package pl.sparkbit.security.login.social;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.TwitterApi;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth1AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth10aService;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;
import pl.sparkbit.security.domain.TwitterCredentials;
import pl.sparkbit.security.login.LoginPrincipal;
import pl.sparkbit.security.login.social.resolver.TwitterResolver;
import pl.sparkbit.security.login.social.resolver.TwitterSecrets;

/* loaded from: input_file:pl/sparkbit/security/login/social/TwitterAuthenticationProvider.class */
public class TwitterAuthenticationProvider implements AuthenticationProvider {
    private final UserDetailsService userDetailsService;
    private final ObjectMapper objectMapper;
    private final UserDetailsChecker authenticationChecks = new AccountStatusUserDetailsChecker();
    private final TwitterResolver resolver;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/sparkbit/security/login/social/TwitterAuthenticationProvider$ResultObject.class */
    public static class ResultObject {
        private String email;

        public String getEmail() {
            return this.email;
        }

        public void setEmail(String str) {
            this.email = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResultObject)) {
                return false;
            }
            ResultObject resultObject = (ResultObject) obj;
            if (!resultObject.canEqual(this)) {
                return false;
            }
            String email = getEmail();
            String email2 = resultObject.getEmail();
            return email == null ? email2 == null : email.equals(email2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof ResultObject;
        }

        public int hashCode() {
            String email = getEmail();
            return (1 * 59) + (email == null ? 43 : email.hashCode());
        }

        public String toString() {
            return "TwitterAuthenticationProvider.ResultObject(email=" + getEmail() + ")";
        }
    }

    public TwitterAuthenticationProvider(TwitterResolver twitterResolver, UserDetailsService userDetailsService, ObjectMapper objectMapper) {
        this.resolver = twitterResolver;
        this.userDetailsService = userDetailsService;
        this.objectMapper = objectMapper;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isInstanceOf(TwitterAuthenticationToken.class, authentication, "Only TwitterAuthenticationToken supported");
        TwitterAuthenticationToken twitterAuthenticationToken = (TwitterAuthenticationToken) authentication;
        try {
            UserDetails verify = verify(twitterAuthenticationToken);
            Assert.notNull(verify, "verify returned null - a violation of the interface contract");
            this.authenticationChecks.check(verify);
            return new TwitterAuthenticationToken((TwitterCredentials) twitterAuthenticationToken.getCredentials(), verify, verify.getAuthorities());
        } catch (UsernameNotFoundException e) {
            throw new BadCredentialsException("Bad credentials");
        }
    }

    private UserDetails verify(TwitterAuthenticationToken twitterAuthenticationToken) throws AuthenticationException {
        try {
            Assert.isInstanceOf(TwitterCredentials.class, twitterAuthenticationToken.getCredentials(), "Illegal credentials");
            TwitterCredentials twitterCredentials = (TwitterCredentials) twitterAuthenticationToken.getCredentials();
            OAuth1AccessToken oAuth1AccessToken = new OAuth1AccessToken(twitterCredentials.getOauthToken(), twitterCredentials.getOauthTokenSecret());
            TwitterSecrets resolve = this.resolver.resolve(((LoginPrincipal) twitterAuthenticationToken.getPrincipal()).getAuthnAttributes());
            String appKey = resolve.getAppKey();
            String appSecret = resolve.getAppSecret();
            OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, resolve.getVerifyUrl());
            OAuth10aService build = new ServiceBuilder(appKey).apiSecret(appSecret).build(TwitterApi.instance());
            build.signRequest(oAuth1AccessToken, oAuthRequest);
            Response execute = build.execute(oAuthRequest);
            if (!execute.isSuccessful()) {
                throw new BadCredentialsException("Twitter Token is invalid");
            }
            ResultObject resultObject = (ResultObject) this.objectMapper.readValue(execute.getBody(), ResultObject.class);
            String str = ((LoginPrincipal) twitterAuthenticationToken.getPrincipal()).getAuthnAttributes().get("email");
            if (str == null) {
                throw new BadCredentialsException("No email given");
            }
            if (str.equals(resultObject.getEmail())) {
                return this.userDetailsService.loadUserByUsername(twitterAuthenticationToken.getName());
            }
            throw new BadCredentialsException("Email from Twitter servers does not match the given email");
        } catch (IOException | InterruptedException | RuntimeException | ExecutionException e) {
            throw new BadCredentialsException("Twitter Token is invalid", e);
        }
    }

    public boolean supports(Class<?> cls) {
        return TwitterAuthenticationToken.class.isAssignableFrom(cls);
    }
}
