package de.juplo.facebook;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.codehaus.jackson.JsonNode;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;

/* loaded from: input_file:de/juplo/facebook/SignedRequestAwareAuthorizationCodeAccessTokenProvider.class */
public class SignedRequestAwareAuthorizationCodeAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
    private final Logger log = LoggerFactory.getLogger(SignedRequestAwareAuthorizationCodeAccessTokenProvider.class);
    private static final Pattern pattern = Pattern.compile("([a-zA-Z0-9_-]+)\\.([a-zA-Z0-9_-]+)");
    public static final String PARAM_SIGNED_REQUEST = "signed_request";
    private String secret;
    private ObjectMapper objectMapper;

    public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AccessTokenRequest accessTokenRequest) {
        String asText;
        try {
            return super.obtainAccessToken(oAuth2ProtectedResourceDetails, accessTokenRequest);
        } catch (UserRedirectRequiredException e) {
            this.log.debug("no valid access-token available: checking for signed request");
            if (!accessTokenRequest.containsKey(PARAM_SIGNED_REQUEST)) {
                this.log.info("parameter signed_request is not present");
                throw e;
            }
            String str = (String) ((List) accessTokenRequest.get(PARAM_SIGNED_REQUEST)).get(0);
            Matcher matcher = pattern.matcher(str);
            if (!matcher.matches()) {
                this.log.error("invalid signed_request: {}", str);
                throw e;
            }
            String group = matcher.group(1);
            String group2 = matcher.group(2);
            try {
                String str2 = new String(Base64.decodeBase64(group2), "UTF-8");
                this.log.debug("JSON-data: {}", str2);
                try {
                    JsonNode readTree = this.objectMapper.readTree(str2);
                    String str3 = "";
                    try {
                        str3 = readTree.get("algorithm").asText();
                    } catch (NullPointerException e2) {
                    }
                    if (str3.isEmpty()) {
                        this.log.error("field \"algorithm\" is missing: {}", str2);
                        throw e;
                    }
                    String replaceAll = str3.replaceAll("-", "");
                    try {
                        SecretKeySpec secretKeySpec = new SecretKeySpec(this.secret.getBytes("UTF-8"), replaceAll);
                        Mac mac = Mac.getInstance(replaceAll);
                        mac.init(secretKeySpec);
                        if (!new String(Base64.encodeBase64URLSafe(mac.doFinal(group2.getBytes("UTF-8"))), "UTF-8").equals(group)) {
                            this.log.error("signature does not match!");
                            throw e;
                        }
                        HashMap hashMap = new HashMap();
                        try {
                            hashMap.put("issued_at", new Date(readTree.get("issued_at").getLongValue() * 1000));
                            HashMap hashMap2 = new HashMap();
                            hashMap2.put("country", readTree.get("user").get("country").asText());
                            hashMap2.put("locale", readTree.get("user").get("locale").asText());
                            hashMap2.put("age_min", readTree.get("user").get("age").get("min").getNumberValue());
                            if (readTree.get("user") != null && readTree.get("user").get("max") != null) {
                                hashMap2.put("age_max", readTree.get("user").get("age").get("max").getNumberValue());
                            }
                            hashMap.put("user", hashMap2);
                            if (readTree.get("app_data") != null) {
                                hashMap.put("app_data", readTree.get("app_data").asText());
                            }
                            if (readTree.get("page") != null) {
                                HashMap hashMap3 = new HashMap();
                                hashMap3.put("id", readTree.get("page").get("id").asText());
                                hashMap3.put("liked", Boolean.valueOf(readTree.get("page").get("liked").asBoolean()));
                                hashMap3.put("admin", Boolean.valueOf(readTree.get("page").get("admin").asBoolean()));
                                hashMap.put("page", hashMap3);
                            }
                        } catch (NullPointerException e3) {
                            this.log.warn("expected additional data is missing: {}", str2);
                        }
                        DefaultOAuth2AccessToken defaultOAuth2AccessToken = null;
                        try {
                            asText = readTree.get("oauth_token").asText();
                        } catch (NullPointerException e4) {
                            if (0 == 0) {
                                this.log.error("field \"oauth_token\" is missing: {}", str2);
                                throw e;
                            }
                            this.log.warn("expected additional data is missing: {}", str2);
                        }
                        if (asText.isEmpty()) {
                            this.log.error("field \"oauth_token\" is missing: {}", str2);
                            throw e;
                        }
                        defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(asText);
                        defaultOAuth2AccessToken.setExpiration(new Date(readTree.get("expires").getLongValue() * 1000));
                        hashMap.put("user_id", readTree.get("user_id").asText());
                        defaultOAuth2AccessToken.setAdditionalInformation(hashMap);
                        return defaultOAuth2AccessToken;
                    } catch (UnsupportedEncodingException | IllegalStateException | InvalidKeyException | NoSuchAlgorithmException e5) {
                        this.log.error("signature check failed!", e5);
                        throw e;
                    }
                } catch (IOException e6) {
                    this.log.error("error \"{}\" while parsing JSON-data: {}", e6, str2);
                    throw e;
                }
            } catch (UnsupportedEncodingException e7) {
                this.log.error("error while decoding data: {}", e7.getMessage());
                throw e;
            }
        }
    }

    public String getSecret() {
        return this.secret;
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public ObjectMapper getObjectMapper() {
        return this.objectMapper;
    }

    public void setObjectMapper(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }
}
