package org.springframework.security.boot.google.authentication;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.api.client.util.Clock;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Objects;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.boot.biz.authentication.AuthenticationProcessingFilter;
import org.springframework.security.boot.google.exception.GoogleAccessTokenIncorrectException;
import org.springframework.security.boot.google.exception.GoogleAccessTokenInvalidException;
import org.springframework.security.boot.google.exception.GoogleAccessTokenNotFoundException;
import org.springframework.security.boot.utils.WebUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/* loaded from: input_file:org/springframework/security/boot/google/authentication/GoogleAuthenticationProcessingFilter.class */
public class GoogleAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
    public static final String AUTHORIZATION_PARAM = "accessToken";
    private ObjectMapper objectMapper;
    private GooglePublicKeysManager publicKeysManager;
    private String authorizationParamName;
    private List<String> clientIds;
    private Clock clock;
    private long acceptableTimeSkewSeconds;

    public GoogleAuthenticationProcessingFilter(ObjectMapper objectMapper) {
        super(new AntPathRequestMatcher("/login/google"));
        this.objectMapper = new ObjectMapper();
        this.authorizationParamName = AUTHORIZATION_PARAM;
        this.clock = Clock.SYSTEM;
        this.acceptableTimeSkewSeconds = 300L;
        this.objectMapper = objectMapper;
    }

    public Authentication doAttemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String accessToken = WebUtils.isObjectRequest(httpServletRequest) ? ((GoogleLoginRequest) this.objectMapper.readValue(httpServletRequest.getReader(), GoogleLoginRequest.class)).getAccessToken() : obtainAccessToken(httpServletRequest);
        if (accessToken == null) {
            accessToken = "";
        }
        String trim = accessToken.trim();
        if (StringUtils.isBlank(trim)) {
            throw new GoogleAccessTokenNotFoundException("accessToken not provided");
        }
        try {
            GoogleIdToken verify = new GoogleIdTokenVerifier.Builder(this.publicKeysManager).setAcceptableTimeSkewSeconds(this.acceptableTimeSkewSeconds).setClock(this.clock).setAudience(this.clientIds).build().verify(trim);
            if (Objects.isNull(verify)) {
                throw new GoogleAccessTokenInvalidException(" Google Id Token Invalid ");
            }
            GoogleAuthenticationToken googleAuthenticationToken = new GoogleAuthenticationToken(verify, trim);
            googleAuthenticationToken.setAppId(obtainAppId(httpServletRequest));
            googleAuthenticationToken.setAppChannel(obtainAppChannel(httpServletRequest));
            googleAuthenticationToken.setAppVersion(obtainAppVersion(httpServletRequest));
            googleAuthenticationToken.setUid(obtainUid(httpServletRequest));
            googleAuthenticationToken.setLongitude(obtainLongitude(httpServletRequest));
            googleAuthenticationToken.setLatitude(obtainLatitude(httpServletRequest));
            googleAuthenticationToken.setSign(obtainSign(httpServletRequest));
            setDetails(httpServletRequest, googleAuthenticationToken);
            return getAuthenticationManager().authenticate(googleAuthenticationToken);
        } catch (GeneralSecurityException e) {
            throw new GoogleAccessTokenIncorrectException(" Google Id Token Verifier Exception : ", e);
        }
    }

    protected String obtainAccessToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(getAuthorizationParamName());
    }

    protected void setDetails(HttpServletRequest httpServletRequest, AbstractAuthenticationToken abstractAuthenticationToken) {
        abstractAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    public String getAuthorizationParamName() {
        return this.authorizationParamName;
    }

    public void setAuthorizationParamName(String str) {
        this.authorizationParamName = str;
    }

    public GooglePublicKeysManager getPublicKeysManager() {
        return this.publicKeysManager;
    }

    public void setPublicKeysManager(GooglePublicKeysManager googlePublicKeysManager) {
        this.publicKeysManager = googlePublicKeysManager;
    }

    public List<String> getClientIds() {
        return this.clientIds;
    }

    public void setClientIds(List<String> list) {
        this.clientIds = list;
    }

    public Clock getClock() {
        return this.clock;
    }

    public void setClock(Clock clock) {
        this.clock = clock;
    }

    public long getAcceptableTimeSkewSeconds() {
        return this.acceptableTimeSkewSeconds;
    }

    public void setAcceptableTimeSkewSeconds(long j) {
        this.acceptableTimeSkewSeconds = j;
    }
}
