package com.erudika.para.security.filters;

import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.ParaObjectUtils;
import com.erudika.para.security.AuthenticatedUserDetails;
import com.erudika.para.security.SecurityUtils;
import com.erudika.para.security.UserAuthentication;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.config.CookieSpecs;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.NoConnectionReuseStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:BOOT-INF/lib/para-server-1.34.0.jar:com/erudika/para/security/filters/MicrosoftAuthFilter.class */
public class MicrosoftAuthFilter extends AbstractAuthenticationProcessingFilter {
    private final CloseableHttpClient httpclient;
    private final ObjectReader jreader;
    private static final String PROFILE_URL = "https://graph.microsoft.com/v1.0/me";
    private static final String PHOTO_URL = "https://graph.microsoft.com/v1.0/me/photo/$value";
    private static final String TOKEN_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
    private static final String PAYLOAD = "code={0}&redirect_uri={1}&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&client_id={2}&client_secret={3}&grant_type=authorization_code";
    public static final String MICROSOFT_ACTION = "microsoft_auth";

    public MicrosoftAuthFilter(String str) {
        super(str);
        this.jreader = ParaObjectUtils.getJsonReader(Map.class);
        this.httpclient = HttpClientBuilder.create().setConnectionReuseStrategy(new NoConnectionReuseStrategy()).setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(30000).setConnectionRequestTimeout(30000).setCookieSpec(CookieSpecs.STANDARD).setSocketTimeout(30000).build()).build();
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserAuthentication userAuthentication = null;
        if (httpServletRequest.getRequestURI().endsWith(MICROSOFT_ACTION)) {
            String parameter = httpServletRequest.getParameter("code");
            if (!StringUtils.isBlank(parameter)) {
                String appidFromAuthRequest = SecurityUtils.getAppidFromAuthRequest(httpServletRequest);
                String redirectUrl = SecurityUtils.getRedirectUrl(httpServletRequest);
                App app = (App) Para.getDAO().read(App.id(appidFromAuthRequest == null ? Config.getRootAppIdentifier() : appidFromAuthRequest));
                String[] oAuthKeysForApp = SecurityUtils.getOAuthKeysForApp(app, Config.MICROSOFT_PREFIX);
                String formatMessage = Utils.formatMessage(PAYLOAD, parameter, Utils.urlEncode(redirectUrl), oAuthKeysForApp[0], oAuthKeysForApp[1]);
                HttpPost httpPost = new HttpPost(TOKEN_URL);
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                httpPost.setEntity(new StringEntity(formatMessage, "UTF-8"));
                CloseableHttpResponse execute = this.httpclient.execute((HttpUriRequest) httpPost);
                Throwable th = null;
                if (execute != null) {
                    try {
                        try {
                            if (execute.getEntity() != null) {
                                Map map = (Map) this.jreader.readValue(execute.getEntity().getContent());
                                if (map != null && map.containsKey("access_token")) {
                                    userAuthentication = getOrCreateUser(app, (String) map.get("access_token"));
                                }
                                EntityUtils.consumeQuietly(execute.getEntity());
                            }
                        } finally {
                        }
                    } catch (Throwable th2) {
                        if (execute != null) {
                            if (th != null) {
                                try {
                                    execute.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        throw th2;
                    }
                }
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        execute.close();
                    }
                }
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    public UserAuthentication getOrCreateUser(App app, String str) throws IOException {
        UserAuthentication userAuthentication = null;
        User user = new User();
        if (str != null) {
            HttpGet httpGet = new HttpGet(PROFILE_URL);
            httpGet.setHeader("Authorization", "Bearer " + str);
            httpGet.setHeader("Accept", "application/json");
            Map<String, Object> map = null;
            CloseableHttpResponse execute = this.httpclient.execute((HttpUriRequest) httpGet);
            Throwable th = null;
            try {
                try {
                    HttpEntity entity = execute.getEntity();
                    if (entity != null) {
                        map = (Map) this.jreader.readValue(entity.getContent());
                        EntityUtils.consumeQuietly(entity);
                    }
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (map != null && map.containsKey("id")) {
                        String str2 = (String) map.get("id");
                        String email = getEmail(map);
                        String str3 = (String) map.get("displayName");
                        user.setAppid(getAppid(app));
                        user.setIdentifier(Config.MICROSOFT_PREFIX + str2);
                        user.setEmail(email);
                        user = User.readUserForIdentifier(user);
                        if (user == null) {
                            user = new User();
                            user.setActive(true);
                            user.setAppid(getAppid(app));
                            user.setEmail(StringUtils.isBlank(email) ? Utils.getNewId() + "@windowslive.com" : email);
                            user.setName(StringUtils.isBlank(str3) ? "No Name" : str3);
                            user.setPassword(Utils.generateSecurityToken());
                            user.setPicture(getPicture(str));
                            user.setIdentifier(Config.MICROSOFT_PREFIX + str2);
                            if (user.create() == null) {
                                throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                            }
                        } else if (updateUserInfo(user, email, str3, str)) {
                            user.update();
                        }
                        userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (execute != null) {
                    if (th != null) {
                        try {
                            execute.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th3;
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, user, false);
    }

    private boolean updateUserInfo(User user, String str, String str2, String str3) throws IOException {
        String picture = getPicture(str3);
        boolean z = false;
        if (!StringUtils.equals(user.getPicture(), picture)) {
            user.setPicture(picture);
            z = true;
        }
        if (!StringUtils.isBlank(str) && !StringUtils.equals(user.getEmail(), str)) {
            user.setEmail(str);
            z = true;
        }
        if (!StringUtils.isBlank(str2) && !StringUtils.equals(user.getName(), str2)) {
            user.setName(str2);
            z = true;
        }
        return z;
    }

    private String getPicture(String str) throws IOException {
        byte[] byteArray;
        if (str == null) {
            return null;
        }
        HttpGet httpGet = new HttpGet(PHOTO_URL);
        httpGet.setHeader("Authorization", "Bearer " + str);
        httpGet.setHeader("Accept", "application/json");
        CloseableHttpResponse execute = this.httpclient.execute((HttpUriRequest) httpGet);
        Throwable th = null;
        try {
            HttpEntity entity = execute.getEntity();
            if (entity != null && entity.getContentType().getValue().startsWith("image") && (byteArray = IOUtils.toByteArray(entity.getContent())) != null && byteArray.length > 0) {
                String str2 = "data:" + entity.getContentType().getValue() + ";base64," + new String(Base64.encodeBase64(byteArray));
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        execute.close();
                    }
                }
                return str2;
            }
            EntityUtils.consumeQuietly(entity);
            if (execute == null) {
                return null;
            }
            if (0 == 0) {
                execute.close();
                return null;
            }
            try {
                execute.close();
                return null;
            } catch (Throwable th3) {
                th.addSuppressed(th3);
                return null;
            }
        } catch (Throwable th4) {
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    execute.close();
                }
            }
            throw th4;
        }
    }

    private String getEmail(Map<String, Object> map) {
        String str = (String) map.get("userPrincipalName");
        if (StringUtils.isBlank(str) || !StringUtils.contains(str, "@")) {
            str = (String) map.get("mail");
        }
        return str;
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }
}
