package com.day.cq.dam.s7dam.common.youtube.impl;

import com.day.cq.commons.jcr.JcrUtil;
import com.day.cq.dam.api.s7dam.config.YouTubeChannelConfig;
import com.day.cq.dam.api.s7dam.config.YouTubeConfiguration;
import com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator;
import com.day.cq.dam.s7dam.common.youtube.YouTubeAccountService;
import com.day.cq.dam.s7dam.common.youtube.store.JcrDataStoreFactory;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.store.DataStoreFactory;
import com.google.api.services.youtube.YouTubeScopes;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import org.apache.commons.io.IOUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.http.osgi.services.ProxyConfiguration;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = false)
/* loaded from: input_file:com/day/cq/dam/s7dam/common/youtube/impl/YouTubeAccountAuthenticatorImpl.class */
public class YouTubeAccountAuthenticatorImpl implements YouTubeAccountAuthenticator {
    private static final String DEFAULT_YOUTUBE_USER = "admin";
    private static final String CREDENTIAL_ACCESS_TYPE = "offline";
    private static final String AUTHORIZATION_REDIRECT_URI_SUFFIX = "/etc/cloudservices/youtube.youtubecredentialcallback.json";
    private static final String JCR_DATA_STORE_NODE_NAME = "datastore";

    @Reference
    private ResourceResolverFactory resolverFactory;
    private ProxyConfiguration _proxyConfiguration;
    private final Logger log = LoggerFactory.getLogger(YouTubeAccountAuthenticatorImpl.class.getClass());
    private final Lock lock = new ReentrantLock();

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public boolean getIsValidClientSecretsJsonString(SlingHttpServletRequest slingHttpServletRequest, String str) {
        try {
            GoogleAuthorizationCodeRequestUrl newAuthorizationUrl = new GoogleAuthorizationCodeFlow.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), GoogleClientSecrets.load(JacksonFactory.getDefaultInstance(), new StringReader(str)), getCredentialScopes()).setAccessType(CREDENTIAL_ACCESS_TYPE).setApprovalPrompt("force").build().newAuthorizationUrl();
            newAuthorizationUrl.setRedirectUri(getRedirectUri(slingHttpServletRequest));
            new NetHttpTransport().createRequestFactory().buildGetRequest(new GenericUrl(newAuthorizationUrl.build())).execute().disconnect();
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public GoogleAuthorizationCodeFlow newFlow(YouTubeChannelConfig youTubeChannelConfig) throws IOException {
        return new GoogleAuthorizationCodeFlow.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), getClientSecrets(), getCredentialScopes()).setDataStoreFactory((DataStoreFactory) getDataStoreFactoryForConfig(youTubeChannelConfig)).setAccessType(CREDENTIAL_ACCESS_TYPE).setApprovalPrompt("force").build();
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public String getRedirectUri(SlingHttpServletRequest slingHttpServletRequest) {
        GenericUrl genericUrl = new GenericUrl(slingHttpServletRequest.getRequestURL().toString());
        genericUrl.setRawPath(AUTHORIZATION_REDIRECT_URI_SUFFIX);
        return genericUrl.build();
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public AuthorizationCodeRequestUrl getAuthorizationCodeRequestUrl(SlingHttpServletRequest slingHttpServletRequest) {
        this.lock.lock();
        try {
            try {
                GoogleAuthorizationCodeRequestUrl newAuthorizationUrl = newFlow((YouTubeChannelConfig) slingHttpServletRequest.getResource().adaptTo(YouTubeChannelConfig.class)).newAuthorizationUrl();
                newAuthorizationUrl.setRedirectUri(getRedirectUri(slingHttpServletRequest));
                this.lock.unlock();
                return newAuthorizationUrl;
            } catch (Exception e) {
                this.log.error("error when generating authorization code request url :: " + getUserId() + ", with error :: " + e.getMessage());
                this.lock.unlock();
                return null;
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public Credential getCredentialForConfig(YouTubeChannelConfig youTubeChannelConfig) {
        Credential credential = null;
        this.lock.lock();
        try {
            try {
                credential = newFlow(youTubeChannelConfig).loadCredential(getUserId());
                if (credential != null && (credential.getExpiresInSeconds().longValue() <= 1 || credential.getAccessToken() == null)) {
                    credential.refreshToken();
                }
                this.lock.unlock();
            } catch (Exception e) {
                this.log.error("error when querying data store for user id :: " + getUserId() + ", with error :: " + e.getMessage());
                this.lock.unlock();
            }
            return credential;
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public Credential parseAuthorizationCallBackResponse(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, YouTubeChannelConfig youTubeChannelConfig) {
        StringBuffer requestURL = slingHttpServletRequest.getRequestURL();
        if (slingHttpServletRequest.getQueryString() != null) {
            requestURL.append('?').append(slingHttpServletRequest.getQueryString());
        }
        AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(requestURL.toString());
        String code = authorizationCodeResponseUrl.getCode();
        if (authorizationCodeResponseUrl.getError() != null) {
            this.log.error("authorization request response contains error code :: " + authorizationCodeResponseUrl.getError() + ", description :: " + authorizationCodeResponseUrl.getErrorDescription());
            return null;
        }
        if (code == null) {
            this.log.error("unable to extract authorization code from AuthorizationCodeResponse impl");
            return null;
        }
        this.lock.lock();
        try {
            try {
                GoogleAuthorizationCodeFlow newFlow = newFlow(youTubeChannelConfig);
                Credential createAndStoreCredential = newFlow.createAndStoreCredential(newFlow.newTokenRequest(code).setRedirectUri(getRedirectUri(slingHttpServletRequest)).execute(), getUserId());
                this.lock.unlock();
                return createAndStoreCredential;
            } catch (IOException e) {
                this.log.error("error generating refresh token and storing credential from authorization response :: " + e.getMessage());
                this.lock.unlock();
                return null;
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    private Collection<String> getCredentialScopes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(YouTubeScopes.YOUTUBE);
        arrayList.add(YouTubeScopes.YOUTUBE_UPLOAD);
        arrayList.add(YouTubeScopes.YOUTUBEPARTNER);
        return arrayList;
    }

    private JcrDataStoreFactory getDataStoreFactoryForConfig(YouTubeChannelConfig youTubeChannelConfig) {
        JcrDataStoreFactory jcrDataStoreFactory = null;
        this.lock.lock();
        try {
            try {
                jcrDataStoreFactory = new JcrDataStoreFactory(JcrUtil.createPath(youTubeChannelConfig.getConfigResourceNode().getPath() + "/" + JCR_DATA_STORE_NODE_NAME, "nt:unstructured", "nt:unstructured", ((Node) youTubeChannelConfig.getConfigResourceNode().adaptTo(Node.class)).getSession(), true));
                this.lock.unlock();
            } catch (IOException e) {
                this.log.error("error trying to retrieve datastore factory :: " + e.getMessage());
                this.lock.unlock();
            } catch (RepositoryException e2) {
                this.log.error("error trying to retrieve datastore factory :: " + e2.getMessage());
                this.lock.unlock();
            }
            return jcrDataStoreFactory;
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    private GoogleClientSecrets getClientSecrets() throws IOException {
        ResourceResolver resourceResolver = null;
        try {
            resourceResolver = getServiceResolver();
            Resource resource = resourceResolver.getResource(YouTubeAccountService.PATH_TO_YOUTUBE_CONFIG);
            if (null == resource) {
                if (resourceResolver == null) {
                    return null;
                }
                resourceResolver.close();
                return null;
            }
            GoogleClientSecrets load = GoogleClientSecrets.load(JacksonFactory.getDefaultInstance(), new InputStreamReader(IOUtils.toInputStream(((YouTubeConfiguration) resource.adaptTo(YouTubeConfiguration.class)).getJSONConfigValue())));
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            return load;
        } catch (Throwable th) {
            if (resourceResolver != null) {
                resourceResolver.close();
            }
            throw th;
        }
    }

    protected ResourceResolver getServiceResolver() {
        try {
            return this.resolverFactory.getServiceResourceResolver(Collections.singletonMap("sling.service.subservice", YouTubeAccountAuthenticator.SUB_SERVICE_NAME));
        } catch (LoginException e) {
            this.log.error("unable to pull service user!", e);
            return null;
        }
    }

    @Override // com.day.cq.dam.s7dam.common.youtube.YouTubeAccountAuthenticator
    public NetHttpTransport getNetHttpTransport() {
        Proxy proxy = Proxy.NO_PROXY;
        ProxyConfiguration proxyConfiguration = getProxyConfiguration();
        if (null != proxyConfiguration && proxyConfiguration.isEnabled()) {
            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyConfiguration.getHostname(), proxyConfiguration.getPort()));
        }
        return new NetHttpTransport.Builder().setProxy(proxy).build();
    }

    private ProxyConfiguration getProxyConfiguration() {
        BundleContext bundleContext;
        ServiceReference serviceReference;
        try {
            if (this._proxyConfiguration == null && null != (serviceReference = (bundleContext = FrameworkUtil.getBundle(YouTubeAccountAuthenticator.class).getBundleContext()).getServiceReference(ProxyConfiguration.class.getName()))) {
                this._proxyConfiguration = (ProxyConfiguration) bundleContext.getService(serviceReference);
            }
        } catch (Exception e) {
            this.log.debug("unable to derive proxy configuration from BundleContext...");
        }
        return this._proxyConfiguration;
    }

    private String getUserId() {
        return DEFAULT_YOUTUBE_USER;
    }

    protected void bindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    protected void unbindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resolverFactory == resourceResolverFactory) {
            this.resolverFactory = null;
        }
    }
}
