package pt.digitalis.dif.oauth.remoteauth.impl.microsoft;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.JSONSerializer;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.lang.StringUtils;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.Token;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
import org.springframework.beans.factory.BeanFactory;
import pt.digitalis.dif.exception.InternalFrameworkException;
import pt.digitalis.dif.oauth.remoteauth.AbstractRemoteAuthProvider;
import pt.digitalis.dif.oauth.remoteauth.RemoteAuthParams;
import pt.digitalis.dif.oauth.remoteauth.RemoteUserData;
import pt.digitalis.dif.utils.http.HttpUtils;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.utils.ldap.LDAPUser;

/* loaded from: input_file:WEB-INF/lib/dif-remote-auth-2.8.8-112.jar:pt/digitalis/dif/oauth/remoteauth/impl/microsoft/MicrosoftAzureRemoteAuth.class */
public class MicrosoftAzureRemoteAuth extends AbstractRemoteAuthProvider {
    public static final String ID = "Azure";
    private static final String RESPONSE_CODE = "responseCode";
    private static final String RESPONSE_BODY = "responseBody";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/dif-remote-auth-2.8.8-112.jar:pt/digitalis/dif/oauth/remoteauth/impl/microsoft/MicrosoftAzureRemoteAuth$Result.class */
    public class Result {
        int code;
        String body;

        protected Result() {
        }

        public String getBody() {
            return this.body;
        }

        public void setBody(String str) {
            this.body = str;
        }

        public int getCode() {
            return this.code;
        }

        public void setCode(int i) {
            this.code = i;
        }
    }

    @Override // pt.digitalis.dif.oauth.remoteauth.IRemoteAuthProvider
    public String getAuthorizationUrl() {
        OAuthService service2 = getService();
        DIFLogger.getLogger().debug("=== " + MicrosoftAzureRemoteAuthConfig.getInstance().getName() + "'s OAuth Workflow ===");
        DIFLogger.getLogger().debug("Fetching the Authorization URL...");
        String authorizationUrl = service2.getAuthorizationUrl(null);
        DIFLogger.getLogger().debug("Got the Authorization URL!");
        DIFLogger.getLogger().debug(authorizationUrl);
        return authorizationUrl;
    }

    @Override // pt.digitalis.dif.features.IDIFFeatureAlternativeAuthentication
    public String getId() {
        return ID;
    }

    @Override // pt.digitalis.dif.oauth.remoteauth.AbstractRemoteAuthProvider, pt.digitalis.dif.features.IDIFFeatureAlternativeAuthentication
    public String getLoginUrl() {
        return getAuthorizationUrl();
    }

    @Override // pt.digitalis.dif.oauth.remoteauth.AbstractRemoteAuthProvider, pt.digitalis.dif.oauth.remoteauth.IRemoteAuthProvider
    public String getLogoutURL() {
        try {
            return "https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=" + HttpUtils.getBaseURL();
        } catch (InternalFrameworkException e) {
            return "https://login.microsoftonline.com/common/oauth2/v2.0/logout";
        }
    }

    @Override // pt.digitalis.dif.features.IDIFFeature, pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    public String getName() {
        return MicrosoftAzureRemoteAuthConfig.getInstance().getName();
    }

    private Result getResponseStringFromConn(String str, String str2) throws IOException {
        Result result = new Result();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.format(str, MicrosoftAzureRemoteAuthConfig.getInstance().getApiKey(), str2)).openConnection();
        httpURLConnection.setRequestProperty("Authorization", str2);
        httpURLConnection.setRequestProperty("Accept", "application/json");
        BufferedReader bufferedReader = httpURLConnection.getResponseCode() == 200 ? new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream())) : new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream()));
        result.setCode(httpURLConnection.getResponseCode());
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                result.setBody(sb.toString());
                return result;
            }
            sb.append(readLine);
        }
    }

    private OAuthService getService() {
        OAuthService oAuthService = null;
        try {
            oAuthService = new ServiceBuilder().provider(MicrosoftAzureAPI.class).apiKey(MicrosoftAzureRemoteAuthConfig.getInstance().getApiKey()).apiSecret(MicrosoftAzureRemoteAuthConfig.getInstance().getApiSecret()).callback(HttpUtils.getBaseURL() + "remoteauth?provider" + XMLConstants.XML_EQUAL_SIGN + ID + BeanFactory.FACTORY_BEAN_PREFIX + RemoteAuthParams.REMOTE_CALLBACK_PARAM + "=true").scope(MicrosoftAzureRemoteAuthConfig.getInstance().getScope()).build();
        } catch (InternalFrameworkException e) {
            this.errorLog.logError("Google Remote Authentication", "Get Service", e);
        }
        return oAuthService;
    }

    @Override // pt.digitalis.dif.features.IDIFFeature
    public Boolean isActive() {
        return MicrosoftAzureRemoteAuthConfig.getInstance().getActive();
    }

    @Override // pt.digitalis.dif.oauth.remoteauth.AbstractRemoteAuthProvider, pt.digitalis.dif.oauth.remoteauth.IRemoteAuthProvider, pt.digitalis.dif.features.IDIFFeatureAlternativeAuthentication
    public Boolean isExclusiveAuthentication() {
        return MicrosoftAzureRemoteAuthConfig.getInstance().getExclusiveAuthentication();
    }

    @Override // pt.digitalis.dif.oauth.remoteauth.IRemoteAuthProvider
    public RemoteUserData processCallback(String str) throws Exception {
        OAuthService service2 = getService();
        Verifier verifier = new Verifier(str);
        DIFLogger.getLogger().debug("Trading the Request Token for an Access Token...");
        Token accessToken = service2.getAccessToken(null, verifier);
        DIFLogger.getLogger().debug("Got the Access Token!");
        DIFLogger.getLogger().debug("Now we're going to access a protected resource user data...");
        Result responseStringFromConn = getResponseStringFromConn("https://graph.microsoft.com/v1.0//me/?$select=businessPhones,displayName,givenName,id,jobTitle,mail,mobilePhone,officeLocation,preferredLanguage,surname,userPrincipalName" + (MicrosoftAzureRemoteAuthConfig.getInstance().getBusinessIdAttribute() != null ? "," + MicrosoftAzureRemoteAuthConfig.getInstance().getBusinessIdAttribute() : ""), accessToken.getToken());
        JSONObject jSONObject = (JSONObject) JSONSerializer.toJSON(responseStringFromConn.getBody());
        String string = jSONObject.getString(MicrosoftAzureRemoteAuthConfig.getInstance().getEmailAttribute());
        String str2 = (jSONObject.containsKey(LDAPUser.GIVEN_NAME) ? jSONObject.getString(LDAPUser.GIVEN_NAME) : "") + " ";
        if (jSONObject.containsKey(LDAPUser.DISPLAY_NAME)) {
            str2 = jSONObject.getString(LDAPUser.DISPLAY_NAME);
        }
        String string2 = jSONObject.getString("userPrincipalName");
        String substring = string2.substring(0, string2.indexOf("@"));
        RemoteUserData remoteUserData = new RemoteUserData(getId(), string, MicrosoftAzureRemoteAuthConfig.getInstance().getUsePrefixForUsername().booleanValue());
        remoteUserData.setUserId(substring);
        remoteUserData.setEmail(string);
        remoteUserData.setName(str2.trim());
        remoteUserData.setProfileId(MicrosoftAzureRemoteAuthConfig.getInstance().getUserProfile());
        remoteUserData.setStatus(responseStringFromConn.getCode());
        remoteUserData.setOriginalResponse(responseStringFromConn.getBody());
        remoteUserData.setSearchEmail(MicrosoftAzureRemoteAuthConfig.getInstance().getSearchByEmail());
        remoteUserData.setUseGroupsPrefix(MicrosoftAzureRemoteAuthConfig.getInstance().getUsePrefixForGroup().booleanValue());
        if (StringUtils.isNotEmpty(MicrosoftAzureRemoteAuthConfig.getInstance().getBusinessIdAttribute())) {
            remoteUserData.setBusinessAttributeIdValue(jSONObject.getString(MicrosoftAzureRemoteAuthConfig.getInstance().getBusinessIdAttribute()));
        }
        remoteUserData.setImportGroupsFromRemote(MicrosoftAzureRemoteAuthConfig.getInstance().getImportGroupsFromRemote());
        if (MicrosoftAzureRemoteAuthConfig.getInstance().getImportGroupsFromRemote().booleanValue()) {
            DIFLogger.getLogger().debug("Now we're going to access a protected resource user groups data...");
            Result responseStringFromConn2 = getResponseStringFromConn("https://graph.microsoft.com/v1.0//users/" + string + "/memberOf", accessToken.getToken());
            if (responseStringFromConn2.getCode() == 200) {
                JSONArray jSONArray = ((JSONObject) JSONSerializer.toJSON(responseStringFromConn2.getBody())).getJSONArray("value");
                for (int i = 0; i < jSONArray.size(); i++) {
                    JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                    if (jSONObject2.get(LDAPUser.DISPLAY_NAME) != null) {
                        remoteUserData.getUserGroups().add((MicrosoftAzureRemoteAuthConfig.getInstance().getUsePrefixForGroup().booleanValue() ? "Azure__" : "") + jSONObject2.get(LDAPUser.DISPLAY_NAME).toString());
                    }
                }
            }
        }
        return remoteUserData;
    }
}
