package net.yadaframework.security.components;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.List;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.security.persistence.entity.YadaSocialCredentials;
import net.yadaframework.security.persistence.entity.YadaUserCredentials;
import net.yadaframework.security.persistence.repository.YadaSocialCredentialsDao;
import net.yadaframework.security.persistence.repository.YadaUserCredentialsDao;
import net.yadaframework.security.web.YadaSocialRegistrationData;
import org.apache.commons.lang3.LocaleUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.social.facebook.api.User;
import org.springframework.social.facebook.api.impl.FacebookTemplate;
import org.springframework.stereotype.Component;
import org.springframework.ui.Model;

@Component
/* loaded from: input_file:net/yadaframework/security/components/YadaSecuritySocial.class */
public class YadaSecuritySocial {
    private final transient Logger log = LoggerFactory.getLogger(getClass());

    @Autowired
    private YadaSecurityUtil yadaSecurityUtil;

    @Autowired
    private YadaSocialCredentialsDao yadaSocialCredentialsDao;

    @Autowired
    private YadaUserCredentialsDao yadaUserCredentialsDao;

    @Autowired
    private YadaConfiguration config;

    @Autowired
    private YadaUserDetailsService yadaUserDetailsService;
    private GoogleIdTokenVerifier googleIdTokenVerifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/yadaframework/security/components/YadaSecuritySocial$Credentials.class */
    public class Credentials {
        YadaSocialCredentials yadaSocialCredential;
        YadaUserCredentials yadaUserCredential;

        private Credentials() {
            this.yadaSocialCredential = null;
            this.yadaUserCredential = null;
        }
    }

    /* loaded from: input_file:net/yadaframework/security/components/YadaSecuritySocial$YadaSocialAuthenticationOutcome.class */
    public enum YadaSocialAuthenticationOutcome {
        AUTHENTICATED_NORMAL,
        AUTHENTICATED_REDIRECT,
        AUTHENTICATED_UNREGISTERED,
        UNAUTHENTICATED_NOPROFILE,
        UNAUTHENTICATED_NOTVERIFIED,
        UNAUTHENTICATED_OTHER;

        public YadaSocialRegistrationData yadaSocialRegistrationData;

        public YadaSocialAuthenticationOutcome setYadaSocialRegistrationData(YadaSocialRegistrationData yadaSocialRegistrationData) {
            this.yadaSocialRegistrationData = yadaSocialRegistrationData;
            return this;
        }
    }

    @EventListener
    public void init(ContextRefreshedEvent contextRefreshedEvent) throws GeneralSecurityException, IOException {
        this.googleIdTokenVerifier = new GoogleIdTokenVerifier.Builder(GoogleNetHttpTransport.newTrustedTransport(), GsonFactory.getDefaultInstance()).setAudience(Collections.singletonList(this.config.getGoogleClientId())).build();
    }

    private void linkSocialCredentials(Credentials credentials, String str, String str2) {
        if (credentials.yadaSocialCredential == null) {
            credentials.yadaSocialCredential = new YadaSocialCredentials();
            credentials.yadaSocialCredential.setYadaUserCredentials(credentials.yadaUserCredential);
        }
        credentials.yadaSocialCredential.setEmail(str);
        credentials.yadaSocialCredential.setSocialId(str2);
        credentials.yadaSocialCredential.setType(this.config.getFacebookType());
        this.yadaSocialCredentialsDao.save(credentials.yadaSocialCredential);
    }

    public YadaSocialAuthenticationOutcome googleLogin(String str, boolean z, Model model) {
        try {
            GoogleIdToken verify = this.googleIdTokenVerifier.verify(str);
            if (verify == null) {
                return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_NOPROFILE;
            }
            GoogleIdToken.Payload payload = verify.getPayload();
            String email = payload.getEmail();
            if (StringUtils.isBlank(email)) {
                return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_NOPROFILE;
            }
            boolean equals = Boolean.TRUE.equals(payload.getEmailVerified());
            if (z && !equals) {
                return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_NOTVERIFIED;
            }
            YadaSocialRegistrationData yadaSocialRegistrationData = new YadaSocialRegistrationData();
            yadaSocialRegistrationData.socialId = payload.getSubject();
            yadaSocialRegistrationData.email = StringUtils.trimToEmpty(email.toLowerCase());
            yadaSocialRegistrationData.name = (String) payload.get("name");
            yadaSocialRegistrationData.surname = (String) payload.get("family_name");
            yadaSocialRegistrationData.accessToken = str;
            yadaSocialRegistrationData.socialType = this.config.getGoogleType();
            yadaSocialRegistrationData.pictureUrl = (String) payload.get("picture");
            String str2 = (String) payload.get("locale");
            try {
                yadaSocialRegistrationData.locale = LocaleUtils.toLocale(str2);
            } catch (Exception e) {
                this.log.info("Can't parse locale '{}' (ignored)", str2);
            }
            return finalizeLogin(yadaSocialRegistrationData, model);
        } catch (Exception e2) {
            this.log.error("Google Exception", e2);
            return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_OTHER;
        }
    }

    public YadaSocialAuthenticationOutcome facebookLogin(String str, boolean z, Model model) {
        try {
            User user = (User) new FacebookTemplate(str).fetchObject("me", User.class, new String[]{"id", "email", "first_name", "last_name", "verified"});
            if (user == null || StringUtils.isBlank(user.getEmail())) {
                return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_NOPROFILE;
            }
            this.log.debug("Social login for {} - {}", user.getName(), user.getEmail());
            if (z && !user.isVerified().booleanValue()) {
                return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_NOTVERIFIED;
            }
            YadaSocialRegistrationData yadaSocialRegistrationData = new YadaSocialRegistrationData();
            yadaSocialRegistrationData.socialId = user.getId();
            yadaSocialRegistrationData.email = StringUtils.trimToEmpty(user.getEmail()).toLowerCase();
            yadaSocialRegistrationData.name = user.getFirstName();
            yadaSocialRegistrationData.surname = user.getLastName();
            yadaSocialRegistrationData.accessToken = str;
            yadaSocialRegistrationData.socialType = this.config.getFacebookType();
            return finalizeLogin(yadaSocialRegistrationData, model);
        } catch (Throwable th) {
            this.log.error("Facebook Exception", th);
            return YadaSocialAuthenticationOutcome.UNAUTHENTICATED_OTHER;
        }
    }

    private YadaSocialAuthenticationOutcome finalizeLogin(YadaSocialRegistrationData yadaSocialRegistrationData, Model model) {
        String savedRequestUrl = this.yadaSecurityUtil.getSavedRequestUrl();
        List<YadaSocialCredentials> findBySocialIdAndType = this.yadaSocialCredentialsDao.findBySocialIdAndType(yadaSocialRegistrationData.socialId, this.config.getFacebookType());
        if (!findBySocialIdAndType.isEmpty()) {
            YadaUserCredentials yadaUserCredentials = findBySocialIdAndType.get(0).getYadaUserCredentials();
            this.yadaUserDetailsService.authenticateAs(yadaUserCredentials);
            this.log.debug("Social Login: user='{}'", yadaUserCredentials.getUsername());
            if (savedRequestUrl == null) {
                return YadaSocialAuthenticationOutcome.AUTHENTICATED_NORMAL.setYadaSocialRegistrationData(yadaSocialRegistrationData);
            }
            model.addAttribute("targetUrl", savedRequestUrl);
            return YadaSocialAuthenticationOutcome.AUTHENTICATED_REDIRECT.setYadaSocialRegistrationData(yadaSocialRegistrationData);
        }
        YadaUserCredentials findFirstByUsername = this.yadaUserCredentialsDao.findFirstByUsername(yadaSocialRegistrationData.email);
        if (findFirstByUsername == null) {
            return YadaSocialAuthenticationOutcome.AUTHENTICATED_UNREGISTERED.setYadaSocialRegistrationData(yadaSocialRegistrationData);
        }
        Credentials credentials = new Credentials();
        credentials.yadaUserCredential = findFirstByUsername;
        linkSocialCredentials(credentials, yadaSocialRegistrationData.email, yadaSocialRegistrationData.socialId);
        this.yadaUserDetailsService.authenticateAs(credentials.yadaUserCredential);
        this.log.debug("Social Login: user='{}'", credentials.yadaUserCredential.getUsername());
        if (savedRequestUrl == null) {
            return YadaSocialAuthenticationOutcome.AUTHENTICATED_NORMAL.setYadaSocialRegistrationData(yadaSocialRegistrationData);
        }
        model.addAttribute("targetUrl", savedRequestUrl);
        return YadaSocialAuthenticationOutcome.AUTHENTICATED_REDIRECT.setYadaSocialRegistrationData(yadaSocialRegistrationData);
    }
}
