package org.apereo.services.persondir.support;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.squareup.moshi.Json;
import java.io.Serializable;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.commons.lang.StringUtils;
import org.apereo.services.persondir.IPersonAttributeDaoFilter;
import org.apereo.services.persondir.IPersonAttributes;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.util.ReflectionUtils;
import retrofit2.Call;
import retrofit2.Response;
import retrofit2.Retrofit;
import retrofit2.converter.moshi.MoshiConverterFactory;
import retrofit2.http.Field;
import retrofit2.http.FormUrlEncoded;
import retrofit2.http.GET;
import retrofit2.http.POST;
import retrofit2.http.Path;
import retrofit2.http.Query;

/* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.0-RC8.jar:org/apereo/services/persondir/support/MicrosoftGraphPersonAttributeDao.class */
public class MicrosoftGraphPersonAttributeDao extends BasePersonAttributeDao {
    private boolean caseInsensitiveUsername;
    private String tenant;
    private String scope;
    private String clientId;
    private String clientSecret;
    private String properties;
    private String domain;
    private final IUsernameAttributeProvider usernameAttributeProvider = new SimpleUsernameAttributeProvider();
    private String resource = "https://graph.microsoft.com/";
    private String grantType = "client_credentials";
    private String apiBaseUrl = "https://graph.microsoft.com/v1.0/";
    private String loginBaseUrl = "https://login.microsoftonline.com/%s/";
    private String loggingLevel = HttpServletRequest.BASIC_AUTH;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.0-RC8.jar:org/apereo/services/persondir/support/MicrosoftGraphPersonAttributeDao$GraphApiService.class */
    public interface GraphApiService {
        @GET("users/{upn}")
        Call<User> getUserByUserPrincipalName(@Path("upn") String str, @Query(value = "$select", encoded = true) String str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.0-RC8.jar:org/apereo/services/persondir/support/MicrosoftGraphPersonAttributeDao$GraphAuthApiService.class */
    public interface GraphAuthApiService {
        @FormUrlEncoded
        @POST("oauth2/token")
        Call<OAuthTokenInfo> getOauth2Token(@Field("grant_type") String str, @Field("client_id") String str2, @Field("client_secret") String str3, @Field("scope") String str4, @Field("resource") String str5);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.0-RC8.jar:org/apereo/services/persondir/support/MicrosoftGraphPersonAttributeDao$OAuthTokenInfo.class */
    public static class OAuthTokenInfo implements Serializable {
        private static final long serialVersionUID = -8586825191767772463L;

        @Json(name = "token_type")
        public String tokenType;

        @Json(name = "scope")
        public String scope;

        @Json(name = "expires_in")
        public int expiresIn;

        @Json(name = "expires_on")
        public int expiresOn;

        @Json(name = "not_before")
        public int notBefore;

        @Json(name = DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE)
        public String resource;

        @Json(name = "access_token")
        public String accessToken;

        private OAuthTokenInfo() {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/person-directory-impl-2.0.0-RC8.jar:org/apereo/services/persondir/support/MicrosoftGraphPersonAttributeDao$User.class */
    public static class User implements Serializable {
        private static final long serialVersionUID = 8497244140827305607L;
        public String userPrincipalName;
        public String id;
        public boolean accountEnabled;
        public String displayName;
        public String mail;
        public String jobTitle;
        public String officeLocation;
        public String preferredLanguage;
        public String mobilePhone;
        public String surname;
        public String givenName;
        public String passwordPolicies;
        public String preferredName;
        public List<String> businessPhones = new ArrayList(0);
        public List<String> schools = new ArrayList(0);
        public List<String> skills = new ArrayList(0);
        private String postalCode;
        private String consentProvidedForMinor;
        private String aboutMe;
        private String streetAddress;
        private String userType;
        private String usageLocation;
        private String state;
        private String ageGroup;
        private String otherMails;
        private String city;
        private String country;
        private String countryName;
        private String department;
        private String employeeId;
        private String faxNumber;
        private String mailNickname;

        @JsonIgnore
        static String getFieldQuery() {
            ArrayList arrayList = new ArrayList();
            ReflectionUtils.doWithFields(User.class, field -> {
                if (Modifier.isStatic(field.getModifiers())) {
                    return;
                }
                field.setAccessible(true);
                arrayList.add(field.getName());
            });
            return (String) arrayList.stream().collect(Collectors.joining(","));
        }

        static List<String> getDefaultFieldQuery() {
            return Arrays.asList("businessPhones,displayName,givenName,id,jobTitle,mail,givenName,employeeId,mobilePhone,officeLocation,accountEnabledpreferredLanguage,surname,userPrincipalName");
        }

        @JsonIgnore
        private Map<String, Object> buildAttributes() {
            HashMap hashMap = new HashMap();
            ReflectionUtils.doWithFields(getClass(), field -> {
                field.setAccessible(true);
                hashMap.put(field.getName(), field.get(this));
            });
            return hashMap;
        }
    }

    public String getDomain() {
        return this.domain;
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    public String getProperties() {
        return this.properties;
    }

    public void setProperties(String str) {
        this.properties = str;
    }

    public String getLoginBaseUrl() {
        return this.loginBaseUrl;
    }

    public void setLoginBaseUrl(String str) {
        this.loginBaseUrl = str;
    }

    public String getLoggingLevel() {
        return this.loggingLevel;
    }

    public void setLoggingLevel(String str) {
        this.loggingLevel = str;
    }

    public String getResource() {
        return this.resource;
    }

    public void setResource(String str) {
        this.resource = str;
    }

    public String getTenant() {
        return this.tenant;
    }

    public void setTenant(String str) {
        this.tenant = str;
    }

    public String getGrantType() {
        return this.grantType;
    }

    public void setGrantType(String str) {
        this.grantType = str;
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public IUsernameAttributeProvider getUsernameAttributeProvider() {
        return this.usernameAttributeProvider;
    }

    public boolean isCaseInsensitiveUsername() {
        return this.caseInsensitiveUsername;
    }

    public void setCaseInsensitiveUsername(boolean z) {
        this.caseInsensitiveUsername = z;
    }

    public String getApiBaseUrl() {
        return this.apiBaseUrl;
    }

    public void setApiBaseUrl(String str) {
        this.apiBaseUrl = str;
    }

    @Override // org.apereo.services.persondir.IPersonAttributeDao
    public IPersonAttributes getPerson(String str, IPersonAttributeDaoFilter iPersonAttributeDaoFilter) {
        try {
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor();
            httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.valueOf(this.loggingLevel.toUpperCase()));
            String token = getToken();
            Response<User> execute = ((GraphApiService) new Retrofit.Builder().baseUrl(this.apiBaseUrl).addConverterFactory(MoshiConverterFactory.create()).client(new OkHttpClient.Builder().addInterceptor(chain -> {
                return chain.proceed(chain.request().newBuilder().header("Authorization", "Bearer " + token).build());
            }).addInterceptor(httpLoggingInterceptor).build()).build().create(GraphApiService.class)).getUserByUserPrincipalName(this.domain == null ? str : str + "@" + this.domain, StringUtils.defaultIfBlank(this.properties, (String) User.getDefaultFieldQuery().stream().collect(Collectors.joining(",")))).execute();
            if (!execute.isSuccessful()) {
                throw new RuntimeException("error requesting token (" + execute.code() + "): " + execute.errorBody());
            }
            Map<String, Object> buildAttributes = execute.body().buildAttributes();
            return this.caseInsensitiveUsername ? new CaseInsensitiveNamedPersonImpl(str, MultivaluedPersonAttributeUtils.stuffAttributesIntoListValues(buildAttributes, iPersonAttributeDaoFilter)) : new NamedPersonImpl(str, MultivaluedPersonAttributeUtils.stuffAttributesIntoListValues(buildAttributes, iPersonAttributeDaoFilter));
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @Override // org.apereo.services.persondir.IPersonAttributeDao
    public Set<IPersonAttributes> getPeople(Map<String, Object> map, IPersonAttributeDaoFilter iPersonAttributeDaoFilter) {
        return getPeopleWithMultivaluedAttributes(MultivaluedPersonAttributeUtils.stuffAttributesIntoListValues(map, iPersonAttributeDaoFilter), iPersonAttributeDaoFilter);
    }

    @Override // org.apereo.services.persondir.IPersonAttributeDao
    public Set<IPersonAttributes> getPeopleWithMultivaluedAttributes(Map<String, List<Object>> map, IPersonAttributeDaoFilter iPersonAttributeDaoFilter) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        IPersonAttributes person = getPerson(this.usernameAttributeProvider.getUsernameFromQuery(map), iPersonAttributeDaoFilter);
        if (person != null) {
            linkedHashSet.add(person);
        }
        return linkedHashSet;
    }

    @Override // org.apereo.services.persondir.IPersonAttributeDao
    @JsonIgnore
    public Set<String> getPossibleUserAttributeNames(IPersonAttributeDaoFilter iPersonAttributeDaoFilter) {
        return Collections.emptySet();
    }

    @Override // org.apereo.services.persondir.IPersonAttributeDao
    @JsonIgnore
    public Set<String> getAvailableQueryAttributes(IPersonAttributeDaoFilter iPersonAttributeDaoFilter) {
        return Collections.emptySet();
    }

    private String getToken() throws Exception {
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor();
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.valueOf(this.loggingLevel.toUpperCase()));
        Response<OAuthTokenInfo> execute = ((GraphAuthApiService) new Retrofit.Builder().baseUrl(String.format(this.loginBaseUrl, this.tenant)).addConverterFactory(MoshiConverterFactory.create()).client(new OkHttpClient.Builder().addInterceptor(httpLoggingInterceptor).build()).build().create(GraphAuthApiService.class)).getOauth2Token(this.grantType, this.clientId, this.clientSecret, this.scope, this.resource).execute();
        if (execute.isSuccessful()) {
            return execute.body().accessToken;
        }
        throw new RuntimeException("error requesting token (" + execute.code() + "): " + execute.errorBody());
    }
}
