package org.isuper.social.google.web;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.Logger;
import org.isuper.common.utils.Preconditions;
import org.isuper.oauth.client.exceptions.InvalidOAuthCredentialException;
import org.isuper.oauth.client.exceptions.RefreshTokenRevokedException;
import org.isuper.oauth.core.OAuthCredential;
import org.isuper.social.core.BaseSocialAccount;
import org.isuper.social.core.UserAccount;
import org.isuper.social.core.utils.SocialUtils;
import org.isuper.social.google.utils.GoogleOAuth2Client;

/* loaded from: input_file:org/isuper/social/google/web/GooglePlusLoginFilter.class */
public class GooglePlusLoginFilter implements Filter {
    private static final Logger LOG = SocialUtils.getLogger();
    private boolean codeOnly;
    private GoogleOAuth2Client googleOAuthClient;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("codeOnly");
        this.codeOnly = Preconditions.isEmptyString(initParameter) ? false : Boolean.parseBoolean(initParameter);
        this.googleOAuthClient = GoogleOAuth2Client.instance();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestFullUrl = SocialUtils.getRequestFullUrl(httpServletRequest);
        UserAccount<?> loadUserAccount = SocialUtils.loadUserAccount(httpServletRequest, httpServletResponse);
        if (loadUserAccount == null) {
            OAuthCredential loadOAuthCredential = SocialUtils.loadOAuthCredential(GoogleOAuth2Client.getProviderName(), httpServletRequest, httpServletResponse);
            if (loadOAuthCredential == null) {
                LOG.info(String.format("A guest user[%s] with empty token is trying to access restricted resource: %s.", httpServletRequest.getRemoteAddr(), requestFullUrl));
                if (this.codeOnly) {
                    httpServletResponse.sendError(401, "missing_credential");
                    return;
                } else {
                    SocialUtils.saveLastUrl(httpServletRequest, httpServletResponse);
                    redirectToConnectPage(httpServletRequest, httpServletResponse);
                    return;
                }
            }
            if (Preconditions.isEmptyString(loadOAuthCredential.accessToken)) {
                String refreshToken = loadOAuthCredential.getRefreshToken();
                try {
                    if (Preconditions.isEmptyString(refreshToken)) {
                        LOG.warn(String.format("A guest user[%s] with invalid access token is trying to access restricted resource: %s.", httpServletRequest.getRemoteAddr(), requestFullUrl));
                        if (this.codeOnly) {
                            httpServletResponse.sendError(401, "invalid_credential");
                            return;
                        } else {
                            SocialUtils.saveLastUrl(httpServletRequest, httpServletResponse);
                            redirectToConnectPage(httpServletRequest, httpServletResponse);
                            return;
                        }
                    }
                    try {
                        loadOAuthCredential = this.googleOAuthClient.refreshToken(refreshToken, httpServletRequest, httpServletResponse);
                        if (loadOAuthCredential == null) {
                            throw new IOException("Failed to refresh token for unknown reason");
                        }
                        SocialUtils.saveOAuthCredential(GoogleOAuth2Client.getProviderName(), loadOAuthCredential, httpServletRequest, httpServletResponse);
                    } catch (RefreshTokenRevokedException | IOException e) {
                        LOG.warn(String.format("Unable to refresh access token with current refresh token '%s' for the guest user[%s] because of: %s.", refreshToken, httpServletRequest.getRemoteAddr(), e.getMessage()));
                        if (this.codeOnly) {
                            httpServletResponse.sendError(401, "invalid_credential");
                        } else {
                            SocialUtils.saveLastUrl(httpServletRequest, httpServletResponse);
                            redirectToConnectPage(httpServletRequest, httpServletResponse);
                        }
                        SocialUtils.saveOAuthCredential(GoogleOAuth2Client.getProviderName(), (OAuthCredential) null, httpServletRequest, httpServletResponse);
                        return;
                    }
                } catch (Throwable th) {
                    SocialUtils.saveOAuthCredential(GoogleOAuth2Client.getProviderName(), loadOAuthCredential, httpServletRequest, httpServletResponse);
                    throw th;
                }
            }
            try {
                loadUserAccount = this.googleOAuthClient.getMyInfo(loadOAuthCredential);
                if (loadUserAccount == null) {
                    throw new IOException("Failed to retrieve account info for unknown reason");
                }
            } catch (InvalidOAuthCredentialException | IOException e2) {
                LOG.warn(String.format("Unable to retrieve account info with current access token '%s' for the guest user[%s] because of: %s.", loadOAuthCredential.accessToken, httpServletRequest.getRemoteAddr(), e2.getMessage()));
                if (this.codeOnly) {
                    httpServletResponse.sendError(401, "invalid_credential");
                    return;
                } else {
                    SocialUtils.saveLastUrl(httpServletRequest, httpServletResponse);
                    redirectToConnectPage(httpServletRequest, httpServletResponse);
                    return;
                }
            }
        } else {
            SocialUtils.saveOAuthCredential(GoogleOAuth2Client.getProviderName(), loadUserAccount.getCredential(), httpServletRequest, httpServletResponse);
        }
        BaseSocialAccount socialAccount = loadUserAccount.getSocialAccount();
        if (socialAccount != null && !Preconditions.isEmptyString(socialAccount.socialId) && !Preconditions.isEmptyString(socialAccount.provider)) {
            SocialUtils.saveUserAccount(loadUserAccount, httpServletRequest, httpServletResponse);
            LOG.info(String.format("The %s user %s[%s] is accessing: %s.", socialAccount.provider, socialAccount.socialId, httpServletRequest.getRemoteAddr(), requestFullUrl));
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            LOG.warn(String.format("Invalid account info.", new Object[0]));
            if (this.codeOnly) {
                httpServletResponse.sendError(401, "invalid_account");
            } else {
                SocialUtils.saveLastUrl(httpServletRequest, httpServletResponse);
                redirectToConnectPage(httpServletRequest, httpServletResponse);
            }
        }
    }

    private static void redirectToConnectPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String str = httpServletRequest.getContextPath() + GoogleOAuth2Client.PATH_CONNECT;
        LOG.info(String.format("Redirecting to: %s", str));
        httpServletResponse.sendRedirect(str);
    }

    public void destroy() {
        try {
            if (this.googleOAuthClient != null) {
                this.googleOAuthClient.close();
            }
        } catch (IOException e) {
            LOG.error(e.getMessage(), e);
        }
    }
}
