package com.ibm.sbt.opensocial.domino.oauth;

import com.google.common.base.Joiner;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPoint;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPointException;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPointManager;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.servlet.Authority;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.GadgetSpecFactory;
import org.apache.shindig.gadgets.oauth2.OAuth2Accessor;
import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.oauth2.OAuth2Error;
import org.apache.shindig.gadgets.oauth2.OAuth2GadgetContext;
import org.apache.shindig.gadgets.oauth2.OAuth2RequestException;
import org.apache.shindig.gadgets.oauth2.OAuth2Token;
import org.apache.shindig.gadgets.oauth2.persistence.OAuth2Encrypter;
import org.apache.shindig.gadgets.oauth2.persistence.OAuth2TokenPersistence;
import org.apache.shindig.gadgets.spec.BaseOAuthService;
import org.apache.shindig.gadgets.spec.GadgetSpec;
import org.apache.shindig.gadgets.spec.OAuth2Service;
import org.apache.shindig.gadgets.spec.OAuth2Spec;

/* loaded from: input_file:com/ibm/sbt/opensocial/domino/oauth/DominoOAuth2TokenStore.class */
public class DominoOAuth2TokenStore {
    private static final String CLASS = DominoOAuth2TokenStore.class.getName();
    private Map<String, DominoOAuth2Accessor> accessorStore = Collections.synchronizedMap(new HashMap());
    private Map<String, OAuth2Token> accessTokenStore = Collections.synchronizedMap(new HashMap());
    private Map<String, OAuth2Token> refreshTokenStore = Collections.synchronizedMap(new HashMap());
    private ContainerExtPointManager manager;
    private Logger log;
    private GadgetSpecFactory specFactory;
    private OAuth2Encrypter encrypter;
    private Authority authority;
    private String contextRoot;
    private BlobCrypter stateCrypter;
    private String globalRedirectUri;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/sbt/opensocial/domino/oauth/DominoOAuth2TokenStore$OAuth2SpecInfo.class */
    public static class OAuth2SpecInfo {
        private final String authorizationUrl;
        private final String scope;
        private final String tokenUrl;

        public OAuth2SpecInfo(String str, String str2, String str3) {
            this.authorizationUrl = str;
            this.tokenUrl = str2;
            this.scope = str3;
        }

        public String getAuthorizationUrl() {
            return this.authorizationUrl;
        }

        public String getScope() {
            return this.scope;
        }

        public String getTokenUrl() {
            return this.tokenUrl;
        }
    }

    public DominoOAuth2TokenStore(GadgetSpecFactory gadgetSpecFactory, ContainerExtPointManager containerExtPointManager, Logger logger, OAuth2Encrypter oAuth2Encrypter, Authority authority, String str, BlobCrypter blobCrypter, String str2) {
        this.specFactory = gadgetSpecFactory;
        this.manager = containerExtPointManager;
        this.encrypter = oAuth2Encrypter;
        this.authority = authority;
        this.contextRoot = str;
        this.stateCrypter = blobCrypter;
        this.globalRedirectUri = str2;
        this.log = logger;
    }

    public DominoOAuth2Accessor getOAuth2Accessor(SecurityToken securityToken, OAuth2Arguments oAuth2Arguments, Uri uri) {
        DominoOAuth2Accessor basicDominoOAuth2Accessor;
        this.log.entering(CLASS, "getOAuth2Accessor", new Object[]{securityToken, oAuth2Arguments, uri});
        if (uri == null || securityToken == null) {
            basicDominoOAuth2Accessor = new BasicDominoOAuth2Accessor();
            basicDominoOAuth2Accessor.setErrorResponse(null, OAuth2Error.GET_OAUTH2_ACCESSOR_PROBLEM, "OAuth2Accessor missing a param --- gadgetUri = " + uri + " , securityToken = " + securityToken, "");
        } else {
            try {
                basicDominoOAuth2Accessor = getOAuth2Accessor(uri, StringUtils.defaultString(oAuth2Arguments.getServiceName()), securityToken, oAuth2Arguments);
                storeOAuth2Accessor(basicDominoOAuth2Accessor);
            } catch (Exception e) {
                this.log.logp(Level.WARNING, CLASS, "getOAuth2Accessor", "Error while getting OAuth 2 accessor.", (Throwable) e);
                basicDominoOAuth2Accessor = new BasicDominoOAuth2Accessor();
                basicDominoOAuth2Accessor.setErrorResponse(e, OAuth2Error.GET_OAUTH2_ACCESSOR_PROBLEM, "Error while getting OAuth 2 accessor", "");
            }
        }
        this.log.exiting(CLASS, "getOAuth2Accessor", basicDominoOAuth2Accessor);
        return basicDominoOAuth2Accessor;
    }

    private String getScope(OAuth2Arguments oAuth2Arguments, OAuth2SpecInfo oAuth2SpecInfo) {
        return StringUtils.isBlank(oAuth2Arguments.getScope()) ? StringUtils.isBlank(oAuth2SpecInfo.getScope()) ? "" : oAuth2SpecInfo.getScope() : oAuth2Arguments.getScope();
    }

    private DominoOAuth2Accessor getOAuth2Accessor(Uri uri, String str, SecurityToken securityToken, OAuth2Arguments oAuth2Arguments) throws GadgetException, OAuth2RequestException {
        OAuth2SpecInfo lookupSpecInfo = lookupSpecInfo(securityToken, oAuth2Arguments, uri);
        return addModuleOverrides(getOAuth2Accessor(uri.toString(), str, securityToken.getViewerId(), getScope(oAuth2Arguments, lookupSpecInfo), securityToken.getContainer()), securityToken, oAuth2Arguments, uri, lookupSpecInfo);
    }

    private DominoOAuth2Accessor addModuleOverrides(DominoOAuth2Accessor dominoOAuth2Accessor, SecurityToken securityToken, OAuth2Arguments oAuth2Arguments, Uri uri, OAuth2SpecInfo oAuth2SpecInfo) throws OAuth2RequestException {
        BasicDominoOAuth2Accessor basicDominoOAuth2Accessor = new BasicDominoOAuth2Accessor(dominoOAuth2Accessor);
        basicDominoOAuth2Accessor.setContainer(securityToken.getContainer());
        if (dominoOAuth2Accessor.isAllowModuleOverrides()) {
            String authorizationUrl = oAuth2SpecInfo.getAuthorizationUrl();
            String tokenUrl = oAuth2SpecInfo.getTokenUrl();
            if (!StringUtils.isBlank(authorizationUrl)) {
                basicDominoOAuth2Accessor.setAuthorizationUrl(authorizationUrl);
            }
            if (!StringUtils.isBlank(tokenUrl)) {
                basicDominoOAuth2Accessor.setTokenUrl(tokenUrl);
            }
        }
        return basicDominoOAuth2Accessor;
    }

    private OAuth2SpecInfo lookupSpecInfo(SecurityToken securityToken, OAuth2Arguments oAuth2Arguments, Uri uri) throws OAuth2RequestException {
        this.log.entering(CLASS, "lookupSpecInfo", new Object[]{securityToken, oAuth2Arguments, uri});
        OAuth2Spec oAuth2Spec = findSpec(securityToken, oAuth2Arguments, uri).getModulePrefs().getOAuth2Spec();
        if (oAuth2Spec == null) {
            throw new OAuth2RequestException(OAuth2Error.LOOKUP_SPEC_PROBLEM, "Failed to retrieve OAuth URLs, spec for gadget " + securityToken.getAppUrl() + " does not contain OAuth element.", (Throwable) null);
        }
        OAuth2Service oAuth2Service = (OAuth2Service) oAuth2Spec.getServices().get(oAuth2Arguments.getServiceName());
        if (oAuth2Service == null) {
            throw new OAuth2RequestException(OAuth2Error.LOOKUP_SPEC_PROBLEM, "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " + oAuth2Arguments.getServiceName() + ".  Known services: " + Joiner.on(',').join(oAuth2Spec.getServices().keySet()) + '.', (Throwable) null);
        }
        String str = null;
        BaseOAuthService.EndPoint authorizationUrl = oAuth2Service.getAuthorizationUrl();
        if (authorizationUrl != null) {
            str = authorizationUrl.url.toString();
        }
        String str2 = null;
        BaseOAuthService.EndPoint tokenUrl = oAuth2Service.getTokenUrl();
        if (tokenUrl != null) {
            str2 = tokenUrl.url.toString();
        }
        OAuth2SpecInfo oAuth2SpecInfo = new OAuth2SpecInfo(str, str2, oAuth2Service.getScope());
        this.log.exiting(CLASS, "lookupSpecInfo", oAuth2SpecInfo);
        return oAuth2SpecInfo;
    }

    private GadgetSpec findSpec(SecurityToken securityToken, OAuth2Arguments oAuth2Arguments, Uri uri) throws OAuth2RequestException {
        this.log.entering(CLASS, "findSpec", new Object[]{oAuth2Arguments, uri});
        try {
            GadgetSpec gadgetSpec = this.specFactory.getGadgetSpec(new OAuth2GadgetContext(securityToken, oAuth2Arguments, uri));
            if (gadgetSpec == null) {
                this.log.exiting(CLASS, "findSpec", null);
            } else {
                this.log.exiting(CLASS, "findSpec", "non-null spec omitted from logs");
            }
            return gadgetSpec;
        } catch (GadgetException e) {
            this.log.logp(Level.WARNING, CLASS, "findSpec", "Error finding GadgetContext " + uri.toString(), e);
            throw new OAuth2RequestException(OAuth2Error.GADGET_SPEC_PROBLEM, uri.toString(), e);
        }
    }

    private DominoOAuth2Store getOAuth2Store(String str) throws GadgetException {
        ContainerExtPoint extPoint = this.manager.getExtPoint(str);
        if (extPoint == null) {
            this.log.logp(Level.WARNING, CLASS, "getOAuth2Store", "There was no ContainerExtPoint for container {0}.", new Object[]{str});
            throw new GadgetException(GadgetException.Code.OAUTH_STORAGE_ERROR, "No ContainerExtPoint for container " + str);
        }
        try {
            return extPoint.getContainerOAuth2Store();
        } catch (ContainerExtPointException e) {
            this.log.logp(Level.WARNING, CLASS, "getOAuth2Store", "There was an error getting the OAuth2Store for container " + str, (Throwable) e);
            throw new GadgetException(GadgetException.Code.OAUTH_STORAGE_ERROR, "There was an error getting the OAuth2Store for container " + str, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, com.ibm.sbt.opensocial.domino.oauth.DominoOAuth2Accessor>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void removeOAuth2Accessor(DominoOAuth2Accessor dominoOAuth2Accessor) throws GadgetException {
        ?? r0 = this.accessorStore;
        synchronized (r0) {
            this.accessorStore.remove(generateKey(dominoOAuth2Accessor));
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, com.ibm.sbt.opensocial.domino.oauth.DominoOAuth2Accessor>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void storeOAuth2Accessor(DominoOAuth2Accessor dominoOAuth2Accessor) throws GadgetException {
        ?? r0 = this.accessorStore;
        synchronized (r0) {
            this.accessorStore.put(generateKey(dominoOAuth2Accessor), dominoOAuth2Accessor);
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, org.apache.shindig.gadgets.oauth2.OAuth2Token>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void removeAccessToken(DominoOAuth2Accessor dominoOAuth2Accessor) throws GadgetException {
        ?? r0 = this.accessTokenStore;
        synchronized (r0) {
            this.accessTokenStore.remove(generateKey(dominoOAuth2Accessor));
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, org.apache.shindig.gadgets.oauth2.OAuth2Token>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void removeRefreshToken(DominoOAuth2Accessor dominoOAuth2Accessor) throws GadgetException {
        ?? r0 = this.refreshTokenStore;
        synchronized (r0) {
            this.refreshTokenStore.remove(generateKey(dominoOAuth2Accessor));
            r0 = r0;
        }
    }

    private String generateKey(DominoOAuth2Accessor dominoOAuth2Accessor) throws GadgetException {
        return generateKey(dominoOAuth2Accessor.getContainer(), dominoOAuth2Accessor.getServiceName(), dominoOAuth2Accessor.getScope(), dominoOAuth2Accessor.getUser());
    }

    private String generateKey(DominoOAuth2CallbackState dominoOAuth2CallbackState) throws GadgetException {
        return generateKey(dominoOAuth2CallbackState.getContainer(), dominoOAuth2CallbackState.getServiceName(), dominoOAuth2CallbackState.getScope(), dominoOAuth2CallbackState.getUser());
    }

    private String generateKey(String str, OAuth2Token oAuth2Token) throws GadgetException {
        return generateKey(str, oAuth2Token.getServiceName(), oAuth2Token.getScope(), oAuth2Token.getUser());
    }

    private String generateKey(String str, String str2, String str3, String str4) throws GadgetException {
        if (str == null || str2 == null || str4 == null) {
            throw new GadgetException(GadgetException.Code.OAUTH_STORAGE_ERROR, "Invalid key parameters, container: " + str + " user: " + str4 + " service name: " + str2);
        }
        return String.valueOf(str) + ":" + str2 + ":" + str3 + ":" + str4;
    }

    public OAuth2Token createToken() {
        return new OAuth2TokenPersistence(this.encrypter);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, org.apache.shindig.gadgets.oauth2.OAuth2Token>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void storeRefreshToken(String str, OAuth2Token oAuth2Token) throws GadgetException {
        ?? r0 = this.refreshTokenStore;
        synchronized (r0) {
            this.refreshTokenStore.put(generateKey(str, oAuth2Token), oAuth2Token);
            r0 = r0;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.Map<java.lang.String, org.apache.shindig.gadgets.oauth2.OAuth2Token>] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v6 */
    public void storeAccessToken(String str, OAuth2Token oAuth2Token) throws GadgetException {
        ?? r0 = this.accessTokenStore;
        synchronized (r0) {
            this.accessTokenStore.put(generateKey(str, oAuth2Token), oAuth2Token);
            r0 = r0;
        }
    }

    public DominoOAuth2Accessor getOAuth2Accessor(DominoOAuth2CallbackState dominoOAuth2CallbackState) throws GadgetException {
        DominoOAuth2Accessor dominoOAuth2Accessor = this.accessorStore.get(generateKey(dominoOAuth2CallbackState));
        if (dominoOAuth2Accessor == null || !dominoOAuth2Accessor.isValid()) {
            DominoOAuth2Client client = getClient(dominoOAuth2CallbackState);
            if (client == null) {
                throw new GadgetException(GadgetException.Code.OAUTH_STORAGE_ERROR, "Could not find OAuth2 client information where container = " + dominoOAuth2CallbackState.getContainer() + ", user = " + dominoOAuth2CallbackState.getUser() + ", serviceName = " + dominoOAuth2CallbackState.getServiceName() + ", and scope = " + dominoOAuth2CallbackState.getScope() + ".");
            }
            dominoOAuth2Accessor = createAccessor(dominoOAuth2CallbackState, client);
            storeOAuth2Accessor(dominoOAuth2Accessor);
        }
        return dominoOAuth2Accessor;
    }

    private DominoOAuth2Client getClient(DominoOAuth2CallbackState dominoOAuth2CallbackState) throws GadgetException {
        return getClient(dominoOAuth2CallbackState.getUser(), dominoOAuth2CallbackState.getServiceName(), dominoOAuth2CallbackState.getContainer(), dominoOAuth2CallbackState.getScope(), dominoOAuth2CallbackState.getGadgetUri());
    }

    private DominoOAuth2Client getClient(String str, String str2, String str3, String str4, String str5) throws GadgetException {
        DominoOAuth2Store oAuth2Store = getOAuth2Store(str3);
        if (oAuth2Store == null) {
            this.log.logp(Level.WARNING, CLASS, "getClient", "Could not find an OAuth2 store for the container {0}, returning an error accessor.", new Object[]{str3});
            return null;
        }
        DominoOAuth2Client client = oAuth2Store.getClient(str, str2, str3, str4, str5);
        if (client != null) {
            return client;
        }
        this.log.logp(Level.WARNING, CLASS, "getClient", "Could not find OAuth2 client information where container = {0}, user = {1}, serviceName = {2}, and scope = {3}.", new Object[]{str3, str, str2, str4});
        return null;
    }

    private DominoOAuth2Accessor createAccessor(DominoOAuth2CallbackState dominoOAuth2CallbackState, DominoOAuth2Client dominoOAuth2Client) throws GadgetException {
        return createAccessor(dominoOAuth2CallbackState.getGadgetUri(), dominoOAuth2CallbackState.getServiceName(), dominoOAuth2CallbackState.getUser(), dominoOAuth2CallbackState.getScope(), dominoOAuth2CallbackState.getContainer(), dominoOAuth2Client);
    }

    private DominoOAuth2Accessor createAccessor(String str, String str2, String str3, String str4, String str5, DominoOAuth2Client dominoOAuth2Client) throws GadgetException {
        OAuth2Token accessToken = getAccessToken(str, str2, str3, str4, str5);
        OAuth2Token refreshToken = getRefreshToken(str, str2, str3, str4, str5);
        String authenticationType = dominoOAuth2Client.getClientAuthenticationType() == null ? null : dominoOAuth2Client.getClientAuthenticationType().toString();
        BasicDominoOAuth2Accessor basicDominoOAuth2Accessor = new BasicDominoOAuth2Accessor(str, str2, str3, str4, dominoOAuth2Client.isAllowModuleOverride(), this.stateCrypter, this.globalRedirectUri, this.authority, this.contextRoot, str5);
        basicDominoOAuth2Accessor.setAccessToken(accessToken);
        basicDominoOAuth2Accessor.setAuthorizationUrl(dominoOAuth2Client.getAuthorizationUrl());
        basicDominoOAuth2Accessor.setClientAuthenticationType(authenticationType);
        basicDominoOAuth2Accessor.setAuthorizationHeader(dominoOAuth2Client.useAuthorizationHeader());
        basicDominoOAuth2Accessor.setUrlParameter(dominoOAuth2Client.useUrlParameter());
        basicDominoOAuth2Accessor.setClientId(dominoOAuth2Client.getClientId());
        basicDominoOAuth2Accessor.setClientSecret(dominoOAuth2Client.getClientSecret().getBytes());
        basicDominoOAuth2Accessor.setGrantType(dominoOAuth2Client.getGrantType().toString());
        basicDominoOAuth2Accessor.setRefreshToken(refreshToken);
        basicDominoOAuth2Accessor.setTokenUrl(dominoOAuth2Client.getTokenUrl());
        basicDominoOAuth2Accessor.setType(OAuth2Accessor.Type.CONFIDENTIAL);
        basicDominoOAuth2Accessor.setAllowedDomains(new String[0]);
        return basicDominoOAuth2Accessor;
    }

    public OAuth2Token getAccessToken(String str, String str2, String str3, String str4, String str5) throws GadgetException {
        return this.accessTokenStore.get(generateKey(str5, str2, str4, str3));
    }

    public OAuth2Token getRefreshToken(String str, String str2, String str3, String str4, String str5) throws GadgetException {
        return this.refreshTokenStore.get(generateKey(str5, str2, str4, str3));
    }

    private DominoOAuth2Accessor getOAuth2Accessor(String str, String str2, String str3, String str4, String str5) throws GadgetException {
        DominoOAuth2CallbackState dominoOAuth2CallbackState = new DominoOAuth2CallbackState(this.stateCrypter);
        dominoOAuth2CallbackState.setGadgetUri(str);
        dominoOAuth2CallbackState.setServiceName(str2);
        dominoOAuth2CallbackState.setUser(str3);
        dominoOAuth2CallbackState.setScope(str4);
        dominoOAuth2CallbackState.setContainer(str5);
        return getOAuth2Accessor(dominoOAuth2CallbackState);
    }
}
