package org.ctoolkit.services.endpoints;

import com.google.api.server.spi.auth.GoogleOAuth2Authenticator;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.response.ServiceUnavailableException;
import com.google.appengine.api.utils.SystemProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import java.util.Iterator;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import org.ctoolkit.services.endpoints.OnBehalfOfUser;

@Singleton
/* loaded from: input_file:org/ctoolkit/services/endpoints/ServerToServerAuthenticator.class */
public class ServerToServerAuthenticator extends GoogleOAuth2Authenticator {
    public static final String ON_BEHALF_OF_EMAIL = "X-On-Behalf-Of-Email";
    public static final String ON_BEHALF_OF_USER_ID = "X-On-Behalf-Of-User-Id";
    private final String applicationId;

    public ServerToServerAuthenticator() {
        this(SystemProperty.applicationId.get());
    }

    public ServerToServerAuthenticator(String str) {
        this.applicationId = (String) Preconditions.checkNotNull(str);
    }

    public User authenticate(HttpServletRequest httpServletRequest) throws ServiceUnavailableException {
        User internalAuthenticate = internalAuthenticate(httpServletRequest);
        if (internalAuthenticate == null || !internalAuthenticate.getEmail().toLowerCase().endsWith("appspot.gserviceaccount.com")) {
            return null;
        }
        String lowerCase = internalAuthenticate.getEmail().toLowerCase();
        Iterable<String> split = Splitter.on("@").omitEmptyStrings().trimResults().split(lowerCase);
        String header = httpServletRequest.getHeader(ON_BEHALF_OF_EMAIL);
        String header2 = httpServletRequest.getHeader(ON_BEHALF_OF_USER_ID);
        if (!isApplicationIdEquals(split)) {
            return null;
        }
        if (Strings.isNullOrEmpty(header)) {
            return internalAuthenticate;
        }
        OnBehalfOfUser.Builder builder = new OnBehalfOfUser.Builder();
        builder.email(header).userId(header2).serviceAccount(lowerCase);
        return new OnBehalfOfUser(builder);
    }

    private boolean isApplicationIdEquals(@NotNull Iterable<String> iterable) {
        Iterator<String> it = iterable.iterator();
        return this.applicationId.toLowerCase().equals((it.hasNext() ? it.next() : "").toLowerCase());
    }

    @VisibleForTesting
    User internalAuthenticate(HttpServletRequest httpServletRequest) throws ServiceUnavailableException {
        return super.authenticate(httpServletRequest);
    }
}
