package com.erudika.para.security;

import com.eaio.uuid.UUID;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.ParaObjectUtils;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import com.erudika.para.utils.filters.CORSFilter;
import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/security/LinkedInAuthFilter.class */
public class LinkedInAuthFilter extends AbstractAuthenticationProcessingFilter {
    private final CloseableHttpClient httpclient;
    private final ObjectReader jreader;
    private static final String PROFILE_URL = "https://api.linkedin.com/v1/people/~:(id,firstName,lastName,email-address,picture-url)?format=json&oauth2_access_token=";
    private static final String TOKEN_URL = "https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}";
    public static final String LINKEDIN_ACTION = "linkedin_auth";

    public LinkedInAuthFilter(String str) {
        super(str);
        this.jreader = ParaObjectUtils.getJsonReader(Map.class);
        this.httpclient = HttpClients.createDefault();
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserAuthentication userAuthentication = null;
        if (httpServletRequest.getRequestURI().endsWith(LINKEDIN_ACTION)) {
            String parameter = httpServletRequest.getParameter("code");
            if (!StringUtils.isBlank(parameter)) {
                String parameter2 = httpServletRequest.getParameter("appid");
                String str = httpServletRequest.getRequestURL().toString() + (parameter2 == null ? CORSFilter.DEFAULT_EXPOSED_HEADERS : "?appid=" + parameter2);
                String[] customAuthSettings = SecurityUtils.getCustomAuthSettings(parameter2, Config.LINKEDIN_PREFIX, httpServletRequest);
                CloseableHttpResponse closeableHttpResponse = null;
                String formatMessage = Utils.formatMessage(TOKEN_URL, new Object[]{parameter, str, customAuthSettings[0], customAuthSettings[1]});
                try {
                    closeableHttpResponse = this.httpclient.execute(new HttpPost(formatMessage));
                } catch (Exception e) {
                    this.logger.warn("LinkedIn auth request failed: GET " + formatMessage, e);
                }
                if (closeableHttpResponse != null && closeableHttpResponse.getEntity() != null) {
                    Map map = (Map) this.jreader.readValue(closeableHttpResponse.getEntity().getContent());
                    if (map != null && map.containsKey("access_token")) {
                        userAuthentication = getOrCreateUser(parameter2, (String) map.get("access_token"));
                    }
                    EntityUtils.consumeQuietly(closeableHttpResponse.getEntity());
                }
            }
        }
        User authenticatedUser = SecurityUtils.getAuthenticatedUser(userAuthentication);
        if (userAuthentication == null || authenticatedUser == null || authenticatedUser.getIdentifier() == null) {
            throw new BadCredentialsException("Bad credentials.");
        }
        if (authenticatedUser.getActive().booleanValue()) {
            return userAuthentication;
        }
        throw new LockedException("Account is locked.");
    }

    public UserAuthentication getOrCreateUser(String str, String str2) throws IOException {
        UserAuthentication userAuthentication = null;
        if (str2 != null) {
            User user = new User();
            user.setAppid(str);
            String str3 = null;
            HttpEntity httpEntity = null;
            try {
                CloseableHttpResponse execute = this.httpclient.execute(new HttpGet(PROFILE_URL + str2));
                httpEntity = execute.getEntity();
                str3 = execute.getFirstHeader("Content-Type").getValue();
            } catch (Exception e) {
                this.logger.warn("LinkedIn auth request failed: GET https://api.linkedin.com/v1/people/~:(id,firstName,lastName,email-address,picture-url)?format=json&oauth2_access_token=" + str2, e);
            }
            if (httpEntity != null && Utils.isJsonType(str3)) {
                Map map = (Map) this.jreader.readValue(httpEntity.getContent());
                if (map != null && map.containsKey("id")) {
                    String str4 = (String) map.get("id");
                    String str5 = (String) map.get("emailAddress");
                    String str6 = (String) map.get("pictureUrl");
                    String str7 = ((String) map.get("firstName")) + " " + ((String) map.get("lastName"));
                    user.setIdentifier(Config.LINKEDIN_PREFIX.concat(str4));
                    User readUserForIdentifier = User.readUserForIdentifier(user);
                    if (readUserForIdentifier == null) {
                        readUserForIdentifier = new User();
                        readUserForIdentifier.setActive(true);
                        readUserForIdentifier.setAppid(str);
                        readUserForIdentifier.setEmail(StringUtils.isBlank(str5) ? str4 + "@linkedin.com" : str5);
                        readUserForIdentifier.setName(StringUtils.isBlank(str7) ? "No Name" : str7);
                        readUserForIdentifier.setPassword(new UUID().toString());
                        readUserForIdentifier.setPicture(str6);
                        readUserForIdentifier.setIdentifier(Config.LINKEDIN_PREFIX.concat(str4));
                        if (readUserForIdentifier.create() == null) {
                            throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                        }
                    } else {
                        boolean z = false;
                        if (!StringUtils.equals(readUserForIdentifier.getPicture(), str6)) {
                            readUserForIdentifier.setPicture(str6);
                            z = true;
                        }
                        if (!StringUtils.isBlank(str5) && !StringUtils.equals(readUserForIdentifier.getEmail(), str5)) {
                            readUserForIdentifier.setEmail(str5);
                            z = true;
                        }
                        if (z) {
                            readUserForIdentifier.update();
                        }
                    }
                    userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(readUserForIdentifier));
                }
                EntityUtils.consumeQuietly(httpEntity);
            }
        }
        return userAuthentication;
    }
}
