package com.xwiki.azureoauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xwiki.identityoauth.IdentityOAuthException;
import com.xwiki.identityoauth.IdentityOAuthManager;
import com.xwiki.identityoauth.IdentityOAuthProvider;
import com.xwiki.licensing.Licensor;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import javax.inject.Singleton;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.slf4j.Logger;
import org.xwiki.component.annotation.Component;
import org.xwiki.extension.ExtensionId;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;

@Singleton
@Component
@Named(AzureADIdentityOAuthProvider.PROVIDERHINT)
/* loaded from: input_file:com/xwiki/azureoauth/AzureADIdentityOAuthProvider.class */
public class AzureADIdentityOAuthProvider implements IdentityOAuthProvider {
    private static final String TENANT_ID = "tenantid";
    private static final String PROVIDERHINT = "AzureAD";
    private static final String EXCEPTIONUNLICENSED = "This extension is not licensed.";

    @Inject
    protected DocumentReferenceResolver<String> documentResolver;

    @Inject
    protected Logger logger;

    @Inject
    protected Provider<Licensor> licensorProvider;

    @Inject
    protected Provider<IdentityOAuthManager> identityOAuthManager;
    protected DocumentReference configPageRef;

    @Inject
    private AzureADOAuthClient oauthClient;
    private List<String> scopes;
    private boolean active;
    private String tenantId;
    private ExtensionId thisExtensionId = new ExtensionId("com.xwiki.integration-azure-oauth:integration-azure-oauth-ui");
    private ThreadLocal<String> currentlyRequestedUrl = new ThreadLocal<>();
    private ThreadLocal<Map> currentlyObtainedJson = new ThreadLocal<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/xwiki/azureoauth/AzureADIdentityOAuthProvider$MSADIdentityDescription.class */
    public static final class MSADIdentityDescription extends IdentityOAuthProvider.AbstractIdentityDescription {
        private final Map json;
        private String issuerId;

        /* JADX INFO: Access modifiers changed from: package-private */
        public MSADIdentityDescription(Map map, String str) {
            this.issuerId = str;
            this.json = map;
            this.firstName = this.json.get("givenName");
            this.lastName = this.json.get("surname");
            this.internalId = this.json.get("id");
            String str2 = (String) this.json.get("mail");
            if (str2 != null) {
                this.emails = Collections.singletonList(str2);
            } else {
                this.emails = Collections.singletonList(this.json.get("userPrincipalName").toString());
            }
            this.userImageUrl = "https://graph.microsoft.com/v1.0/users/" + this.internalId + "/photo/$value";
        }

        public String getIssuerURL() {
            return "https://login.microsoftonline.com/" + this.issuerId + "/2.0";
        }
    }

    public void initialize(Map<String, String> map) {
        this.active = false;
        try {
            initialize(map.get("active"), map.get("clientid"), map.get("secret"), map.get("scope"), map.get("redirectUrl"), map.get(TENANT_ID), map.get("configurationObjectsPage"));
        } catch (Exception e) {
            this.logger.warn("Configuration reading failed.", e);
            throw new IdentityOAuthException("Trouble at reading configuration.", e);
        }
    }

    private void initialize(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this.tenantId = str6;
        if (str4 == null || str4.trim().length() == 0) {
            this.scopes = getMinimumScopes();
        } else {
            this.scopes = makeScopes(Arrays.asList(str4.split(" ")));
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = this.scopes.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(" ");
        }
        this.active = str.equals("1") || Boolean.parseBoolean(str);
        this.logger.debug("Configuring class " + getClass().getSimpleName() + " with: \n - scopes: " + this.scopes + "\n - clientId " + str2);
        String str8 = str5;
        if (str8 == null || str8.trim().length() == 0) {
            str8 = "_CHANGE_ME_LOGIN_URL_";
        }
        this.oauthClient.buildService(str2, str3, sb.toString(), str8, str6);
        this.configPageRef = this.documentResolver.resolve(str7, new Object[0]);
        this.logger.debug("MS-AD-Service configured: " + this);
    }

    public boolean isActive() {
        return this.active;
    }

    public boolean isReady() {
        return ((Licensor) this.licensorProvider.get()).hasLicensure(this.thisExtensionId);
    }

    public List<String> getMinimumScopes() {
        return Arrays.asList("openid", "User.Read");
    }

    public DocumentReference getConfigPageRef() {
        return this.configPageRef;
    }

    public void setConfigPage(String str) {
        this.configPageRef = this.documentResolver.resolve(str, new Object[0]);
    }

    public List<String> getConfigObjectsClasses() {
        return Arrays.asList("IdentityOAuth.IdentityOAuthConfigClass", "AzureAD.AzureADConfigClass");
    }

    public String getRemoteAuthorizationUrl(String str) {
        if (!isReady()) {
            throw new IllegalStateException(EXCEPTIONUNLICENSED);
        }
        String authorizationUrl = this.oauthClient.getAuthorizationUrl();
        this.logger.debug("Authorization URL: " + authorizationUrl);
        return authorizationUrl;
    }

    public Pair<String, Date> createToken(String str) {
        if (isReady()) {
            return this.oauthClient.createToken(str);
        }
        throw new IllegalStateException(EXCEPTIONUNLICENSED);
    }

    public String readAuthorizationFromReturn(Map<String, String[]> map) {
        return this.oauthClient.readAuthorizationFromReturn(map);
    }

    protected Map makeApiCall(String str) {
        try {
            try {
                this.currentlyRequestedUrl.set(str);
                ((IdentityOAuthManager) this.identityOAuthManager.get()).requestCurrentToken(getProviderHint());
                Map map = this.currentlyObtainedJson.get();
                this.currentlyRequestedUrl.remove();
                this.currentlyObtainedJson.remove();
                return map;
            } catch (Exception e) {
                if (e instanceof IdentityOAuthException) {
                    throw e;
                }
                throw new IdentityOAuthException("Trouble at API call.", e);
            }
        } catch (Throwable th) {
            this.currentlyRequestedUrl.remove();
            this.currentlyObtainedJson.remove();
            throw th;
        }
    }

    public void receiveFreshToken(String str) {
        try {
            String performApiRequest = this.oauthClient.performApiRequest(str, this.currentlyRequestedUrl.get());
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Response received: " + performApiRequest);
            }
            this.currentlyObtainedJson.set((Map) new ObjectMapper().readValue(performApiRequest, Map.class));
        } catch (Exception e) {
            throw new IdentityOAuthException("Failure at API call.", e);
        }
    }

    public IdentityOAuthProvider.AbstractIdentityDescription fetchIdentityDetails(String str) {
        if (isReady()) {
            return this.oauthClient.fetchIdentityDetails(str, this.tenantId);
        }
        throw new IllegalStateException(EXCEPTIONUNLICENSED);
    }

    public Triple<InputStream, String, String> fetchUserImage(Date date, IdentityOAuthProvider.AbstractIdentityDescription abstractIdentityDescription, String str) {
        return this.oauthClient.fetchUserImage(date, abstractIdentityDescription, str, this.scopes);
    }

    public boolean enrichUserObject(IdentityOAuthProvider.AbstractIdentityDescription abstractIdentityDescription, XWikiDocument xWikiDocument) {
        return false;
    }

    private List<String> makeScopes(List<String> list) {
        return (list == null || list.size() == 0) ? getMinimumScopes() : list;
    }

    public String getProviderHint() {
        return PROVIDERHINT;
    }

    public void setProviderHint(String str) {
        if (!PROVIDERHINT.equals(str)) {
            throw new IllegalStateException("Only \"AzureAD\" is accepted as hint.");
        }
    }

    public String validateConfiguration() {
        return "ok";
    }
}
