package io.intino.amidas.accessor.alexandria.core;

import com.google.gson.Gson;
import io.intino.alexandria.logger.Logger;
import io.intino.alexandria.restaccessor.Response;
import io.intino.alexandria.restaccessor.RestAccessor;
import io.intino.alexandria.ui.services.AuthService;
import io.intino.alexandria.ui.services.auth.FederationInfo;
import io.intino.alexandria.ui.services.auth.Space;
import io.intino.alexandria.ui.services.auth.Token;
import io.intino.alexandria.ui.services.auth.UserInfo;
import io.intino.alexandria.ui.services.auth.Verifier;
import io.intino.alexandria.ui.services.auth.exceptions.CouldNotInvalidateAccessToken;
import io.intino.alexandria.ui.services.auth.exceptions.CouldNotObtainAccessToken;
import io.intino.alexandria.ui.services.auth.exceptions.CouldNotObtainAuthorizationUrl;
import io.intino.alexandria.ui.services.auth.exceptions.CouldNotObtainInfo;
import io.intino.alexandria.ui.services.auth.exceptions.SpaceAuthCallbackUrlIsNull;
import io.intino.amidas.accessor.core.Configuration;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.Api;
import org.scribe.builder.api.DefaultApi20;
import org.scribe.model.OAuthConfig;
import org.scribe.oauth.OAuthService;

/* loaded from: input_file:io/intino/amidas/accessor/alexandria/core/AmidasAzureAccessor.class */
public class AmidasAzureAccessor implements AuthService {
    private final Space space;
    private final Configuration configuration;
    private UserInfo userInfo;
    private final RestAccessor api = new io.intino.alexandria.restaccessor.core.RestAccessor();
    private static final String GraphUrl = "graphUrl";
    private static final String TenantId = "tenantId";
    private static final String ClientId = "clientId";
    private static final String ClientSecret = "clientSecret";
    private static final String Scope = "00000003-0000-0000-c000-000000000000%2F.default";
    private static final String CodeVerifier = "YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl";
    private static final String AuthorizationUrl = "/%s/oauth2/v2.0/authorize?client_id=%s&response_type=code&redirect_uri=%s&response_mode=query&scope=%s&state=1234&code_challenge=%s";
    private static final String TokenPath = "/%s/oauth2/v2.0/token";
    private static final String LogoutPath = "/%s/oauth2/logout?client_id=%s&post_logout_redirect_uri=%s";
    private static final String RevokePath = "/%s/oauth2/v2.0/token/revoke?token=%s";

    /* loaded from: input_file:io/intino/amidas/accessor/alexandria/core/AmidasAzureAccessor$HttpClientFactory.class */
    public static class HttpClientFactory {
        public static CloseableHttpClient client() throws IOException {
            try {
                SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
                SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
                PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(RegistryBuilder.create().register("http", new PlainConnectionSocketFactory()).register("https", sSLConnectionSocketFactory).build());
                poolingHttpClientConnectionManager.setMaxTotal(100);
                return HttpClients.custom().setSSLSocketFactory(sSLConnectionSocketFactory).setConnectionManager(poolingHttpClientConnectionManager).build();
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                throw new IOException("Error getting client");
            }
        }
    }

    public AmidasAzureAccessor(Space space, Configuration configuration) {
        this.space = space;
        this.configuration = configuration;
    }

    public URL url() {
        return this.configuration.url();
    }

    public Space space() {
        return this.space;
    }

    public AuthService.Authentication authenticate() throws SpaceAuthCallbackUrlIsNull {
        return new AuthService.Authentication() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.1
            private final OAuthService authService;
            private Token requestToken;
            private Token accessToken;

            {
                this.authService = AmidasAzureAccessor.this.authService();
            }

            public Token requestToken() {
                this.requestToken = new Token() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.1.1
                    public String id() {
                        return UUID.randomUUID().toString();
                    }

                    public String secret() {
                        return "";
                    }
                };
                this.accessToken = null;
                return this.requestToken;
            }

            public URL authenticationUrl(Token token) throws CouldNotObtainAuthorizationUrl {
                try {
                    if (this.requestToken != token) {
                        return null;
                    }
                    return new URL(this.authService.getAuthorizationUrl(AmidasAzureAccessor.this.token(Optional.of(token))));
                } catch (Exception e) {
                    throw new CouldNotObtainAuthorizationUrl(e);
                }
            }

            public Token accessToken() {
                return this.accessToken;
            }

            public Token accessToken(Verifier verifier) throws CouldNotObtainAccessToken {
                try {
                    Response post = new io.intino.alexandria.restaccessor.core.RestAccessor().post(AmidasAzureAccessor.this.url(), AmidasAzureAccessor.this.tokenPath(), AmidasAzureAccessor.this.tokenRequestParameters(verifier.value()));
                    if (post.code() != 200) {
                        throw new CouldNotObtainAccessToken(new Exception(post.code() + " in " + AmidasAzureAccessor.this.tokenUrl() + " Basic " + AmidasAzureAccessor.this.encodeClientIdAndSecret()));
                    }
                    final Map map = (Map) new Gson().fromJson(post.content(), Map.class);
                    this.accessToken = new Token() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.1.2
                        public String id() {
                            return (String) map.get("access_token");
                        }

                        public String secret() {
                            return "";
                        }
                    };
                    return this.accessToken;
                } catch (Exception e) {
                    throw new CouldNotObtainAccessToken(e);
                }
            }

            public void invalidate() throws CouldNotInvalidateAccessToken {
                try {
                    AmidasAzureAccessor.this.api.get(AmidasAzureAccessor.this.url(), AmidasAzureAccessor.this.logoutPath(), AmidasAzureAccessor.this.logoutRequestParameters());
                    AmidasAzureAccessor.this.userInfo = null;
                } catch (Exception e) {
                    throw new CouldNotInvalidateAccessToken(e);
                }
            }

            public AuthService.Authentication.Version version() {
                return AuthService.Authentication.Version.OAuth2;
            }
        };
    }

    public boolean valid(Token token) {
        if (token == null) {
            return false;
        }
        return loadUserInfo(token).containsKey("email");
    }

    public FederationInfo info(Token token) {
        return new FederationInfo() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.2
            public String name() {
                return "azure";
            }

            public String title() {
                return "Azure federation";
            }

            public String subtitle() {
                return null;
            }

            public URL logo() {
                return null;
            }

            public URI pushServerUri() {
                return null;
            }
        };
    }

    public UserInfo me(Token token) throws CouldNotObtainInfo {
        this.userInfo = userInfo(loadUserInfo(token));
        return this.userInfo;
    }

    public void logout(Token token) {
    }

    public String logoutUrl() {
        return String.valueOf(url()) + logoutPath();
    }

    public void addPushListener(Token token, AuthService.FederationNotificationListener federationNotificationListener) throws CouldNotObtainInfo {
    }

    private org.scribe.model.Token token(Optional<Token> optional) {
        if (optional.isPresent()) {
            return new org.scribe.model.Token(optional.get().id(), "");
        }
        return null;
    }

    private OAuthService authService() throws SpaceAuthCallbackUrlIsNull {
        ServiceBuilder apiSecret = new ServiceBuilder().provider(apiOf()).apiKey(property(ClientId)).apiSecret(property(ClientSecret));
        URL callbackUrl = callbackUrl(this.space);
        if (callbackUrl == null) {
            throw new SpaceAuthCallbackUrlIsNull();
        }
        apiSecret.callback(callbackUrl.toString());
        return apiSecret.build();
    }

    private Api apiOf() {
        return new DefaultApi20() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.3
            public String getAccessTokenEndpoint() {
                return AmidasAzureAccessor.this.tokenUrl();
            }

            public String getAuthorizationUrl(OAuthConfig oAuthConfig) {
                return String.valueOf(AmidasAzureAccessor.this.url()) + String.format(AmidasAzureAccessor.AuthorizationUrl, AmidasAzureAccessor.this.property(AmidasAzureAccessor.TenantId), AmidasAzureAccessor.this.property(AmidasAzureAccessor.ClientId), AmidasAzureAccessor.this.callbackUrl(AmidasAzureAccessor.this.space), AmidasAzureAccessor.Scope, AmidasAzureAccessor.CodeVerifier);
            }
        };
    }

    private String tokenUrl() {
        return String.valueOf(url()) + tokenPath();
    }

    private String tokenPath() {
        return String.format(TokenPath, property(TenantId));
    }

    private Map<String, String> tokenRequestParameters(final String str) {
        final URL callbackUrl = callbackUrl(this.space);
        return new HashMap<String, String>() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.4
            {
                put("code", str);
                put("client_id", AmidasAzureAccessor.this.property(AmidasAzureAccessor.ClientId));
                put("scope", AmidasAzureAccessor.Scope);
                put("redirect_uri", callbackUrl != null ? callbackUrl.toString() : "");
                put("grant_type", "authorization_code");
                put("code_verifier", AmidasAzureAccessor.CodeVerifier);
                put("client_secret", AmidasAzureAccessor.this.property(AmidasAzureAccessor.ClientSecret));
            }
        };
    }

    private String logoutPath() {
        return String.format(LogoutPath, property(TenantId), property(ClientId), space().url().toString());
    }

    private Map<String, String> logoutRequestParameters() {
        return new HashMap<String, String>() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.5
            {
                put("client_id", AmidasAzureAccessor.this.property(AmidasAzureAccessor.ClientId));
                put("post_logout_redirect_uri", AmidasAzureAccessor.this.space().url().toString());
            }
        };
    }

    private String revokePath() {
        return String.format(RevokePath, property(TenantId), property(ClientId), space().url().toString());
    }

    private URL callbackUrl(Space space) {
        try {
            return new URL(space().url().toString() + "/authenticate-callback");
        } catch (MalformedURLException e) {
            Logger.error(e);
            return null;
        }
    }

    private UserInfo userInfo(final Map<String, Object> map) {
        return new UserInfo() { // from class: io.intino.amidas.accessor.alexandria.core.AmidasAzureAccessor.6
            public String username() {
                return map.get("email").toString();
            }

            public String fullName() {
                return map.get("name").toString();
            }

            public URL photo() {
                return null;
            }

            public String email() {
                return "";
            }

            public String language() {
                return "es";
            }

            public List<String> roleList() {
                return Collections.emptyList();
            }
        };
    }

    public UserInfo userInfo() {
        return this.userInfo;
    }

    private String encodeClientIdAndSecret() {
        return Base64.getEncoder().encodeToString((property(ClientId) + ":" + property(ClientSecret)).getBytes());
    }

    private Map<String, Object> loadUserInfo(Token token) {
        HttpGet httpGet = new HttpGet(property(GraphUrl) + "/oidc/userinfo");
        httpGet.setHeader("Authorization", "Bearer " + token.id());
        try {
            CloseableHttpResponse execute = HttpClientFactory.client().execute(httpGet);
            if (execute.getStatusLine().getStatusCode() != 200) {
                return Collections.emptyMap();
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(execute.getEntity().getContent()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return (Map) new Gson().fromJson(sb.toString(), Map.class);
                }
                sb.append(readLine);
            }
        } catch (IOException e) {
            return Collections.emptyMap();
        }
    }

    private String property(String str) {
        return (String) this.configuration.property(str);
    }
}
