package com.enonic.app.ga.rest.auth;

import com.enonic.xp.jaxrs.JaxRsComponent;
import com.google.api.client.auth.oauth2.TokenErrorResponse;
import com.google.api.client.auth.oauth2.TokenResponseException;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.SecurityUtils;
import com.google.api.services.analytics.AnalyticsScopes;
import com.google.common.base.Strings;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.Map;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.codehaus.jackson.map.ObjectMapper;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;

@Path("admin/rest/google-analytics")
@RolesAllowed({"system.admin"})
@Component(immediate = true, configurationPid = {"com.enonic.app.ga"})
/* loaded from: input_file:com/enonic/app/ga/rest/auth/GoogleAnalyticsAuthenticationService.class */
public class GoogleAnalyticsAuthenticationService implements JaxRsComponent {
    private static final JacksonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
    private static final String GA_SERVICE_ACCOUNT_PROPERTY_KEY = "ga.serviceAccount";
    private static final String GA_P12_KEY_PATH = "ga.p12KeyPath";
    private static final String SERVICE_ACCOUNT_P12_KEY_ERROR_MSG = "Service Account and P12 key not found.";
    private static final String SERVICE_ACCOUNT_ERROR_MSG = "Service Account not found.";
    private static final String P12_KEY_ERROR_MSG = "P12 key not found.";
    private static final String TOKEN_RETRIEVAL_ERROR_MSG = "Error while retrieving token: ";
    private String gaServiceAccount;
    private String gaP12KeyPathValue;

    @Activate
    public void activate(Map<String, String> map) {
        this.gaServiceAccount = map.get(GA_SERVICE_ACCOUNT_PROPERTY_KEY);
        if (this.gaServiceAccount != null) {
            this.gaServiceAccount = this.gaServiceAccount.trim();
        }
        this.gaP12KeyPathValue = map.get(GA_P12_KEY_PATH);
        if (this.gaP12KeyPathValue != null) {
            this.gaP12KeyPathValue = this.gaP12KeyPathValue.trim();
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("authenticate")
    public String authenticate() throws IOException {
        return new ObjectMapper().writeValueAsString(doAuthenticate());
    }

    private GoogleAnalyticsAuthenticationResult doAuthenticate() {
        java.nio.file.Path path = this.gaP12KeyPathValue != null ? Paths.get(this.gaP12KeyPathValue, new String[0]) : null;
        if (Strings.isNullOrEmpty(this.gaServiceAccount) && (path == null || !Files.exists(path, new LinkOption[0]))) {
            return error(SERVICE_ACCOUNT_P12_KEY_ERROR_MSG);
        }
        if (Strings.isNullOrEmpty(this.gaServiceAccount)) {
            return error(SERVICE_ACCOUNT_ERROR_MSG);
        }
        if (path == null || !Files.exists(path, new LinkOption[0])) {
            return error(P12_KEY_ERROR_MSG);
        }
        InputStream inputStream = null;
        try {
            try {
                inputStream = Files.newInputStream(path, new OpenOption[0]);
                String retrieveAccessToken = retrieveAccessToken(this.gaServiceAccount, inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        return error(TOKEN_RETRIEVAL_ERROR_MSG + e.getMessage());
                    }
                }
                return success(retrieveAccessToken);
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        return error(TOKEN_RETRIEVAL_ERROR_MSG + e2.getMessage());
                    }
                }
                throw th;
            }
        } catch (TokenResponseException e3) {
            TokenErrorResponse details = e3.getDetails();
            if (details == null || details.getError() == null) {
                GoogleAnalyticsAuthenticationResult error = error(TOKEN_RETRIEVAL_ERROR_MSG + e3.getMessage());
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                        return error(TOKEN_RETRIEVAL_ERROR_MSG + e4.getMessage());
                    }
                }
                return error;
            }
            GoogleAnalyticsAuthenticationResult error2 = error(TOKEN_RETRIEVAL_ERROR_MSG + details.getError());
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                    return error(TOKEN_RETRIEVAL_ERROR_MSG + e5.getMessage());
                }
            }
            return error2;
        } catch (Exception e6) {
            GoogleAnalyticsAuthenticationResult error3 = error(TOKEN_RETRIEVAL_ERROR_MSG + e6.getMessage());
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                    return error(TOKEN_RETRIEVAL_ERROR_MSG + e7.getMessage());
                }
            }
            return error3;
        }
    }

    private static GoogleAnalyticsAuthenticationResult success(String str) {
        return new GoogleAnalyticsAuthenticationResult(str, null);
    }

    private static GoogleAnalyticsAuthenticationResult error(String str) {
        return new GoogleAnalyticsAuthenticationResult(null, str);
    }

    private String retrieveAccessToken(String str, InputStream inputStream) throws Exception {
        String str2 = null;
        GoogleCredential build = new GoogleCredential.Builder().setTransport((HttpTransport) GoogleNetHttpTransport.newTrustedTransport()).setJsonFactory((JsonFactory) JSON_FACTORY).setServiceAccountId(str).setServiceAccountPrivateKey(SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(), inputStream, "notasecret", "privatekey", "notasecret")).setServiceAccountScopes(AnalyticsScopes.all()).build();
        if (build.refreshToken()) {
            str2 = build.getAccessToken();
        }
        return str2;
    }
}
