package com.googlesource.gerrit.plugins.oauth;

import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.google.common.base.CharMatcher;
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
import com.google.gerrit.extensions.auth.oauth.OAuthToken;
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
import com.google.gerrit.extensions.auth.oauth.OAuthVerifier;
import com.google.gerrit.json.OutputFormat;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import java.io.IOException;
import java.net.URI;
import java.util.Iterator;
import java.util.concurrent.ExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/googlesource/gerrit/plugins/oauth/CasOAuthService.class */
class CasOAuthService implements OAuthServiceProvider {
    private static final Logger log = LoggerFactory.getLogger(CasOAuthService.class);
    static final String CONFIG_SUFFIX = "-cas-oauth";
    private static final String CAS_PROVIDER_PREFIX = "cas-oauth:";
    private static final String PROTECTED_RESOURCE_URL = "%s/oauth2.0/profile";
    private final String rootUrl;
    private final boolean fixLegacyUserId;
    private final OAuth20Service service;

    @Inject
    CasOAuthService(PluginConfigFactory pluginConfigFactory, @PluginName String str, @CanonicalWebUrl Provider<String> provider) {
        PluginConfig fromGerritConfig = pluginConfigFactory.getFromGerritConfig(str + CONFIG_SUFFIX);
        this.rootUrl = fromGerritConfig.getString("root-url");
        if (!URI.create(this.rootUrl).isAbsolute()) {
            throw new ProvisionException("Root URL must be absolute URL");
        }
        String str2 = CharMatcher.is('/').trimTrailingFrom((CharSequence) provider.get()) + "/";
        this.fixLegacyUserId = fromGerritConfig.getBoolean("fix-legacy-user-id", false);
        this.service = new ServiceBuilder(fromGerritConfig.getString("client-id")).apiSecret(fromGerritConfig.getString("client-secret")).callback(str2 + "oauth").build(new CasApi(this.rootUrl));
    }

    public OAuthUserInfo getUserInfo(OAuthToken oAuthToken) throws IOException {
        OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, String.format(PROTECTED_RESOURCE_URL, this.rootUrl));
        this.service.signRequest(new OAuth2AccessToken(oAuthToken.getToken(), oAuthToken.getRaw()), oAuthRequest);
        try {
            Response execute = this.service.execute(oAuthRequest);
            try {
                if (execute.getCode() != 200) {
                    throw new IOException(String.format("Status %s (%s) for request %s", Integer.valueOf(execute.getCode()), execute.getBody(), oAuthRequest.getUrl()));
                }
                if (log.isDebugEnabled()) {
                    log.debug("User info response: {}", execute.getBody());
                }
                JsonElement jsonElement = (JsonElement) OutputFormat.JSON.newGson().fromJson(execute.getBody(), JsonElement.class);
                if (!jsonElement.isJsonObject()) {
                    throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", jsonElement));
                }
                JsonObject asJsonObject = jsonElement.getAsJsonObject();
                JsonElement jsonElement2 = asJsonObject.get("id");
                if (jsonElement2 == null || jsonElement2.isJsonNull()) {
                    throw new IOException(String.format("CAS response missing id: %s", execute.getBody()));
                }
                JsonElement jsonElement3 = asJsonObject.get("attributes");
                if (jsonElement3 == null) {
                    throw new IOException(String.format("CAS response missing attributes: %s", execute.getBody()));
                }
                String str = null;
                String str2 = null;
                String str3 = null;
                if (jsonElement3.isJsonArray()) {
                    Iterator it = jsonElement3.getAsJsonArray().iterator();
                    while (it.hasNext()) {
                        JsonElement jsonElement4 = (JsonElement) it.next();
                        if (jsonElement4 == null || !jsonElement4.isJsonObject()) {
                            throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", jsonElement4));
                        }
                        JsonObject asJsonObject2 = jsonElement4.getAsJsonObject();
                        String stringElement = getStringElement(asJsonObject2, "email");
                        if (stringElement != null) {
                            str = stringElement;
                        }
                        String stringElement2 = getStringElement(asJsonObject2, "name");
                        if (stringElement2 != null) {
                            str2 = stringElement2;
                        }
                        String stringElement3 = getStringElement(asJsonObject2, "login");
                        if (stringElement3 != null) {
                            str3 = stringElement3;
                        }
                    }
                }
                OAuthUserInfo oAuthUserInfo = new OAuthUserInfo(CAS_PROVIDER_PREFIX + jsonElement2.getAsString(), str3, str, str2, this.fixLegacyUserId ? jsonElement2.getAsString() : null);
                if (execute != null) {
                    execute.close();
                }
                return oAuthUserInfo;
            } catch (Throwable th) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (InterruptedException | ExecutionException e) {
            throw new RuntimeException("Cannot retrieve user info resource", e);
        }
    }

    private String getStringElement(JsonObject jsonObject, String str) {
        JsonElement jsonElement = jsonObject.get(str);
        if (jsonElement == null || jsonElement.isJsonNull()) {
            return null;
        }
        return jsonElement.getAsString();
    }

    public OAuthToken getAccessToken(OAuthVerifier oAuthVerifier) {
        try {
            OAuth2AccessToken accessToken = this.service.getAccessToken(oAuthVerifier.getValue());
            return new OAuthToken(accessToken.getAccessToken(), accessToken.getTokenType(), accessToken.getRawResponse());
        } catch (IOException | InterruptedException | ExecutionException e) {
            log.error("Cannot retrieve access token", e);
            throw new RuntimeException("Cannot retrieve access token", e);
        }
    }

    public String getAuthorizationUrl() {
        return this.service.getAuthorizationUrl();
    }

    public String getVersion() {
        return this.service.getVersion();
    }

    public String getName() {
        return "Generic CAS OAuth2";
    }
}
