ? orNull + this.callbackPath : HttpUtils.constructUrl(req, this.callbackPath)).setCode(param);
        OAuthClientRequest buildBodyMessage = paramsInBody() ? code.buildBodyMessage() : code.buildBodyMessage();
        OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
        String str3 = token(buildBodyMessage, oAuthClient);
        OAuthResourceResponse oAuthResourceResponse = (OAuthResourceResponse) oAuthClient.resource(new OAuthBearerClientRequest(Msc.fillIn(this.provider.getProfileEndpoint(), "token", str3)).setAccessToken(str3).buildQueryMessage(), "GET", OAuthResourceResponse.class);
        U.must(oAuthResourceResponse.getResponseCode() == 200, "OAuth response error!");
        Map<String, Object> parseMap = JSON.parseMap(oAuthResourceResponse.getBody());
        String str4 = (String) U.or(parseMap.get("email"), parseMap.get("emailAddress"));
        String str5 = (String) U.or((String) parseMap.get("name"), ((String) U.or(parseMap.get("firstName"), U.or(parseMap.get("first_name"), parseMap.get("given_name")))) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + ((String) U.or(parseMap.get("lastName"), U.or(parseMap.get("last_name"), parseMap.get("family_name")))));
        UserInfo userInfo = new UserInfo(str4, this.customization.rolesProvider().getRolesForUser(req, str4), null);
        userInfo.name = str5;
        userInfo.email = str4;
        userInfo.oauthProvider = this.provider.getName();
        userInfo.oauthId = String.valueOf(parseMap.get("id"));
        Ctxs.required().setUser(userInfo);
        return req.response().redirect(Tokens.T_DIVIDE);
    }

    private String token(OAuthClientRequest oAuthClientRequest, OAuthClient oAuthClient) throws Exception {
        String name = this.provider.getName();
        return (name.equalsIgnoreCase("facebook") || name.equalsIgnoreCase("github")) ? ((GitHubTokenResponse) oAuthClient.accessToken(oAuthClientRequest, GitHubTokenResponse.class)).getAccessToken() : ((OAuthJSONAccessTokenResponse) oAuthClient.accessToken(oAuthClientRequest, OAuthJSONAccessTokenResponse.class)).getAccessToken();
    }

    private boolean paramsInBody() {
        return this.provider.getName().equalsIgnoreCase("google");
    }
}
