package org.bubblecloud.ilves.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import javax.persistence.EntityManager;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.GitHubTokenResponse;
import org.apache.oltu.oauth2.common.OAuthProviderType;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.bubblecloud.ilves.model.Company;
import org.bubblecloud.ilves.model.Customer;
import org.bubblecloud.ilves.model.PostalAddress;
import org.bubblecloud.ilves.model.User;
import org.bubblecloud.ilves.module.customer.CustomerModule;
import org.bubblecloud.ilves.site.SiteContext;
import org.bubblecloud.ilves.site.SiteModuleManager;

/* loaded from: input_file:org/bubblecloud/ilves/security/OAuthService.class */
public class OAuthService {
    private static final Logger LOGGER = Logger.getLogger(OAuthService.class);

    public static String requestOAuthLocationUri(SiteContext siteContext) {
        try {
            Company company = (Company) siteContext.getObject(Company.class);
            if (company.isoAuthLogin()) {
                return OAuthClientRequest.authorizationProvider(OAuthProviderType.GITHUB).setClientId(company.getGitHubClientId()).setRedirectURI(company.getUrl() + "oauthredirect").setScope("user:email").buildQueryMessage().getLocationUri();
            }
            return null;
        } catch (Exception e) {
            LOGGER.error("Error in oauth.", e);
            return null;
        }
    }

    public static User processOAuthRedirect(SiteContext siteContext, Company company, String str) {
        if (!company.isoAuthLogin()) {
            return null;
        }
        EntityManager entityManager = siteContext.getEntityManager();
        if (StringUtils.isEmpty(str)) {
            LOGGER.warn("Warning in oauth no code received in redirect.");
            return null;
        }
        try {
            String email = getEmail(new OAuthClient(new URLConnectionClient()).accessToken(OAuthClientRequest.tokenProvider(OAuthProviderType.GITHUB).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(company.getGitHubClientId()).setClientSecret(company.getGitHubClientSecret()).setRedirectURI(company.getUrl() + "oauthredirect").setCode(str).buildQueryMessage(), GitHubTokenResponse.class).getAccessToken());
            if (email == null) {
                AuditService.log(siteContext, "oauth login failed, no matching email");
                return null;
            }
            User user = UserDao.getUser(entityManager, company, email);
            if (user != null) {
                if (user.isLockedOut()) {
                    AuditService.log(siteContext, "oauth login failed, locked user", "User", user.getUserId(), user.getEmailAddress());
                    return null;
                }
                AuditService.log(siteContext, "oauth login success", "User", user.getUserId(), user.getEmailAddress());
                return user;
            }
            if (!company.isoAuthSelfRegistration()) {
                return null;
            }
            String[] split = email.split("@")[0].split("\\.");
            String capitalizeFirstLetter = capitalizeFirstLetter(split[0]);
            String capitalizeFirstLetter2 = split.length > 1 ? capitalizeFirstLetter(split[split.length - 1]) : "-";
            User user2 = new User(company, capitalizeFirstLetter, capitalizeFirstLetter2, email, "-", "");
            UserDao.addUser(entityManager, user2, UserDao.getGroup(entityManager, company, "user"));
            if (SiteModuleManager.isModuleInitialized(CustomerModule.class)) {
                Customer customer = new Customer(capitalizeFirstLetter, capitalizeFirstLetter2, email, "-", false, "", "");
                customer.setCreated(new Date());
                customer.setModified(customer.getCreated());
                customer.setOwner(company);
                PostalAddress postalAddress = new PostalAddress();
                postalAddress.setAddressLineOne("-");
                postalAddress.setAddressLineTwo("-");
                postalAddress.setAddressLineThree("-");
                postalAddress.setCity("-");
                postalAddress.setPostalCode("-");
                postalAddress.setCountry("-");
                PostalAddress postalAddress2 = new PostalAddress();
                postalAddress2.setAddressLineOne("-");
                postalAddress2.setAddressLineTwo("-");
                postalAddress2.setAddressLineThree("-");
                postalAddress2.setCity("-");
                postalAddress2.setPostalCode("-");
                postalAddress2.setCountry("-");
                customer.setInvoicingAddress(postalAddress);
                customer.setDeliveryAddress(postalAddress2);
                CustomerDao.addCustomer(entityManager, customer);
                UserDao.addGroupMember(siteContext.getEntityManager(), customer.getAdminGroup(), user2);
                UserDao.addGroupMember(siteContext.getEntityManager(), customer.getMemberGroup(), user2);
            }
            AuditService.log(siteContext, "oauth-auto-register", "user", user2.getUserId(), email);
            return user2;
        } catch (Exception e) {
            LOGGER.error("Error exchanging oauth code to access token: " + e.getMessage());
            AuditService.log(siteContext, "oauth login exception");
            return null;
        }
    }

    public static String capitalizeFirstLetter(String str) {
        return str.length() == 0 ? str : str.substring(0, 1).toUpperCase() + str.substring(1);
    }

    public static String getEmail(String str) throws Exception {
        String str2 = null;
        Iterator it = ((ArrayList) new ObjectMapper().readValue(get("https://api.github.com/user/emails?access_token", str), ArrayList.class)).iterator();
        while (it.hasNext()) {
            Map map = (Map) it.next();
            if (map.containsKey("email") && map.containsKey("verified") && map.containsKey("primary") && ((Boolean) map.get("verified")).booleanValue() && ((Boolean) map.get("primary")).booleanValue()) {
                str2 = (String) map.get("email");
            }
        }
        return str2;
    }

    public static String get(String str, String str2) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("User-Agent", "Mozilla/5.0");
        httpURLConnection.setRequestProperty("Authorization", "token " + str2);
        return IOUtils.toString(httpURLConnection.getInputStream());
    }
}
