package jp.co.ap_com.spring.oauth2;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import java.io.IOException;
import java.util.Arrays;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.HttpStatusCodeException;

/* loaded from: input_file:jp/co/ap_com/spring/oauth2/OAuth2ProcessingFilter.class */
public class OAuth2ProcessingFilter extends AbstractAuthenticationProcessingFilter {
    private static final Log logger = LogFactory.getLog(OAuth2ProcessingFilter.class);
    private final Lock lock;
    private final OAuth2CsrfManager csrfManager;
    private AuthorizationCodeFlow flow;
    private AuthorizationCodeResourceDetails resourceDetails;
    private UserInfoTokenServices tokenServices;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: jp.co.ap_com.spring.oauth2.OAuth2ProcessingFilter$1, reason: invalid class name */
    /* loaded from: input_file:jp/co/ap_com/spring/oauth2/OAuth2ProcessingFilter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$springframework$security$oauth2$common$AuthenticationScheme = new int[AuthenticationScheme.values().length];

        static {
            try {
                $SwitchMap$org$springframework$security$oauth2$common$AuthenticationScheme[AuthenticationScheme.header.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$springframework$security$oauth2$common$AuthenticationScheme[AuthenticationScheme.form.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$springframework$security$oauth2$common$AuthenticationScheme[AuthenticationScheme.query.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth2ProcessingFilter(String str, AuthorizationCodeResourceDetails authorizationCodeResourceDetails, UserInfoTokenServices userInfoTokenServices) {
        super(str);
        this.lock = new ReentrantLock();
        this.csrfManager = new OAuth2CsrfManager();
        this.resourceDetails = authorizationCodeResourceDetails;
        this.tokenServices = userInfoTokenServices;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        try {
            String authorizationCode = getAuthorizationCode(httpServletRequest);
            if (authorizationCode == null) {
                setupRedirect(httpServletRequest, httpServletResponse);
                return null;
            }
            this.lock.lock();
            try {
                OAuth2Authentication loadAuthentication = this.tokenServices.loadAuthentication(getFlow().newTokenRequest(authorizationCode).setRedirectUri(getCurrentUrl(httpServletRequest)).execute().getAccessToken());
                this.lock.unlock();
                return loadAuthentication;
            } catch (Throwable th) {
                this.lock.unlock();
                throw th;
            }
        } catch (HttpStatusCodeException e) {
            httpServletResponse.setStatus(e.getRawStatusCode());
            return null;
        }
    }

    private String getAuthorizationCode(HttpServletRequest httpServletRequest) {
        try {
            AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(getCurrentUrl(httpServletRequest, true));
            if (authorizationCodeResponseUrl.getError() != null) {
                logger.error(authorizationCodeResponseUrl.getError());
                throw new HttpServerErrorException(HttpStatus.INTERNAL_SERVER_ERROR);
            }
            if (!this.csrfManager.isValidState(httpServletRequest, authorizationCodeResponseUrl)) {
                throw new HttpServerErrorException(HttpStatus.FORBIDDEN);
            }
            this.csrfManager.removeState(httpServletRequest);
            return authorizationCodeResponseUrl.getCode();
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    private void setupRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        this.lock.lock();
        try {
            String currentUrl = getCurrentUrl(httpServletRequest);
            String generateAndSaveState = this.csrfManager.generateAndSaveState(httpServletRequest);
            AuthorizationCodeRequestUrl newAuthorizationUrl = getFlow().newAuthorizationUrl();
            newAuthorizationUrl.setRedirectUri(currentUrl);
            newAuthorizationUrl.setResponseTypes(Arrays.asList("code"));
            newAuthorizationUrl.setState(generateAndSaveState);
            httpServletResponse.sendRedirect(newAuthorizationUrl.build());
            this.lock.unlock();
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    private String getCurrentUrl(HttpServletRequest httpServletRequest) {
        return getCurrentUrl(httpServletRequest, false);
    }

    private String getCurrentUrl(HttpServletRequest httpServletRequest, boolean z) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (z && httpServletRequest.getQueryString() != null) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        return requestURL.toString();
    }

    private AuthorizationCodeFlow getFlow() {
        if (this.flow == null) {
            this.flow = initializeFlow();
        }
        return this.flow;
    }

    private AuthorizationCodeFlow initializeFlow() {
        Credential.AccessMethod queryParameterAccessMethod;
        AuthenticationScheme authenticationScheme = this.resourceDetails.getAuthenticationScheme() != null ? this.resourceDetails.getAuthenticationScheme() : AuthenticationScheme.header;
        switch (AnonymousClass1.$SwitchMap$org$springframework$security$oauth2$common$AuthenticationScheme[authenticationScheme.ordinal()]) {
            case 1:
                queryParameterAccessMethod = BearerToken.authorizationHeaderAccessMethod();
                break;
            case 2:
                queryParameterAccessMethod = BearerToken.formEncodedBodyAccessMethod();
                break;
            case 3:
                queryParameterAccessMethod = BearerToken.queryParameterAccessMethod();
                break;
            default:
                throw new IllegalStateException("Default authentication handler doesn't know how to handle scheme: " + authenticationScheme);
        }
        String clientId = this.resourceDetails.getClientId();
        String clientSecret = this.resourceDetails.getClientSecret();
        return new AuthorizationCodeFlow.Builder(queryParameterAccessMethod, new NetHttpTransport(), JacksonFactory.getDefaultInstance(), new GenericUrl(this.resourceDetails.getAccessTokenUri()), new JsonClientParametersAuthentication(clientId, clientSecret), clientId, this.resourceDetails.getUserAuthorizationUri()).build();
    }
}
