package inc.yukawa.chain.security.externalauth.google;

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import inc.yukawa.chain.base.core.domain.person.Person;
import inc.yukawa.chain.security.externalauth.ExternalIdTokenService;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/security/externalauth/google/GoogleIdTokenService.class */
public class GoogleIdTokenService implements ExternalIdTokenService {
    private static final Logger LOG = LoggerFactory.getLogger(GoogleIdTokenService.class);
    private final HttpTransport transport = new NetHttpTransport();
    private final JsonFactory jsonFactory = new GsonFactory();
    private final GoogleIdTokenVerifier verifier;

    public GoogleIdTokenService(@Value("${chain.security.googleIdToken.audience}") List<String> list, @Value("${chain.security.googleIdToken.issuers:#{null}}") List<String> list2) {
        this.verifier = new GoogleIdTokenVerifier.Builder(this.transport, this.jsonFactory).setAudience(list).setIssuers(list2).build();
    }

    @Override // inc.yukawa.chain.security.externalauth.ExternalIdTokenService
    public Mono<String> obtainIdToken(String str) {
        return Mono.just(str);
    }

    @Override // inc.yukawa.chain.security.externalauth.ExternalIdTokenService
    public Mono<Person> readPerson(String str) {
        return Mono.just(str).mapNotNull(this::readAsPerson);
    }

    public Person readAsPerson(String str) {
        try {
            try {
                GoogleIdToken verify = this.verifier.verify(str);
                if (verify == null) {
                    LOG.info("invalid idToken");
                    return null;
                }
                GoogleIdToken.Payload payload = verify.getPayload();
                LOG.debug("idToken verification success, subject: {}, email: {}", payload.getSubject(), payload.getEmail());
                Person person = new Person();
                person.setEmail(payload.getEmail());
                person.setFirstName((String) payload.get("given_name"));
                person.setLastName((String) payload.get("family_name"));
                person.setLang((String) payload.get("locale"));
                person.setShortName(payload.getSubject());
                return person;
            } catch (IOException | GeneralSecurityException e) {
                LOG.warn("IdToken read error: ", e);
                throw new IllegalStateException(e);
            }
        } catch (IllegalArgumentException e2) {
            LOG.debug("unparsable token");
            return null;
        }
    }
}
