package com.googlesource.gerrit.plugins.oauth;

import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthConstants;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.google.common.base.CharMatcher;
import com.google.common.base.Preconditions;
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
import com.google.gerrit.extensions.auth.oauth.OAuthToken;
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
import com.google.gerrit.extensions.auth.oauth.OAuthVerifier;
import com.google.gerrit.json.OutputFormat;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.ProvisionException;
import java.io.IOException;
import java.net.URI;
import java.util.concurrent.ExecutionException;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/googlesource/gerrit/plugins/oauth/KeycloakOAuthService.class */
public class KeycloakOAuthService implements OAuthServiceProvider {
    private static final Logger log = LoggerFactory.getLogger(KeycloakOAuthService.class);
    static final String CONFIG_SUFFIX = "-keycloak-oauth";
    private static final String KEYCLOAK_PROVIDER_PREFIX = "keycloak-oauth:";
    private final OAuth20Service service;
    private final String serviceName;

    @Inject
    KeycloakOAuthService(PluginConfigFactory pluginConfigFactory, @PluginName String str, @CanonicalWebUrl Provider<String> provider) {
        PluginConfig fromGerritConfig = pluginConfigFactory.getFromGerritConfig(str + CONFIG_SUFFIX);
        String str2 = CharMatcher.is('/').trimTrailingFrom((CharSequence) provider.get()) + "/";
        String string = fromGerritConfig.getString("root-url");
        if (!URI.create(string).isAbsolute()) {
            throw new ProvisionException("Root URL must be absolute URL");
        }
        String string2 = fromGerritConfig.getString(OAuthConstants.REALM);
        this.serviceName = fromGerritConfig.getString("service-name", "Keycloak OAuth2");
        this.service = new ServiceBuilder(fromGerritConfig.getString("client-id")).apiSecret(fromGerritConfig.getString("client-secret")).callback(str2 + "oauth").defaultScope("openid").build(new KeycloakApi(string, string2));
    }

    private String parseJwt(String str) {
        String[] split = str.split("\\.");
        Preconditions.checkState(split.length == 3);
        Preconditions.checkNotNull(split[1]);
        return new String(Base64.decodeBase64(split[1]));
    }

    public OAuthUserInfo getUserInfo(OAuthToken oAuthToken) throws IOException {
        JsonObject asJsonObject = ((JsonElement) OutputFormat.JSON.newGson().fromJson(parseJwt(((JsonElement) OutputFormat.JSON.newGson().fromJson(oAuthToken.getRaw(), JsonElement.class)).getAsJsonObject().get("id_token").getAsString()), JsonElement.class)).getAsJsonObject();
        if (log.isDebugEnabled()) {
            log.debug("Claim object: {}", asJsonObject);
        }
        JsonElement jsonElement = asJsonObject.get("preferred_username");
        JsonElement jsonElement2 = asJsonObject.get("email");
        JsonElement jsonElement3 = asJsonObject.get("name");
        if (jsonElement == null || jsonElement.isJsonNull()) {
            throw new IOException("Response doesn't contain preferred_username field");
        }
        if (jsonElement2 == null || jsonElement2.isJsonNull()) {
            throw new IOException("Response doesn't contain email field");
        }
        if (jsonElement3 == null || jsonElement3.isJsonNull()) {
            throw new IOException("Response doesn't contain name field");
        }
        String asString = jsonElement.getAsString();
        return new OAuthUserInfo(KEYCLOAK_PROVIDER_PREFIX + asString, asString, jsonElement2.getAsString(), jsonElement3.getAsString(), (String) null);
    }

    public OAuthToken getAccessToken(OAuthVerifier oAuthVerifier) {
        try {
            OAuth2AccessToken accessToken = this.service.getAccessToken(oAuthVerifier.getValue());
            return new OAuthToken(accessToken.getAccessToken(), accessToken.getTokenType(), accessToken.getRawResponse());
        } catch (IOException | InterruptedException | ExecutionException e) {
            log.error("Cannot retrieve access token", e);
            throw new RuntimeException("Cannot retrieve access token", e);
        }
    }

    public String getAuthorizationUrl() {
        return this.service.getAuthorizationUrl();
    }

    public String getVersion() {
        return this.service.getVersion();
    }

    public String getName() {
        return this.serviceName;
    }
}
