package com.xwiki.azureoauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.MicrosoftAzureActiveDirectory20Api;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xwiki.identityoauth.IdentityOAuthException;
import com.xwiki.identityoauth.IdentityOAuthManager;
import com.xwiki.identityoauth.IdentityOAuthProvider;
import com.xwiki.licensing.Licensor;
import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;

@Singleton
@Component
@Named(AzureADIdentityOAuthProvider.PROVIDERHINT)
/* loaded from: input_file:com/xwiki/azureoauth/AzureADIdentityOAuthProvider.class */
public class AzureADIdentityOAuthProvider implements IdentityOAuthProvider {
    private static final String TENANT_ID = "tenantid";
    private static final String PROVIDERHINT = "AzureAD";
    private static final String EXCEPTIONUNLICENSED = "This extension is not licensed.";
    private static final String IMAGE_JPEG = "image/jpeg";

    @Inject
    protected Provider<XWikiContext> contextProvider;

    @Inject
    protected DocumentReferenceResolver<String> documentResolver;

    @Inject
    protected Logger logger;

    @Inject
    protected Provider<Licensor> licensorProvider;

    @Inject
    protected Provider<IdentityOAuthManager> identityOAuthManager;
    protected DocumentReference configPageRef;
    protected DocumentReference azureADWebPrefsRef;
    private OAuth20Service service;
    private List<String> scopes;
    private boolean active;
    private ThreadLocal<String> currentlyRequestedUrl = new ThreadLocal<>();
    private ThreadLocal<Map> currentlyObtainedJson = new ThreadLocal<>();

    /* loaded from: input_file:com/xwiki/azureoauth/AzureADIdentityOAuthProvider$MSADIdentityDescription.class */
    private final class MSADIdentityDescription extends IdentityOAuthProvider.IdentityDescription {
        private final Map json;

        private MSADIdentityDescription(Map map) {
            this.json = map;
            this.firstName = this.json.get("givenName").toString();
            this.lastName = this.json.get("surname").toString();
            this.internalId = this.json.get("id").toString();
            String str = (String) this.json.get("mail");
            if (str != null) {
                this.emails = Collections.singletonList(str);
            } else {
                this.emails = Collections.singletonList(this.json.get("userPrincipalName").toString());
            }
            this.userImageUrl = "https://graph.microsoft.com/v1.0/users/" + this.internalId + "/photo/$value";
        }
    }

    public void initialize(Map<String, String> map) {
        this.active = false;
        try {
            initialize(map.get("active"), map.get("clientid"), map.get("secret"), map.get("scope"), map.get("redirectUrl"), map.get(TENANT_ID), map.get("configurationObjectsPage"));
        } catch (Exception e) {
            this.logger.warn("Configuration reading failed.", e);
            throw new IdentityOAuthException("Trouble at reading configuration.", e);
        }
    }

    private void initialize(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        if (str4 == null || str4.trim().length() == 0) {
            this.scopes = getMinimumScopes();
        } else {
            this.scopes = makeScopes(Arrays.asList(str4.split(" ")));
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = this.scopes.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(" ");
        }
        this.active = str.equals("1") || Boolean.parseBoolean(str);
        this.logger.debug("Configuring class " + getClass().getSimpleName() + " with: \n - scopes: " + this.scopes + "\n - clientId " + str2);
        this.service = new ServiceBuilder(str2).apiSecret(str3).defaultScope(sb.toString()).callback(str5).build(MicrosoftAzureActiveDirectory20Api.custom(str6));
        this.configPageRef = this.documentResolver.resolve(str7, new Object[0]);
        this.azureADWebPrefsRef = this.documentResolver.resolve("xwiki:AzureAD.WebPreferences", new Object[0]);
        this.logger.debug("MS-AD-Service configured: " + this);
    }

    public boolean isActive() {
        return ((Licensor) this.licensorProvider.get()).hasLicensure(this.azureADWebPrefsRef) && this.active;
    }

    public List<String> getMinimumScopes() {
        return Arrays.asList("openid", "User.Read");
    }

    public DocumentReference getConfigPageRef() {
        return this.configPageRef;
    }

    public void setConfigPage(String str) {
        this.configPageRef = this.documentResolver.resolve(str, new Object[0]);
    }

    public List<String> getConfigObjectsClasses() {
        return Arrays.asList("IdentityOAuth.IdentityOAuthConfigClass", "AzureAD.AzureADConfigClass");
    }

    public String getRemoteAuthorizationUrl(String str) {
        if (!((Licensor) this.licensorProvider.get()).hasLicensure(this.azureADWebPrefsRef)) {
            throw new IllegalStateException(EXCEPTIONUNLICENSED);
        }
        String authorizationUrl = this.service.getAuthorizationUrl();
        this.logger.debug("Authorization URL: " + authorizationUrl);
        return authorizationUrl;
    }

    public Pair<String, Date> createToken(String str) {
        try {
            if (!((Licensor) this.licensorProvider.get()).hasLicensure(this.azureADWebPrefsRef)) {
                throw new IllegalStateException(EXCEPTIONUNLICENSED);
            }
            OAuth2AccessToken accessToken = this.service.getAccessToken(str);
            this.logger.debug("Obtained accessToken from MS-AD Services.");
            return new ImmutablePair(accessToken.getAccessToken(), new Date(System.currentTimeMillis() + (1000 * accessToken.getExpiresIn().intValue())));
        } catch (Exception e) {
            String str2 = "Generic trouble at creating Token: " + e.toString();
            this.logger.warn(str2, e);
            throw new IdentityOAuthException(str2, e);
        } catch (OAuth2AccessTokenErrorResponse e2) {
            String str3 = "OAuth trouble at creating token:" + e2.getErrorDescription();
            this.logger.warn(str3, e2);
            throw new IdentityOAuthException(str3, e2);
        }
    }

    public String readAuthorizationFromReturn(Map<String, String[]> map) {
        if (map.containsKey("error_description")) {
            throw new IdentityOAuthException("An error occurred at AzureAD: " + Arrays.asList(map.get("error")) + " " + Arrays.asList(map.get("error_description")));
        }
        String str = (map == null || !map.containsKey("code")) ? null : map.get("code")[0];
        this.logger.debug("Obtained authorization-code from MS-AD Services.");
        return str;
    }

    protected Map makeApiCall(String str) {
        try {
            try {
                this.currentlyRequestedUrl.set(str);
                ((IdentityOAuthManager) this.identityOAuthManager.get()).requestCurrentToken(getProviderHint());
                Map map = this.currentlyObtainedJson.get();
                this.currentlyRequestedUrl.remove();
                this.currentlyObtainedJson.remove();
                return map;
            } catch (Exception e) {
                if (e instanceof IdentityOAuthException) {
                    throw e;
                }
                throw new IdentityOAuthException("Trouble at API call.", e);
            }
        } catch (Throwable th) {
            this.currentlyRequestedUrl.remove();
            this.currentlyObtainedJson.remove();
            throw th;
        }
    }

    public void receiveFreshToken(String str) {
        try {
            OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, this.currentlyRequestedUrl.get());
            this.service.signRequest(str, oAuthRequest);
            String body = this.service.execute(oAuthRequest).getBody();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Response received: " + body);
            }
            this.currentlyObtainedJson.set((Map) new ObjectMapper().readValue(body, Map.class));
        } catch (Exception e) {
            throw new IdentityOAuthException("Failure at API call.", e);
        }
    }

    public IdentityOAuthProvider.IdentityDescription fetchIdentityDetails(String str) {
        try {
            if (!((Licensor) this.licensorProvider.get()).hasLicensure(this.azureADWebPrefsRef)) {
                throw new IllegalStateException(EXCEPTIONUNLICENSED);
            }
            OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, "https://graph.microsoft.com/v1.0/me");
            this.service.signRequest(str, oAuthRequest);
            return new MSADIdentityDescription((Map) new ObjectMapper().readValue(this.service.execute(oAuthRequest).getBody(), Map.class));
        } catch (Exception e) {
            this.logger.warn("Trouble at fetchIdentityDetails:", e);
            throw new IdentityOAuthException("Trouble at fetchIdentityDetails.", e);
        }
    }

    public Triple<InputStream, String, String> fetchUserImage(Date date, IdentityOAuthProvider.IdentityDescription identityDescription, String str) {
        try {
            if (!this.scopes.contains("User.ReadBasic.All") && !this.scopes.contains("User.Read.All")) {
                return null;
            }
            List asList = Arrays.asList(IMAGE_JPEG);
            OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, identityDescription.userImageUrl);
            if (date != null) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("CET"));
                oAuthRequest.addHeader("If-Modified-Since", simpleDateFormat.format(date));
            }
            this.logger.debug("will request " + oAuthRequest);
            this.service.signRequest(str, oAuthRequest);
            Response execute = this.service.execute(oAuthRequest);
            String header = execute.getHeader("Content-Type");
            this.logger.debug("Request done " + header);
            if (!execute.isSuccessful() || !asList.contains(header)) {
                this.logger.warn("Fetching photo failed: " + execute.getMessage());
                this.logger.debug("Photo response: " + execute.getBody());
                return null;
            }
            String header2 = execute.getHeader("Content-Disposition");
            String str2 = "image.jpeg";
            if (header2 != null && header2.startsWith("attachment; ")) {
                str2 = header2.substring("attachment; ".length());
            }
            this.logger.debug("Obtained content of file " + str2);
            return Triple.of(execute.getStream(), IMAGE_JPEG, str2);
        } catch (Throwable th) {
            this.logger.warn("Can't save photo.", th);
            return null;
        }
    }

    public boolean enrichUserObject(IdentityOAuthProvider.IdentityDescription identityDescription, XWikiDocument xWikiDocument) {
        return false;
    }

    private List<String> makeScopes(List<String> list) {
        return (list == null || list.size() == 0) ? getMinimumScopes() : list;
    }

    public String getProviderHint() {
        return PROVIDERHINT;
    }

    public void setProviderHint(String str) {
        if (!PROVIDERHINT.equals(str)) {
            throw new IllegalStateException("Only \"AzureAD\" is accepted as hint.");
        }
    }

    public String validateConfiguration() {
        return "ok";
    }
}
