package com.erudika.para.server.security.filters;

import ch.qos.logback.access.PatternLayout;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.Config;
import com.erudika.para.core.utils.Para;
import com.erudika.para.core.utils.ParaObjectUtils;
import com.erudika.para.core.utils.Utils;
import com.erudika.para.server.security.AuthenticatedUserDetails;
import com.erudika.para.server.security.SecurityUtils;
import com.erudika.para.server.security.UserAuthentication;
import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:BOOT-INF/lib/para-server-1.48.2.jar:com/erudika/para/server/security/filters/MicrosoftAuthFilter.class */
public class MicrosoftAuthFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) MicrosoftAuthFilter.class);
    private final CloseableHttpClient httpclient;
    private final ObjectReader jreader;
    private static final String PROFILE_URL = "https://graph.microsoft.com/v1.0/me";
    private static final String PHOTO_URL = "https://graph.microsoft.com/v1.0/me/photo/$value";
    private static final String TOKEN_URL = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token";
    private static final String PAYLOAD = "code={0}&redirect_uri={1}&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&client_id={2}&client_secret={3}&grant_type=authorization_code";
    public static final String MICROSOFT_ACTION = "microsoft_auth";

    public MicrosoftAuthFilter(String str) {
        super(str);
        this.jreader = ParaObjectUtils.getJsonReader(Map.class);
        this.httpclient = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectionRequestTimeout(30, TimeUnit.SECONDS).build()).build();
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserAuthentication userAuthentication = null;
        if (httpServletRequest.getRequestURI().endsWith(MICROSOFT_ACTION)) {
            String parameter = httpServletRequest.getParameter("code");
            if (!StringUtils.isBlank(parameter)) {
                String appidFromAuthRequest = SecurityUtils.getAppidFromAuthRequest(httpServletRequest);
                String redirectUrl = SecurityUtils.getRedirectUrl(httpServletRequest);
                App app = (App) Para.getDAO().read(App.id(appidFromAuthRequest == null ? Para.getConfig().getRootAppIdentifier() : appidFromAuthRequest));
                String[] oAuthKeysForApp = Para.getConfig().getOAuthKeysForApp(app, Config.MICROSOFT_PREFIX);
                String formatMessage = Utils.formatMessage(PAYLOAD, parameter, Utils.urlEncode(redirectUrl), oAuthKeysForApp[0], oAuthKeysForApp[1]);
                HttpPost httpPost = new HttpPost(Utils.formatMessage(TOKEN_URL, Para.getConfig().getSettingForApp(app, "ms_tenant_id", PatternLayout.CLF_PATTERN_NAME)));
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                httpPost.setEntity(new StringEntity(formatMessage));
                userAuthentication = (UserAuthentication) this.httpclient.execute(httpPost, classicHttpResponse -> {
                    if (classicHttpResponse == null || classicHttpResponse.getEntity() == null) {
                        logger.info("Authentication request failed with status '" + (classicHttpResponse != null ? classicHttpResponse.getReasonPhrase() : BeanDefinitionParserDelegate.NULL_ELEMENT) + "' and empty response body.");
                        return null;
                    }
                    Map map = (Map) this.jreader.readValue(classicHttpResponse.getEntity().getContent());
                    if (map != null && map.containsKey("access_token")) {
                        return getOrCreateUser(app, (String) map.get("access_token"));
                    }
                    logger.info("Authentication request failed with status '" + classicHttpResponse.getReasonPhrase() + "' - " + String.valueOf(map));
                    EntityUtils.consumeQuietly(classicHttpResponse.getEntity());
                    return null;
                });
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    public UserAuthentication getOrCreateUser(App app, String str) throws IOException {
        if (str == null) {
            return SecurityUtils.checkIfActive(null, null, false);
        }
        HttpGet httpGet = new HttpGet(PROFILE_URL);
        httpGet.setHeader("Authorization", "Bearer " + str);
        httpGet.setHeader("Accept", "application/json");
        return (UserAuthentication) this.httpclient.execute(httpGet, classicHttpResponse -> {
            UserAuthentication userAuthentication = null;
            User user = new User();
            Map<String, Object> map = null;
            HttpEntity entity = classicHttpResponse.getEntity();
            if (entity != null) {
                map = (Map) this.jreader.readValue(entity.getContent());
                EntityUtils.consumeQuietly(entity);
            }
            if (map == null || !map.containsKey("id")) {
                logger.info("Authentication request failed because user profile doesn't contain the expected attributes");
            } else {
                String str2 = (String) map.get("id");
                String email = getEmail(map);
                String str3 = (String) map.get("displayName");
                user.setAppid(getAppid(app));
                user.setIdentifier("ms:" + str2);
                user.setEmail(email);
                user = User.readUserForIdentifier(user);
                if (user == null) {
                    user = new User(Utils.getNewId());
                    user.setActive(true);
                    user.setAppid(getAppid(app));
                    user.setEmail(StringUtils.isBlank(email) ? Utils.getNewId() + "@windowslive.com" : email);
                    user.setName(StringUtils.isBlank(str3) ? "No Name" : str3);
                    user.setPassword(Utils.generateSecurityToken());
                    user.setPicture(getPicture(getAppid(app), user.getId(), str, email));
                    user.setIdentifier("ms:" + str2);
                    if (user.create() == null) {
                        throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                    }
                } else if (updateUserInfo(user, email, str3, str, getAppid(app))) {
                    user.update();
                }
                userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
            }
            return SecurityUtils.checkIfActive(userAuthentication, user, false);
        });
    }

    private boolean updateUserInfo(User user, String str, String str2, String str3, String str4) throws IOException {
        String picture = getPicture(str4, user.getId(), str3, str);
        boolean z = false;
        if (!StringUtils.equals(user.getPicture(), picture)) {
            user.setPicture(picture);
            z = true;
        }
        if (!StringUtils.isBlank(str) && !StringUtils.equals(user.getEmail(), str)) {
            user.setEmail(str);
            z = true;
        }
        if (!StringUtils.isBlank(str2) && !StringUtils.equals(user.getName(), str2)) {
            user.setName(str2);
            z = true;
        }
        return z;
    }

    private String getPicture(String str, String str2, String str3, String str4) throws IOException {
        String gravatar = getGravatar(str4);
        if (str3 != null) {
            HttpGet httpGet = new HttpGet(PHOTO_URL);
            httpGet.setHeader("Authorization", "Bearer " + str3);
            httpGet.setHeader("Accept", "application/json");
            gravatar = (String) this.httpclient.execute(httpGet, classicHttpResponse -> {
                HttpEntity entity = classicHttpResponse.getEntity();
                if (entity == null || !entity.getContentType().startsWith("image")) {
                    EntityUtils.consumeQuietly(entity);
                    return getGravatar(str4);
                }
                return Para.getFileStore().store(((String) Optional.ofNullable(str).orElse(Config.PARA)) + "/" + str2 + "." + StringUtils.substringAfter(entity.getContentType(), "/"), entity.getContent());
            });
        }
        return gravatar;
    }

    private String getGravatar(String str) {
        return "https://www.gravatar.com/avatar/" + Utils.md5(str.toLowerCase()) + "?size=400&d=mm&r=pg";
    }

    private String getEmail(Map<String, Object> map) {
        String str = (String) map.get("mail");
        if (StringUtils.isBlank(str) || !StringUtils.contains(str, "@")) {
            str = (String) map.get("userPrincipalName");
        }
        return str;
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }
}
