package io.corbel.iam.auth.provider;

import io.corbel.iam.auth.OauthParams;
import io.corbel.iam.auth.google.api.Google;
import io.corbel.iam.auth.google.connect.GoogleConnectionFactory;
import io.corbel.iam.exception.ExchangeOauthCodeException;
import io.corbel.iam.exception.MissingOAuthParamsException;
import io.corbel.iam.exception.OauthServerConnectionException;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.iam.model.Identity;
import io.corbel.iam.repository.IdentityRepository;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.social.connect.Connection;
import org.springframework.social.oauth2.GrantType;
import org.springframework.social.oauth2.OAuth2Operations;
import org.springframework.social.oauth2.OAuth2Parameters;
import org.springframework.web.client.ResourceAccessException;

/* loaded from: input_file:io/corbel/iam/auth/provider/GoogleProvider.class */
public class GoogleProvider extends AbstractOAuth2Provider<Google> {
    private static final Logger LOG = LoggerFactory.getLogger(GoogleProvider.class);
    private static String REQUIRED_SCOPES = "profile email";

    public GoogleProvider(IdentityRepository identityRepository) {
        super(identityRepository);
    }

    @Override // io.corbel.iam.auth.provider.AbstractOAuth2Provider, io.corbel.iam.auth.provider.Provider
    public void setConfiguration(Map<String, String> map) {
        super.setConfiguration(map);
        this.connectionFactory = new GoogleConnectionFactory(map.get("clientId"), map.get("clientSecret"));
    }

    @Override // io.corbel.iam.auth.provider.Provider
    public Identity getIdentity(OauthParams oauthParams, String str, String str2) throws UnauthorizedException, MissingOAuthParamsException, ExchangeOauthCodeException, OauthServerConnectionException {
        try {
            Connection createConnection = this.connectionFactory.createConnection(getAccessGrant(oauthParams));
            if (createConnection == null || createConnection.hasExpired()) {
                throw new UnauthorizedException("Unable to verify identity with Google");
            }
            return this.identityRepository.findByOauthIdAndDomainAndOauthService(((Google) createConnection.getApi()).userOperations().getUserInfo().getId(), str2, str);
        } catch (ExchangeOauthCodeException e) {
            throw new UnauthorizedException("Unable to exchange code with Google: " + e.getMessage());
        } catch (Exception e2) {
            throw new UnauthorizedException("Unable to verify identity with Google: " + e2.getMessage());
        } catch (ResourceAccessException e3) {
            throw new OauthServerConnectionException("google", e3.getMessage());
        }
    }

    @Override // io.corbel.iam.auth.provider.AbstractOAuth2Provider, io.corbel.iam.auth.provider.Provider
    public String getAuthUrl(String str) {
        OAuth2Operations oAuthOperations = this.connectionFactory.getOAuthOperations();
        OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
        oAuth2Parameters.setRedirectUri(this.redirectUri);
        try {
            oAuth2Parameters.setState(URLEncoder.encode("assertion=" + str, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            LOG.error("UTF-8 not supported");
        }
        oAuth2Parameters.setScope(REQUIRED_SCOPES);
        return oAuthOperations.buildAuthorizeUrl(GrantType.IMPLICIT_GRANT, oAuth2Parameters);
    }
}
