package com.microsoft.azure.spring.autoconfigure.aad;

import com.fasterxml.jackson.databind.JsonNode;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.aad.adal4j.UserAssertion;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.naming.ServiceUnavailableException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:com/microsoft/azure/spring/autoconfigure/aad/AzureADGraphClient.class */
public class AzureADGraphClient {
    private static final SimpleGrantedAuthority DEFAULT_AUTHORITY = new SimpleGrantedAuthority("ROLE_USER");
    private static final String DEFAULT_ROLE_PREFIX = "ROLE_";
    private static final String REQUEST_ID_SUFFIX = "aadfeed5";
    private final String clientId;
    private final String clientSecret;
    private final ServiceEndpoints serviceEndpoints;
    private final AADAuthenticationProperties aadAuthenticationProperties;

    public AzureADGraphClient(ClientCredential clientCredential, AADAuthenticationProperties aADAuthenticationProperties, ServiceEndpointsProperties serviceEndpointsProperties) {
        this.clientId = clientCredential.getClientId();
        this.clientSecret = clientCredential.getClientSecret();
        this.aadAuthenticationProperties = aADAuthenticationProperties;
        this.serviceEndpoints = serviceEndpointsProperties.getServiceEndpoints(aADAuthenticationProperties.getEnvironment());
    }

    private String getUserMembershipsV1(String str) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.serviceEndpoints.getAadMembershipRestUri()).openConnection();
        httpURLConnection.setRequestProperty("api-version", "1.6");
        httpURLConnection.setRequestProperty("Authorization", str);
        httpURLConnection.setRequestProperty("Accept", "application/json;odata=minimalmetadata");
        String responseStringFromConn = getResponseStringFromConn(httpURLConnection);
        if (httpURLConnection.getResponseCode() == 200) {
            return responseStringFromConn;
        }
        throw new IllegalStateException("Response is not 200, response json: " + responseStringFromConn);
    }

    private static String getResponseStringFromConn(HttpURLConnection httpURLConnection) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            }
            String sb2 = sb.toString();
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            return sb2;
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    public List<UserGroup> getGroups(String str) throws IOException {
        return loadUserGroups(str);
    }

    private List<UserGroup> loadUserGroups(String str) throws IOException {
        String userMembershipsV1 = getUserMembershipsV1(str);
        ArrayList arrayList = new ArrayList();
        JsonNode jsonNode = ((JsonNode) JacksonObjectMapperFactory.getInstance().readValue(userMembershipsV1, JsonNode.class)).get("value");
        if (jsonNode != null) {
            arrayList.addAll((Collection) StreamSupport.stream(jsonNode.spliterator(), false).filter(this::isMatchingUserGroupKey).map(jsonNode2 -> {
                return new UserGroup(jsonNode2.get(this.aadAuthenticationProperties.getUserGroup().getObjectIDKey()).asText(), jsonNode2.get("displayName").asText());
            }).collect(Collectors.toList()));
        }
        return arrayList;
    }

    private boolean isMatchingUserGroupKey(JsonNode jsonNode) {
        return jsonNode.get(this.aadAuthenticationProperties.getUserGroup().getKey()).asText().equals(this.aadAuthenticationProperties.getUserGroup().getValue());
    }

    public Set<GrantedAuthority> getGrantedAuthorities(String str) throws IOException {
        return convertGroupsToGrantedAuthorities(getGroups(str));
    }

    public Set<GrantedAuthority> convertGroupsToGrantedAuthorities(List<UserGroup> list) {
        Set<GrantedAuthority> set = (Set) list.stream().filter(this::isValidUserGroupToGrantAuthority).map(userGroup -> {
            return new SimpleGrantedAuthority(DEFAULT_ROLE_PREFIX + userGroup.getDisplayName());
        }).collect(Collectors.toCollection(LinkedHashSet::new));
        if (set.isEmpty()) {
            set.add(DEFAULT_AUTHORITY);
        }
        return set;
    }

    private boolean isValidUserGroupToGrantAuthority(UserGroup userGroup) {
        return this.aadAuthenticationProperties.getUserGroup().getAllowedGroups().contains(userGroup.getDisplayName()) || this.aadAuthenticationProperties.getActiveDirectoryGroups().contains(userGroup.getDisplayName());
    }

    public AuthenticationResult acquireTokenForGraphApi(String str, String str2) throws MalformedURLException, ServiceUnavailableException, InterruptedException, ExecutionException {
        ClientCredential clientCredential = new ClientCredential(this.clientId, this.clientSecret);
        UserAssertion userAssertion = new UserAssertion(str);
        ExecutorService executorService = null;
        try {
            executorService = Executors.newFixedThreadPool(1);
            AuthenticationContext authenticationContext = new AuthenticationContext(this.serviceEndpoints.getAadSigninUri() + str2 + "/", true, executorService);
            authenticationContext.setCorrelationId(getCorrelationId());
            AuthenticationResult authenticationResult = (AuthenticationResult) authenticationContext.acquireToken(this.serviceEndpoints.getAadGraphApiUri(), userAssertion, clientCredential, (AuthenticationCallback) null).get();
            if (executorService != null) {
                executorService.shutdown();
            }
            if (authenticationResult == null) {
                throw new ServiceUnavailableException("unable to acquire on-behalf-of token for client " + this.clientId);
            }
            return authenticationResult;
        } catch (Throwable th) {
            if (executorService != null) {
                executorService.shutdown();
            }
            throw th;
        }
    }

    private static String getCorrelationId() {
        String uuid = UUID.randomUUID().toString();
        return uuid.substring(0, uuid.length() - REQUEST_ID_SUFFIX.length()) + REQUEST_ID_SUFFIX;
    }
}
