package org.riversun.oauth2.google;

import com.google.api.client.auth.oauth2.TokenResponseException;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.HttpResponseException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:org/riversun/oauth2/google/OAuthHandler.class */
public final class OAuthHandler {
    private static final Logger LOGGER = Logger.getLogger(OAuthHandler.class.getName());
    private final String mRedirectUrl;
    private boolean mForceUseHttps = false;

    public OAuthHandler(String str) {
        this.mRedirectUrl = str;
    }

    public OAuthHandler setForceUseHttps(boolean z) {
        this.mForceUseHttps = z;
        return this;
    }

    public void doOAuth2Flow(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws IOException, ServletException {
        LOGGER.fine("");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String generateStateToken = generateStateToken();
        LOGGER.fine("SET SESSION stateToken=" + generateStateToken);
        httpServletRequest.getSession().setAttribute("org.riversun.goauth.session_key_oauth2_state_token", generateStateToken);
        if (((String) httpServletRequest.getSession().getAttribute("org.riversun.goauth.session_key_redirect_url_after_oauth")) == null) {
            String currentUrl = getCurrentUrl(httpServletRequest, this.mForceUseHttps);
            LOGGER.fine("SET SESSION currentUrl=" + currentUrl);
            httpServletRequest.getSession().setAttribute("org.riversun.goauth.session_key_redirect_url_after_oauth", currentUrl);
        }
        GoogleAuthorizationCodeRequestUrl state = OAuthUtil.createFlow().newAuthorizationUrl().setAccessType("offline").setRedirectUri(this.mRedirectUrl).setState(generateStateToken);
        if (z) {
            state.setApprovalPrompt("force");
        }
        String googleAuthorizationCodeRequestUrl = state.toString();
        LOGGER.fine("redirect to auth url=" + state.toString());
        httpServletResponse.sendRedirect(googleAuthorizationCodeRequestUrl);
    }

    private final String generateStateToken() {
        return new BigInteger(130, new SecureRandom()).toString(32);
    }

    private String getCurrentUrl(HttpServletRequest httpServletRequest, boolean z) {
        String scheme = z ? "https" : httpServletRequest.getScheme();
        int serverPort = httpServletRequest.getServerPort();
        StringBuilder sb = new StringBuilder();
        sb.append(scheme);
        sb.append("://");
        sb.append(httpServletRequest.getServerName());
        if (serverPort != 80 && serverPort != 443) {
            sb.append(":");
            sb.append(serverPort);
        }
        sb.append(httpServletRequest.getRequestURI());
        if (httpServletRequest.getQueryString() != null && !httpServletRequest.getQueryString().isEmpty()) {
            sb.append("?");
            sb.append(httpServletRequest.getQueryString());
        }
        return sb.toString();
    }

    public GoogleTokenResponse getTokenResponseFromCode(String str) {
        LOGGER.fine("code=" + str);
        GoogleTokenResponse googleTokenResponse = null;
        try {
            GoogleAuthorizationCodeFlow createFlow = OAuthUtil.createFlow();
            LOGGER.fine("execute newTokenRequest(" + str + ")");
            googleTokenResponse = createFlow.newTokenRequest(str).setRedirectUri(this.mRedirectUrl).execute();
        } catch (Exception e) {
            e.printStackTrace();
            LOGGER.warning("Please check whether you are reloading on the OAuth callback servlet");
            e.printStackTrace();
        }
        return googleTokenResponse;
    }

    public GoogleIdToken getIdToken(GoogleTokenResponse googleTokenResponse) {
        LOGGER.fine("");
        if (googleTokenResponse == null) {
            return null;
        }
        GoogleIdTokenVerifier googleIdTokenVerifier = new GoogleIdTokenVerifier(OAuthUtil.HTTP_TRANSPORT, OAuthUtil.JSON_FACTORY);
        try {
            GoogleIdToken parse = GoogleIdToken.parse(OAuthUtil.JSON_FACTORY, googleTokenResponse.getIdToken());
            if (googleIdTokenVerifier.verify(parse)) {
                return parse;
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public boolean isRevocationRelatedException(Exception exc) {
        return exc instanceof TokenResponseException ? ((TokenResponseException) exc).getContent().contains("invalid_grant") : (exc instanceof HttpResponseException) && ((HttpResponseException) exc).getContent().contains("Invalid Credentials");
    }
}
