package com.adobe.granite.auth.oauth.impl;

import com.adobe.granite.auth.oauth.Provider;
import com.adobe.granite.auth.oauth.ProviderExtension;
import com.adobe.granite.auth.oauth.ProviderType;
import java.io.IOException;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.commons.osgi.ServiceUtil;
import org.osgi.service.component.ComponentContext;
import org.scribe.builder.api.Api;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Verb;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Provider.class})
@Component(metatype = true, label = "Adobe Granite OAuth Provider", description = "Default Granite OAuth Provider")
@Reference(name = "providerExtension", referenceInterface = ProviderExtension.class, bind = "bindProviderExtension", unbind = "unbindProviderExtension", cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, policy = ReferencePolicy.DYNAMIC)
/* loaded from: input_file:com/adobe/granite/auth/oauth/impl/GraniteProvider.class */
public class GraniteProvider implements Provider {
    private static final String DEFAULT_OAUTH_PROVIDER_ID = "granite";

    @Property(value = {DEFAULT_OAUTH_PROVIDER_ID}, label = "Provider ID", description = "Assign a unique Provider ID")
    private static final String PROP_OAUTH_PROVIDER_ID = "oauth.provider.id";
    private static final String DEFAULT_GRANITE_AUTHORIZATION_URL = "";

    @Property(value = {""}, label = "Authorization Endpoint", description = "The URL of the Granite Authorization Endpoint")
    private static final String PROP_GRANITE_AUTHORIZATION_URL = "oauth.provider.granite.authorization.url";
    private static final String DEFAULT_GRANITE_TOKEN_URL = "";

    @Property(value = {""}, label = "Token Endpoint", description = "The URL of the Granite Token Endpoint")
    private static final String PROP_GRANITE_TOKEN_URL = "oauth.provider.granite.token.url";
    private static final String DEFAULT_GRANITE_PROFILE_URL = "";

    @Property(value = {""}, label = "Profile Endpoint", description = "The URL of the IMS Profile Endpoint")
    private static final String PROP_GRANITE_PROFILE_URL = "oauth.provider.granite.profile.url";

    @Property(label = "Extended Details URLs", description = "The list of URLs used to fetch additional data")
    private static final String PROP_EXTENDED_DETAILS_URLS = "oauth.provider.granite.extended.details.urls";
    private GraniteApi graniteApi;
    private String authorizationUrl;
    private String tokenUrl;
    private String detailsURL;
    private String[] extendedDetailsURLs;
    private String id;
    private String name;
    private final Logger log = LoggerFactory.getLogger(GraniteProvider.class);
    private final ReadWriteLock lock = new ReentrantReadWriteLock();
    private SortedMap<Comparable<Object>, ProviderExtension> registeredProviderExtensionHandlers = new TreeMap(Collections.reverseOrder());
    private ProviderType type = ProviderType.OAUTH2;

    @Activate
    protected void activate(ComponentContext componentContext) throws Exception {
        Dictionary properties = componentContext.getProperties();
        this.graniteApi = new GraniteApi();
        this.name = PropertiesUtil.toString(properties.get("service.description"), "");
        this.id = PropertiesUtil.toString(properties.get(PROP_OAUTH_PROVIDER_ID), DEFAULT_OAUTH_PROVIDER_ID);
        this.authorizationUrl = PropertiesUtil.toString(properties.get(PROP_GRANITE_AUTHORIZATION_URL), "");
        this.tokenUrl = PropertiesUtil.toString(properties.get(PROP_GRANITE_TOKEN_URL), "");
        this.detailsURL = PropertiesUtil.toString(properties.get(PROP_GRANITE_PROFILE_URL), "");
        this.extendedDetailsURLs = PropertiesUtil.toStringArray(properties.get(PROP_EXTENDED_DETAILS_URLS), new String[0]);
        this.graniteApi.setAuthorizationUrl(this.authorizationUrl);
        this.graniteApi.setAccessTokenEndpoint(this.tokenUrl);
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public ProviderType getType() {
        return this.type;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public Api getApi() {
        return this.graniteApi;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getDetailsURL() {
        return this.detailsURL;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String[] getExtendedDetailsURLs(String str) {
        return this.extendedDetailsURLs;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String[] getExtendedDetailsURLs(String str, String str2, Map<String, Object> map) {
        throw new UnsupportedOperationException("This provider doesn't support getExtendedDetailsURLs(String scope, String userId,Map<String, Object> props) method");
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getId() {
        return this.id;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getName() {
        return this.name;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String mapUserId(String str, Map<String, Object> map) {
        String mapUserId;
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null && (mapUserId = providerExtension.mapUserId(str, map)) != null) {
            return mapUserId;
        }
        return getDefaultUserId(str, map);
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getUserFolderPath(String str, String str2, Map<String, Object> map) {
        String userFolderPath;
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null && (userFolderPath = providerExtension.getUserFolderPath(str, str2, map)) != null) {
            return userFolderPath;
        }
        return getDefaultUserFolderPath(str, str2, map);
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public Map<String, Object> mapProperties(String str, String str2, Map<String, Object> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            String mapProperty = mapProperty(key);
            hashMap.put(mapProperty, mapValue(mapProperty, value));
        }
        return hashMap;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getAccessTokenPropertyPath(String str) {
        return "profile/app-" + str;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getOAuthIdPropertyPath(String str) {
        return "oauth/oauthid-" + str;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public User getCurrentUser(SlingHttpServletRequest slingHttpServletRequest) {
        User user = (Authorizable) slingHttpServletRequest.adaptTo(Authorizable.class);
        if (user == null || user.isGroup()) {
            return null;
        }
        return user;
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public void onUserCreate(User user) {
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null) {
            providerExtension.onUserCreate(user);
        }
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public void onUserUpdate(User user) {
        ProviderExtension providerExtension = getProviderExtension();
        if (providerExtension != null) {
            providerExtension.onUserUpdate(user);
        }
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public OAuthRequest getProtectedDataRequest(String str) {
        return new OAuthRequest(Verb.GET, str);
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public Map<String, String> parseProfileDataResponse(Response response) throws IOException {
        try {
            String body = response.getBody();
            HashMap hashMap = new HashMap();
            if (StringUtils.isEmpty(body)) {
                this.log.debug("Unable to parse json response body: {}", body);
            } else {
                JSONObject jSONObject = new JSONObject(body);
                Iterator keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String str = (String) keys.next();
                    if (!"path".equals(str) && !str.contains("_xss")) {
                        if ("user".equals(str)) {
                            hashMap.put("authorizableId", jSONObject.optJSONObject(str).optString("authorizableId"));
                        } else {
                            hashMap.put(str, jSONObject.optString(str));
                        }
                    }
                }
            }
            return hashMap;
        } catch (Exception e) {
            this.log.error("Exception while parsing profile data");
            throw new IOException(e.toString());
        } catch (JSONException e2) {
            this.log.debug("problem parsing JSON; response body was: {}", (Object) null);
            throw new IOException(e2.toString());
        }
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getUserIdProperty() {
        return "authorizableId";
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getValidateTokenUrl(String str, String str2) {
        throw new UnsupportedOperationException("This provider doesn't support the validation of a token");
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public boolean isValidToken(String str, String str2, String str3) {
        throw new UnsupportedOperationException("This provider doesn't support the validation of a token");
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getUserIdFromValidateTokenResponseBody(String str) {
        throw new UnsupportedOperationException("This provider doesn't support the validation of a token");
    }

    @Override // com.adobe.granite.auth.oauth.Provider
    public String getErrorDescriptionFromValidateTokenResponseBody(String str) {
        throw new UnsupportedOperationException("This provider doesn't support the validation of a token");
    }

    protected void bindProviderExtension(ProviderExtension providerExtension, Map<String, Object> map) {
        this.lock.writeLock().lock();
        try {
            this.registeredProviderExtensionHandlers.put(ServiceUtil.getComparableForServiceRanking(map), providerExtension);
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    protected void unbindProviderExtension(ProviderExtension providerExtension, Map<String, Object> map) {
        this.lock.writeLock().lock();
        try {
            this.registeredProviderExtensionHandlers.remove(ServiceUtil.getComparableForServiceRanking(map));
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    private ProviderExtension getProviderExtension() {
        this.lock.readLock().lock();
        try {
            for (ProviderExtension providerExtension : this.registeredProviderExtensionHandlers.values()) {
                if (providerExtension.getId() != null && providerExtension.getId().equals(getId())) {
                    return providerExtension;
                }
            }
            this.lock.readLock().unlock();
            return null;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    private String getDefaultUserId(String str, Map<String, Object> map) {
        return getId() + "-" + str;
    }

    private String getDefaultUserFolderPath(String str, String str2, Map<String, Object> map) {
        StringBuilder sb = new StringBuilder(getId());
        if (str != null) {
            sb.append("/").append(new String(Base64.encodeBase64(str.getBytes())).substring(0, 4));
        }
        return sb.toString();
    }

    private String mapProperty(String str) {
        return "profile/" + str;
    }

    private Object mapValue(String str, String str2) {
        return str2;
    }
}
