package com.manydesigns.portofino.oauth;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.CredentialStore;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.elements.ognl.OgnlUtils;
import com.manydesigns.portofino.model.database.ConnectionProvider;
import com.manydesigns.portofino.shiro.ShiroUtils;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.Callable;
import net.sourceforge.stripes.action.ActionBeanContext;
import net.sourceforge.stripes.action.RedirectResolution;
import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.util.UrlBuilder;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/oauth/OAuthHelper.class */
public class OAuthHelper {
    public static final String copyright = "Copyright (C) 2005-2025 ManyDesigns srl";
    protected CredentialStore credentialStore;
    protected String authorizeMethod;
    protected HttpTransport httpTransport;
    protected Credential.AccessMethod accessMethod;
    protected final ActionBeanContext actionBeanContext;
    protected final String tokenServerUrl;
    protected final String authorizationServerUrl;
    protected final Collection<String> scopes;
    protected final String clientId;
    protected final String clientSecret;
    protected String error;
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) OAuthHelper.class);
    protected static final JsonFactory JSON_FACTORY = new GsonFactory();

    public OAuthHelper(ActionBeanContext actionBeanContext, String str, String str2, Collection<String> collection, String str3, String str4) {
        this.authorizeMethod = "authorize";
        this.httpTransport = new NetHttpTransport();
        this.accessMethod = BearerToken.authorizationHeaderAccessMethod();
        this.actionBeanContext = actionBeanContext;
        this.tokenServerUrl = str;
        this.authorizationServerUrl = str2;
        this.scopes = collection;
        this.clientId = str3;
        this.clientSecret = str4;
    }

    public OAuthHelper(ActionBeanContext actionBeanContext, String str, String str2, String str3, String str4, String str5) {
        this(actionBeanContext, str, str2, Collections.singleton(str3), str4, str5);
    }

    public String computeAuthorizationUrl() {
        return new AuthorizationCodeRequestUrl(this.authorizationServerUrl, this.clientId).setRedirectUri(getRedirectUrl()).setScopes(this.scopes).build();
    }

    public String getRedirectUrl() {
        return new UrlBuilder(this.actionBeanContext.getLocale(), this.actionBeanContext.getRequest().getRequestURL().toString(), false).setEvent(this.authorizeMethod).toString();
    }

    public Credential authorize(String str, @Nullable String str2) throws IOException {
        String redirectUrl = getRedirectUrl();
        AuthorizationCodeFlow createCodeFlow = createCodeFlow();
        return createCodeFlow.createAndStoreCredential(createCodeFlow.newTokenRequest(str).setRedirectUri(redirectUrl).setScopes(this.scopes).execute(), str2);
    }

    public Credential authorize(HttpServletRequest httpServletRequest, String str) throws IOException {
        this.error = httpServletRequest.getParameter(ConnectionProvider.STATUS_ERROR);
        if (!StringUtils.isBlank(this.error)) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            throw new RuntimeException("No authorization code found in request");
        }
        return authorize(parameter, str);
    }

    public Credential authorize() throws IOException {
        HttpServletRequest httpServletRequest = ElementsThreadLocals.getHttpServletRequest();
        Subject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() == null) {
            throw new IllegalStateException("User is not logged in, can not determine the user id");
        }
        return authorize(httpServletRequest, OgnlUtils.convertValueToString(ShiroUtils.getUserId(subject)));
    }

    public Resolution doWithCredential(String str, Callable<Resolution> callable) {
        if (loadCredential(str) == null) {
            return new RedirectResolution(computeAuthorizationUrl());
        }
        try {
            return callable.call();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Resolution doWithCredential(Callable<Resolution> callable) {
        Subject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() == null) {
            throw new IllegalStateException("User is not logged in, can not determine the user id");
        }
        return doWithCredential(OgnlUtils.convertValueToString(ShiroUtils.getUserId(subject)), callable);
    }

    protected AuthorizationCodeFlow createCodeFlow() {
        return new AuthorizationCodeFlow.Builder(this.accessMethod, this.httpTransport, JSON_FACTORY, new GenericUrl(this.tokenServerUrl), getHttpExecuteInterceptor(), this.clientId, this.authorizationServerUrl).setScopes(this.scopes).setCredentialStore(this.credentialStore).build();
    }

    protected HttpExecuteInterceptor getHttpExecuteInterceptor() {
        return new ClientParametersAuthentication(this.clientId, this.clientSecret);
    }

    public Credential loadCredential(String str) {
        try {
            return createCodeFlow().loadCredential(str);
        } catch (IOException e) {
            logger.error("Could not load credential", (Throwable) e);
            return null;
        }
    }

    public CredentialStore getCredentialStore() {
        return this.credentialStore;
    }

    public void setCredentialStore(CredentialStore credentialStore) {
        this.credentialStore = credentialStore;
    }

    public String getAuthorizeMethod() {
        return this.authorizeMethod;
    }

    public void setAuthorizeMethod(String str) {
        this.authorizeMethod = str;
    }

    public HttpTransport getHttpTransport() {
        return this.httpTransport;
    }

    public void setHttpTransport(HttpTransport httpTransport) {
        this.httpTransport = httpTransport;
    }

    public Credential.AccessMethod getAccessMethod() {
        return this.accessMethod;
    }

    public void setAccessMethod(Credential.AccessMethod accessMethod) {
        this.accessMethod = accessMethod;
    }

    public String getError() {
        return this.error;
    }

    public JsonFactory getJsonFactory() {
        return JSON_FACTORY;
    }
}
