package org.webpieces.googleauth.impl;

import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webpieces.ctx.api.Current;
import org.webpieces.googleauth.api.GoogleAuthConfig;
import org.webpieces.googleauth.api.GoogleAuthPlugin;
import org.webpieces.googleauth.api.SaveUser;
import org.webpieces.googleauth.client.api.AuthApi;
import org.webpieces.googleauth.client.api.FetchTokenRequest;
import org.webpieces.googleauth.client.api.FetchTokenResponse;
import org.webpieces.googleauth.client.api.ProfileAndTokens;
import org.webpieces.http.exception.ForbiddenException;
import org.webpieces.router.api.controller.actions.Actions;
import org.webpieces.router.api.controller.actions.Redirect;
import org.webpieces.router.impl.RoutingHolder;
import org.webpieces.util.futures.XFuture;
import org.webpieces.util.net.URLEncoder;

/* loaded from: input_file:org/webpieces/googleauth/impl/AuthService.class */
public class AuthService {
    public static final String AUTH0_SECRET_KEY = "auth0.redirect.secret";
    private static final Logger log = LoggerFactory.getLogger(AuthService.class);
    public static final int SIZE = 64;
    protected final AuthApi authApi;
    protected final AuthApiConfig authConfig;
    private final GoogleAuth googleAuth;
    protected final GoogleAuthConfig authRouteIdSet;
    protected final RoutingHolder holder;
    protected SaveUser saveUser;
    protected SecureRandom random = new SecureRandom();

    @Inject
    public AuthService(AuthApi authApi, AuthApiConfig authApiConfig, RoutingHolder routingHolder, GoogleAuth googleAuth, GoogleAuthConfig googleAuthConfig, SaveUser saveUser) {
        this.authApi = authApi;
        this.authConfig = authApiConfig;
        this.googleAuth = googleAuth;
        this.authRouteIdSet = googleAuthConfig;
        this.saveUser = saveUser;
        this.holder = routingHolder;
    }

    public Redirect logout() {
        Current.session().remove(GoogleAuthPlugin.USER_ID_TOKEN);
        return Actions.redirect(this.authRouteIdSet.getToRenderAfterLogout(), new Object[0]);
    }

    public Redirect login() {
        String encode = URLEncoder.encode(this.authRouteIdSet.getGcpScopes(), Charset.defaultCharset());
        String str = "https://accounts.google.com/o/oauth2/v2/auth?client_id=" + this.authConfig.getClientId() + "&redirect_uri=" + URLEncoder.encode(this.authConfig.getCallbackUrl(), Charset.defaultCharset()) + "&state=" + generateSecret() + "&scope=" + encode + "&access_type=offline&response_type=code";
        Current.flash().keep(true);
        log.info("redirect url=" + str);
        return Actions.redirectToUrl(str);
    }

    private String generateSecret() {
        byte[] bArr = new byte[64];
        this.random.nextBytes(bArr);
        String encodeToString = Base64.getEncoder().encodeToString(bArr);
        String encode = URLEncoder.encode(encodeToString, Charset.defaultCharset());
        Current.session().put(AUTH0_SECRET_KEY, encodeToString);
        log.info("put in session=" + encodeToString + " AND auth0=" + encode);
        return encode;
    }

    public XFuture<Redirect> callback() {
        log.info("queryParams=" + Current.request().queryParams);
        Map<String, List<String>> map = Current.request().queryParams;
        String fetch = fetch(map, "code");
        if (fetch == null) {
            Current.session().remove(GoogleAuthPlugin.USER_ID_TOKEN);
            Current.flash().keep(true);
            return XFuture.completedFuture(Actions.redirect(this.authRouteIdSet.getLoginDeclinedRoute(), new Object[0]));
        }
        validateToken(map);
        FetchTokenRequest fetchTokenRequest = new FetchTokenRequest();
        fetchTokenRequest.setClientId(this.authConfig.getClientId());
        fetchTokenRequest.setClientSecret(this.authConfig.getClientSecret());
        fetchTokenRequest.setCode(fetch);
        fetchTokenRequest.setCallbackUrl(this.authConfig.getCallbackUrl());
        fetchTokenRequest.setScope(this.authRouteIdSet.getGcpScopes());
        return this.authApi.fetchToken(fetchTokenRequest).thenCompose(fetchTokenResponse -> {
            return validateToken(fetchTokenResponse);
        }).thenCompose(profileAndTokens -> {
            return fetchPageToRedirectTo(profileAndTokens);
        });
    }

    private XFuture<ProfileAndTokens> validateToken(FetchTokenResponse fetchTokenResponse) {
        return this.googleAuth.fetchProfile(fetchTokenResponse.getIdToken()).thenApply(userProfile -> {
            return new ProfileAndTokens(fetchTokenResponse, userProfile);
        });
    }

    private void validateToken(Map<String, List<String>> map) {
        String fetch = fetch(map, "state");
        String remove = Current.session().remove(AUTH0_SECRET_KEY);
        log.info("fetch from session=" + remove + "   state from auth0=" + fetch);
        if (!remove.equals(fetch)) {
            throw new ForbiddenException("You cheater!!!  no soup for you! state=" + fetch + " session=" + remove);
        }
    }

    public XFuture<Redirect> fetchPageToRedirectTo(ProfileAndTokens profileAndTokens) {
        return this.saveUser.saveUserIfNotExist(profileAndTokens).thenApply(r5 -> {
            return continueRedirect(profileAndTokens);
        });
    }

    private Redirect continueRedirect(ProfileAndTokens profileAndTokens) {
        String email = profileAndTokens.getProfile().getEmail();
        if (email == null) {
            throw new IllegalStateException("saveUserIfNotExist returned a null email in SaveUserResponse");
        }
        Current.session().put(GoogleAuthPlugin.USER_ID_TOKEN, email);
        String str = Current.flash().get("url");
        if (str == null) {
            Current.flash().keep(false);
            Current.validation().keep(false);
            return Actions.redirect(this.authRouteIdSet.getToRenderAfterLogin(), new Object[0]);
        }
        Current.getContext().moveFormParamsToFlash(new HashSet(Arrays.asList(this.authRouteIdSet.getSecureFields())));
        Current.flash().keep(true);
        return Actions.redirectToUrl(str);
    }

    private String fetch(Map<String, List<String>> map, String str) {
        List<String> list = map.get(str);
        if (list == null || list.size() == 0) {
            return null;
        }
        if (list.size() > 1) {
            throw new IllegalStateException("Provider returned more than 1 string for tokenkey=" + str + " list=" + list);
        }
        return list.get(0);
    }
}
