package com.google.cloud.broker.apps.authorizer;

import ch.qos.logback.classic.Level;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.apache.v2.ApacheHttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.Key;
import com.google.cloud.broker.database.backends.AbstractDatabaseBackend;
import com.google.cloud.broker.encryption.backends.AbstractEncryptionBackend;
import com.google.cloud.broker.oauth.GoogleClientSecretsLoader;
import com.google.cloud.broker.oauth.RefreshToken;
import com.google.cloud.broker.settings.AppSettings;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.Resources;
import com.google.template.soy.SoyFileSet;
import com.google.template.soy.data.SanitizedContent;
import com.google.template.soy.jbcsrc.api.SoySauce;
import java.io.IOException;
import java.io.Writer;
import java.net.InetSocketAddress;
import java.util.Set;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/cloud/broker/apps/authorizer/Authorizer.class */
public class Authorizer implements AutoCloseable {
    private Server server;
    private static final String CODE_PARAM = "code";
    private static final String USER_INFO_URI = "https://www.googleapis.com/oauth2/v2/userinfo";
    private static final String GOOGLE_LOGIN_URI = "/google/login";
    private static final String GOOGLE_OAUTH2_CALLBACK_URI = "/google/oauth2callback";

    @VisibleForTesting
    AuthorizerServlet servlet;
    private static SoySauce soySauce = SoyFileSet.builder().add(Resources.getResource("index.soy")).add(Resources.getResource("success.soy")).add(Resources.getResource("server_error.soy")).build().compileTemplates();
    private static final HttpTransport HTTP_TRANSPORT = new ApacheHttpTransport();
    private static final JacksonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
    private static final GoogleClientSecrets CLIENT_SECRETS = GoogleClientSecretsLoader.getSecrets();
    private static final Credential.AccessMethod ACCESS_METHOD = BearerToken.queryParameterAccessMethod();
    private static final Set<String> SCOPES = ImmutableSet.of("https://www.googleapis.com/auth/devstorage.read_write", "email", "profile");
    private static final String AUTH_SERVER_URL = "https://accounts.google.com/o/oauth2/auth";
    private static final String TOKEN_URL = "https://oauth2.googleapis.com/token";
    private static final GoogleAuthorizationCodeFlow FLOW = new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT, JSON_FACTORY, CLIENT_SECRETS, SCOPES).setAuthorizationServerEncodedUrl(AUTH_SERVER_URL).setTokenServerUrl(new GenericUrl(TOKEN_URL)).setMethod(ACCESS_METHOD).setAccessType("offline").setApprovalPrompt("force").build();
    private static final String host = AppSettings.getInstance().getString("authorizer.host");
    private static final int port = AppSettings.getInstance().getInt("authorizer.port");

    /* loaded from: input_file:com/google/cloud/broker/apps/authorizer/Authorizer$AuthorizerServlet.class */
    public static class AuthorizerServlet extends HttpServlet {
        @VisibleForTesting
        void saveRefreshToken(String str, String str2) {
            AbstractDatabaseBackend.getInstance().save(new RefreshToken(str, AbstractEncryptionBackend.getInstance().encrypt(str2.getBytes()), (Long) null));
        }

        private void handleIndex(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.getWriter().write(((SanitizedContent) Authorizer.soySauce.renderTemplate("Authorizer.Templates.index").setData(ImmutableMap.builder().put("GOOGLE_LOGIN_URI", Authorizer.GOOGLE_LOGIN_URI).build()).renderHtml().get()).getContent());
        }

        private void handleLoginRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.sendRedirect(Authorizer.FLOW.newAuthorizationUrl().setRedirectUri(((Object) ((Request) httpServletRequest).getRootURL()) + Authorizer.GOOGLE_OAUTH2_CALLBACK_URI).build());
        }

        private void handleCallback(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.setContentType("text/html");
            String parameter = httpServletRequest.getParameter(Authorizer.CODE_PARAM);
            if (parameter == null) {
                httpServletResponse.setStatus(400);
                return;
            }
            GoogleTokenResponse execute = Authorizer.FLOW.newTokenRequest(parameter).setRedirectUri(((Object) ((Request) httpServletRequest).getRootURL()) + Authorizer.GOOGLE_OAUTH2_CALLBACK_URI).execute();
            saveRefreshToken(Authorizer.getUserInfo(new Credential(BearerToken.authorizationHeaderAccessMethod()).setAccessToken(execute.getAccessToken())).getEmail(), execute.getRefreshToken());
            httpServletResponse.getWriter().write(((SanitizedContent) Authorizer.soySauce.renderTemplate("Authorizer.Templates.success").renderHtml().get()).getContent());
        }

        protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.addHeader("X-Frame-Options", "deny");
            String requestURI = httpServletRequest.getRequestURI();
            boolean z = -1;
            switch (requestURI.hashCode()) {
                case 47:
                    if (requestURI.equals("/")) {
                        z = false;
                        break;
                    }
                    break;
                case 222295490:
                    if (requestURI.equals(Authorizer.GOOGLE_LOGIN_URI)) {
                        z = true;
                        break;
                    }
                    break;
                case 1877362567:
                    if (requestURI.equals(Authorizer.GOOGLE_OAUTH2_CALLBACK_URI)) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    handleIndex(httpServletRequest, httpServletResponse);
                    return;
                case true:
                    handleLoginRedirect(httpServletRequest, httpServletResponse);
                    return;
                case true:
                    handleCallback(httpServletRequest, httpServletResponse);
                    return;
                default:
                    httpServletResponse.setStatus(404);
                    httpServletResponse.getWriter().println("<h1>Page not found</h1>");
                    return;
            }
        }
    }

    /* loaded from: input_file:com/google/cloud/broker/apps/authorizer/Authorizer$CustomErrorHandler.class */
    public static class CustomErrorHandler extends ErrorHandler {
        protected void handleErrorPage(HttpServletRequest httpServletRequest, Writer writer, int i, String str) throws IOException {
            writer.write(((SanitizedContent) Authorizer.soySauce.renderTemplate("Authorizer.Templates.server_error").renderHtml().get()).getContent());
        }
    }

    /* loaded from: input_file:com/google/cloud/broker/apps/authorizer/Authorizer$UserInfo.class */
    public static class UserInfo extends GenericJson {

        @Key
        private String email;

        String getEmail() {
            return this.email;
        }
    }

    public static void main(String[] strArr) throws Exception {
        Authorizer authorizer = new Authorizer();
        authorizer.start();
        authorizer.join();
    }

    private static void setLoggingLevel() {
        LoggerFactory.getLogger("org.eclipse.jetty").setLevel(Level.toLevel(AppSettings.getInstance().getString("logging.level")));
    }

    public Authorizer() {
        setLoggingLevel();
        ServletContextHandler servletContextHandler = new ServletContextHandler(6);
        servletContextHandler.setContextPath("/");
        this.servlet = new AuthorizerServlet();
        servletContextHandler.addServlet(new ServletHolder(this.servlet), "/");
        this.server = new Server(new InetSocketAddress(host, port));
        this.server.setHandler(servletContextHandler);
        this.server.setStopAtShutdown(true);
        this.server.setErrorHandler(new CustomErrorHandler());
        for (Connector connector : this.server.getConnectors()) {
            HttpConnectionFactory defaultConnectionFactory = connector.getDefaultConnectionFactory();
            if (defaultConnectionFactory instanceof HttpConnectionFactory) {
                defaultConnectionFactory.getHttpConfiguration().addCustomizer(new ForwardedRequestCustomizer());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static UserInfo getUserInfo(Credential credential) throws IOException {
        HttpRequest buildGetRequest = HTTP_TRANSPORT.createRequestFactory(credential).buildGetRequest(new GenericUrl(USER_INFO_URI));
        buildGetRequest.getHeaders().setContentType("application/json");
        buildGetRequest.setParser(new JsonObjectParser(JSON_FACTORY));
        return (UserInfo) buildGetRequest.execute().parseAs(UserInfo.class);
    }

    void start() throws Exception {
        if (this.server != null) {
            this.server.start();
        }
    }

    private void join() throws Exception {
        if (this.server != null) {
            this.server.join();
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        if (this.server == null || this.server.isStopped()) {
            return;
        }
        this.server.stop();
    }
}
