package com.google.api.server.spi.auth;

import com.google.api.server.spi.config.ApiMethodConfig;
import com.google.api.server.spi.config.scope.AuthScopeExpression;
import com.google.appengine.api.oauth.OAuthRequestException;
import com.google.appengine.api.oauth.OAuthServiceFactory;
import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserServiceFactory;
import com.google.appengine.api.utils.SystemProperty;
import com.google.appengine.repackaged.com.google.api.client.http.GenericUrl;
import com.google.appengine.repackaged.com.google.api.client.http.HttpHeaders;
import com.google.appengine.repackaged.com.google.api.client.http.HttpRequest;
import com.google.appengine.repackaged.com.google.api.client.http.HttpRequestFactory;
import com.google.appengine.repackaged.com.google.api.client.http.HttpRequestInitializer;
import com.google.appengine.repackaged.com.google.api.client.http.HttpResponse;
import com.google.appengine.repackaged.com.google.api.client.json.JsonObjectParser;
import com.google.appengine.repackaged.com.google.common.annotations.VisibleForTesting;
import com.google.appengine.repackaged.com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.util.List;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/api/server/spi/auth/AppEngineAuthUtils.class */
public class AppEngineAuthUtils {
    private static final Logger logger = Logger.getLogger(AppEngineAuthUtils.class.getName());
    private final boolean clientIdWhitelistEnabled;
    private final HttpRequestFactory httpRequestFactory = AuthUtils.getHttpTransport().createRequestFactory(new HttpRequestInitializer() { // from class: com.google.api.server.spi.auth.AppEngineAuthUtils.1
        @Override // com.google.appengine.repackaged.com.google.api.client.http.HttpRequestInitializer
        public void initialize(HttpRequest httpRequest) {
            httpRequest.setParser(new JsonObjectParser(AuthUtils.getJsonFactory()));
        }
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    public AppEngineAuthUtils(boolean z) {
        this.clientIdWhitelistEnabled = z;
    }

    public User getCurrentUser(String str, ApiMethodConfig apiMethodConfig) {
        return getCurrentUser(str, apiMethodConfig.getScopeExpression(), apiMethodConfig.getClientIds(), SystemProperty.environment.value());
    }

    @VisibleForTesting
    User getCurrentUser(String str, AuthScopeExpression authScopeExpression, List<String> list) {
        return getCurrentUser(str, authScopeExpression, list, SystemProperty.Environment.Value.Production);
    }

    @VisibleForTesting
    User getCurrentUser(String str, AuthScopeExpression authScopeExpression, List<String> list, SystemProperty.Environment.Value value) {
        String oAuth2ClientId;
        logger.log(Level.FINE, "token={0}", str);
        logger.log(Level.FINE, "scopeExpression={0}", authScopeExpression.toLoggingForm());
        logger.log(Level.FINE, "allowedClientIds={0}", list);
        String[] allScopes = authScopeExpression.getAllScopes();
        if (value == SystemProperty.Environment.Value.Development) {
            oAuth2ClientId = getOAuth2ClientIdDev(str);
        } else {
            try {
                String[] oAuth2AuthorizedScopes = getOAuth2AuthorizedScopes(allScopes);
                boolean z = false;
                if (oAuth2AuthorizedScopes != null) {
                    z = authScopeExpression.isAuthorized(ImmutableSet.copyOf(oAuth2AuthorizedScopes));
                }
                if (!z) {
                    logger.info("getCurrentUser: AccessToken; scope not allowed");
                    return null;
                }
                oAuth2ClientId = getOAuth2ClientId(allScopes);
            } catch (OAuthRequestException e) {
                Logger logger2 = logger;
                Level level = Level.INFO;
                String valueOf = String.valueOf(authScopeExpression);
                logger2.log(level, new StringBuilder(75 + String.valueOf(valueOf).length()).append("getCurrentUser: AccessToken; Tried and failed to get client id for scope '").append(valueOf).append("'").toString(), e);
                return null;
            }
        }
        if (!AuthUtils.isClientIdAllowed(this.clientIdWhitelistEnabled, oAuth2ClientId, list, true)) {
            logger.log(Level.WARNING, "getCurrentUser: clientId {0} not allowed", oAuth2ClientId);
            return null;
        }
        try {
            User oAuth2User = getOAuth2User(allScopes);
            logger.log(Level.INFO, "getCurrentUser: AccessToken; user={0}", oAuth2User);
            return oAuth2User;
        } catch (OAuthRequestException e2) {
            Logger logger3 = logger;
            Level level2 = Level.INFO;
            String valueOf2 = String.valueOf(authScopeExpression.toLoggingForm());
            logger3.log(level2, new StringBuilder(81 + String.valueOf(valueOf2).length()).append("getCurrentUser: AccessToken; Tried and failed to get user for scope expression '").append(valueOf2).append("'").toString(), e2);
            logger.info("getCurrentUser: AccessToken; scope not allowed");
            return null;
        }
    }

    @VisibleForTesting
    User getOAuth2User(String[] strArr) throws OAuthRequestException {
        return OAuthServiceFactory.getOAuthService().getCurrentUser(strArr);
    }

    @VisibleForTesting
    String getOAuth2ClientId(String[] strArr) throws OAuthRequestException {
        return OAuthServiceFactory.getOAuthService().getClientId(strArr);
    }

    @VisibleForTesting
    String[] getOAuth2AuthorizedScopes(String[] strArr) throws OAuthRequestException {
        return OAuthServiceFactory.getOAuthService().getAuthorizedScopes(strArr);
    }

    @VisibleForTesting
    String getOAuth2ClientIdDev(String str) {
        String str2;
        try {
            HttpHeaders httpHeaders = new HttpHeaders();
            String valueOf = String.valueOf(str);
            if (valueOf.length() != 0) {
                str2 = "Bearer ".concat(valueOf);
            } else {
                str2 = r2;
                String str3 = new String("Bearer ");
            }
            httpHeaders.setAuthorization(str2);
            HttpResponse execute = this.httpRequestFactory.buildGetRequest(new GenericUrl("https://www.google.com/accounts/AuthSubTokenInfo")).setHeaders(httpHeaders).execute();
            Properties properties = new Properties();
            properties.load(execute.getContent());
            return (String) properties.get("Target");
        } catch (IOException e) {
            logger.log(Level.WARNING, "Failed to retrieve clientId from access token", (Throwable) e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public User getCookieUser() {
        return UserServiceFactory.getUserService().getCurrentUser();
    }
}
