package org.apache.camel.component.linkedin.api;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.ext.Provider;
import org.apache.http.HttpHost;
import org.jsoup.Connection;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.FormElement;
import org.jsoup.select.Elements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(1000)
/* loaded from: input_file:org/apache/camel/component/linkedin/api/LinkedInOAuthRequestFilter.class */
public final class LinkedInOAuthRequestFilter implements ClientRequestFilter {
    public static final String BASE_ADDRESS = "https://api.linkedin.com/v1";
    private static final int SC_OK = 200;
    private static final int SC_MOVED_TEMPORARILY = 302;
    private static final int SC_SEE_OTHER = 303;
    private static final String HEADER_LOCATION = "location";
    private static final String AUTHORIZATION_URL_PREFIX = "https://www.linkedin.com";
    private static final String AUTHORIZATION_URL = "https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=%s&state=%s&redirect_uri=%s";
    private static final String AUTHORIZATION_URL_WITH_SCOPE = "https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=%s&state=%s&scope=%s&redirect_uri=%s";
    private static final String ACCESS_TOKEN_URL = "https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s";
    private final OAuthParams oAuthParams;
    private OAuthToken oAuthToken;
    private Proxy proxy;
    private static final Logger LOG = LoggerFactory.getLogger(LinkedInOAuthRequestFilter.class);
    private static final Pattern QUERY_PARAM_PATTERN = Pattern.compile("&?([^=]+)=([^&]+)");

    public LinkedInOAuthRequestFilter(OAuthParams oAuthParams, Map<String, Object> map, boolean z, String[] strArr) {
        this.oAuthParams = oAuthParams;
        if (oAuthParams.getSecureStorage() != null) {
            this.oAuthToken = oAuthParams.getSecureStorage().getOAuthToken();
        } else {
            this.oAuthToken = null;
        }
        if (map == null || map.get("http.route.default-proxy") == null) {
            this.proxy = null;
        } else {
            HttpHost httpHost = (HttpHost) map.get("http.route.default-proxy");
            Boolean bool = (Boolean) map.get("http.route.socks-proxy");
            InetSocketAddress inetSocketAddress = new InetSocketAddress(httpHost.getHostName(), httpHost.getPort());
            if (bool == null || !bool.booleanValue()) {
                this.proxy = new Proxy(Proxy.Type.HTTP, inetSocketAddress);
            } else {
                this.proxy = new Proxy(Proxy.Type.SOCKS, inetSocketAddress);
            }
        }
        if (z) {
            return;
        }
        try {
            updateOAuthToken();
        } catch (IOException e) {
            throw new IllegalArgumentException(String.format("Error authorizing user %s: %s", oAuthParams.getUserName(), e.getMessage()), e);
        }
    }

    private String getRefreshToken() {
        String query;
        try {
            String valueOf = String.valueOf(new SecureRandom().nextLong());
            String encode = URLEncoder.encode(this.oAuthParams.getRedirectUri(), "UTF-8");
            OAuthScope[] scopes = this.oAuthParams.getScopes();
            HashMap hashMap = new HashMap();
            Document parse = followRedirection(addProxy(Jsoup.connect(authorizationUrl(valueOf, encode, scopes)), this.proxy).followRedirects(false).method(Connection.Method.GET).execute(), hashMap).parse();
            validatePage(parse);
            FormElement first = parse.select("form").first();
            first.select("input[name=session_key]").first().val(this.oAuthParams.getUserName());
            first.select("input[name=session_password]").first().val(this.oAuthParams.getUserPassword());
            Connection.Response execute = addProxy(first.submit(), this.proxy).followRedirects(false).cookies(hashMap).execute();
            hashMap.putAll(execute.cookies());
            Connection.Response followRedirection = followRedirection(execute, hashMap);
            URL redirectLocationAndValidate = getRedirectLocationAndValidate(followRedirection);
            if (redirectLocationAndValidate != null) {
                query = redirectLocationAndValidate.getQuery();
            } else {
                if (followRedirection.statusCode() != SC_OK) {
                    throw new IllegalArgumentException("Redirect response query is null, check username, password and permissions");
                }
                Document parse2 = followRedirection.parse();
                validatePage(parse2);
                query = getRedirectLocationAndValidate(addProxy(((FormElement) parse2.select("form").get(1)).submit(), this.proxy).followRedirects(false).cookies(hashMap).execute()).getQuery();
            }
            HashMap hashMap2 = new HashMap();
            Matcher matcher = QUERY_PARAM_PATTERN.matcher(query);
            while (matcher.find()) {
                hashMap2.put(matcher.group(1), matcher.group(2));
            }
            if (hashMap2.get("challengeId") != null) {
                throw new SecurityException("Unable to login due to CAPTCHA, use with a valid accessToken instead!");
            }
            if (valueOf.equals((String) hashMap2.get("state"))) {
                return (String) hashMap2.get("code");
            }
            throw new SecurityException("Invalid CSRF code!");
        } catch (Exception e) {
            throw new IllegalArgumentException("Error authorizing application: " + e.getMessage(), e);
        }
    }

    private void validatePage(Document document) {
        Elements select = document.select("body[class=error]");
        if (select.isEmpty()) {
            select = document.select("div[role=alert]:not([class*=hidden])");
        }
        if (select.isEmpty()) {
            return;
        }
        throw new IllegalArgumentException("Error authorizing application: " + select.first().text());
    }

    private String authorizationUrl(String str, String str2, OAuthScope[] oAuthScopeArr) {
        String format;
        if (oAuthScopeArr == null || oAuthScopeArr.length == 0) {
            format = String.format(AUTHORIZATION_URL, this.oAuthParams.getClientId(), str, str2);
        } else {
            int length = oAuthScopeArr.length;
            StringBuilder sb = new StringBuilder();
            int i = 0;
            for (OAuthScope oAuthScope : oAuthScopeArr) {
                sb.append(oAuthScope.getValue());
                i++;
                if (i < length) {
                    sb.append("%20");
                }
            }
            format = String.format(AUTHORIZATION_URL_WITH_SCOPE, this.oAuthParams.getClientId(), str, sb.toString(), str2);
        }
        return format;
    }

    private Connection.Response followRedirection(Connection.Response response, Map<String, String> map) throws IOException {
        return followRedirection(response, map, 0);
    }

    private Connection.Response followRedirection(Connection.Response response, Map<String, String> map, int i) throws IOException {
        if (i > 5) {
            throw new IllegalArgumentException("Error authorizing application. Redirection goes still on and on.");
        }
        URL redirectLocationAndValidate = getRedirectLocationAndValidate(response);
        if (redirectLocationAndValidate == null) {
            map.putAll(response.cookies());
            return response;
        }
        if (redirectLocationAndValidate.getQuery().contains("code=")) {
            return response;
        }
        if (redirectLocationAndValidate.toString().contains("error=") || redirectLocationAndValidate.toString().contains("errorKey=")) {
            throw new IOException(URLDecoder.decode(redirectLocationAndValidate.toString()).replaceAll("&", ", "));
        }
        int i2 = i + 1;
        return followRedirection(addProxy(Jsoup.connect(redirectLocationAndValidate.toString()), this.proxy).followRedirects(false).method(Connection.Method.GET).cookies(map).execute(), map, i);
    }

    private URL getRedirectLocationAndValidate(Connection.Response response) throws IOException {
        URL url;
        if (response.statusCode() != SC_MOVED_TEMPORARILY && response.statusCode() != SC_SEE_OTHER) {
            return null;
        }
        try {
            url = new URL(response.header(HEADER_LOCATION));
        } catch (MalformedURLException e) {
            url = new URL(AUTHORIZATION_URL_PREFIX + response.header(HEADER_LOCATION));
        }
        String query = url.getQuery();
        if (query == null || !(query.contains("error=") || query.contains("errorKey="))) {
            return url;
        }
        throw new IOException(URLDecoder.decode(query).replaceAll("&", ", "));
    }

    private static Connection addProxy(Connection connection, Proxy proxy) {
        return proxy != null ? connection.proxy(proxy) : connection;
    }

    private OAuthToken getAccessToken(String str) throws IOException {
        Connection.Response execute = addProxy(Jsoup.connect(String.format(ACCESS_TOKEN_URL, str, this.oAuthParams.getRedirectUri(), this.oAuthParams.getClientId(), this.oAuthParams.getClientSecret())), this.proxy).ignoreContentType(true).method(Connection.Method.POST).execute();
        if (execute.statusCode() != SC_OK) {
            throw new IOException(String.format("Error getting access token: [%s: %s]", Integer.valueOf(execute.statusCode()), execute.statusMessage()));
        }
        long currentTimeMillis = System.currentTimeMillis();
        return new OAuthToken(str, ((Map) new ObjectMapper().readValue(execute.body(), Map.class)).get("access_token").toString(), currentTimeMillis + TimeUnit.MILLISECONDS.convert(Integer.valueOf(r0.get("expires_in").toString()).intValue(), TimeUnit.SECONDS));
    }

    public synchronized OAuthToken getOAuthToken() {
        return this.oAuthToken;
    }

    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        updateOAuthToken();
        String uri = clientRequestContext.getUri().toString();
        StringBuilder sb = new StringBuilder(uri);
        if (uri.contains("?")) {
            sb.append('&');
        } else {
            sb.append('?');
        }
        sb.append("oauth2_access_token=").append(this.oAuthToken.getAccessToken());
        clientRequestContext.setUri(URI.create(sb.toString()));
    }

    private synchronized void updateOAuthToken() throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.oAuthToken == null || this.oAuthToken.getExpiryTime() < currentTimeMillis) {
            LOG.info("OAuth token doesn't exist or has expired");
            OAuthSecureStorage secureStorage = this.oAuthParams.getSecureStorage();
            if (secureStorage != null) {
                this.oAuthToken = secureStorage.getOAuthToken();
                if (this.oAuthToken != null && this.oAuthToken.getExpiryTime() > currentTimeMillis) {
                    return;
                } else {
                    LOG.info("OAuth secure storage returned a null or expired token, creating a new token...");
                }
            }
            this.oAuthToken = getAccessToken(getRefreshToken());
            LOG.info("OAuth token created!");
            if (secureStorage != null) {
                secureStorage.saveOAuthToken(this.oAuthToken);
            }
        }
    }
}
