package io.castled.oauth;

import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.common.collect.Lists;
import io.castled.exceptions.CastledRuntimeException;
import java.util.ArrayList;
import java.util.List;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/castled/oauth/GoogleOAuthAccessProvider.class */
public abstract class GoogleOAuthAccessProvider extends BaseOauthAccessProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) GoogleOAuthAccessProvider.class);
    public static final String USERINFO_EMAIL = "https://www.googleapis.com/auth/userinfo.email";
    private final GoogleAuthorizationCodeFlow authorizationCodeFlow;

    public GoogleOAuthAccessProvider(OAuthClientConfig oAuthClientConfig) throws Exception {
        this.authorizationCodeFlow = new GoogleAuthorizationCodeFlow.Builder(GoogleNetHttpTransport.newTrustedTransport(), JacksonFactory.getDefaultInstance(), oAuthClientConfig.getClientId(), oAuthClientConfig.getClientSecret(), getAuthorizationScopes()).setAccessType("offline").setApprovalPrompt("force").build();
    }

    public List<String> getAuthorizationScopes() {
        ArrayList newArrayList = Lists.newArrayList();
        if (!newArrayList.contains(USERINFO_EMAIL)) {
            newArrayList.add(USERINFO_EMAIL);
        }
        newArrayList.addAll(getScopes());
        return newArrayList;
    }

    public abstract List<String> getScopes();

    @Override // io.castled.oauth.OAuthAccessProvider
    public String getAuthorizationUrl(String str, String str2, String str3) {
        return this.authorizationCodeFlow.newAuthorizationUrl().setRedirectUri(str2).setState(str).build();
    }

    @Override // io.castled.oauth.BaseOauthAccessProvider
    public OAuthAccessConfig getAccessConfig(String str, String str2) {
        try {
            GoogleTokenResponse execute = this.authorizationCodeFlow.newTokenRequest(str).setRedirectUri(str2).execute();
            return doGetAccessConfig(execute.getAccessToken(), execute.getRefreshToken(), (String) new JwtConsumerBuilder().setSkipSignatureVerification().setSkipDefaultAudienceValidation().build().processToClaims(execute.getIdToken()).getClaimsMap().get("email"));
        } catch (Exception e) {
            log.error("Get Access config failed", (Throwable) e);
            throw new CastledRuntimeException(e);
        }
    }

    public abstract OAuthAccessConfig doGetAccessConfig(String str, String str2, String str3);
}
