package edu.internet2.middleware.grouper.changeLog.consumer.o365;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.model.Group;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.model.GroupsOdata;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.model.OAuthTokenInfo;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.model.OdataIdContainer;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.model.User;
import edu.internet2.middleware.grouper.exception.MemberAddAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.MemberDeleteAlreadyDeletedException;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Response;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.log4j.Logger;
import retrofit2.Call;
import retrofit2.Retrofit;
import retrofit2.converter.moshi.MoshiConverterFactory;

/* loaded from: input_file:edu/internet2/middleware/grouper/changeLog/consumer/o365/GraphApiClient.class */
public class GraphApiClient {
    private static final Logger logger = Logger.getLogger(GraphApiClient.class);
    private final String clientId;
    private final String clientSecret;
    private final String tenantId;
    private final String scope;
    private final Office365GraphApiService service;
    String token = null;

    public GraphApiClient(String str, String str2, String str3, String str4, GrouperSession grouperSession) {
        this.clientId = str;
        this.clientSecret = str2;
        this.tenantId = str3;
        this.scope = str4;
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(str5 -> {
            logger.debug(str5);
        });
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
        httpLoggingInterceptor.redactHeader("Authorization");
        this.service = (Office365GraphApiService) buildRetroFit(httpLoggingInterceptor).create(Office365GraphApiService.class);
    }

    protected RetrofitWrapper buildRetroFit(HttpLoggingInterceptor httpLoggingInterceptor) {
        if (httpLoggingInterceptor == null) {
            logger.trace("not using client to build retrofit.");
            return new RetrofitWrapper(new Retrofit.Builder().baseUrl("https://login.microsoftonline.com/" + this.tenantId + "/").addConverterFactory(MoshiConverterFactory.create()).build());
        }
        logger.trace("using client to build retrofit.");
        return new RetrofitWrapper(new Retrofit.Builder().baseUrl("https://graph.microsoft.com/v1.0/").addConverterFactory(MoshiConverterFactory.create()).client(buildOkHttpClient(httpLoggingInterceptor)).build());
    }

    protected OkHttpClient buildOkHttpClient(HttpLoggingInterceptor httpLoggingInterceptor) {
        return new OkHttpClient.Builder().addInterceptor(new Interceptor() { // from class: edu.internet2.middleware.grouper.changeLog.consumer.o365.GraphApiClient.1
            public Response intercept(Interceptor.Chain chain) throws IOException {
                return chain.proceed(chain.request().newBuilder().header("Authorization", "Bearer " + GraphApiClient.this.token).build());
            }
        }).addInterceptor(httpLoggingInterceptor).build();
    }

    public String getToken() throws IOException {
        logger.debug("Token client ID: " + this.clientId);
        logger.debug("Token tenant ID: " + this.tenantId);
        retrofit2.Response execute = ((Office365AuthApiService) buildRetroFit(null).create(Office365AuthApiService.class)).getOauth2Token("client_credentials", this.clientId, this.clientSecret, this.scope, "https://graph.microsoft.com").execute();
        if (!execute.isSuccessful()) {
            throw new IOException("error requesting token (" + execute.code() + "): " + execute.errorBody().string());
        }
        OAuthTokenInfo oAuthTokenInfo = (OAuthTokenInfo) execute.body();
        logTokenInfo(oAuthTokenInfo);
        return oAuthTokenInfo.accessToken;
    }

    private void logTokenInfo(OAuthTokenInfo oAuthTokenInfo) {
        logger.debug("Token scope: " + oAuthTokenInfo.scope);
        logger.debug("Token expiresIn: " + oAuthTokenInfo.expiresIn);
        logger.debug("Token expiresOn: " + oAuthTokenInfo.expiresOn);
        logger.debug("Token resource: " + oAuthTokenInfo.resource);
        logger.debug("Token tokenType: " + oAuthTokenInfo.tokenType);
        logger.debug("Token notBefore: " + oAuthTokenInfo.notBefore);
    }

    private <T> retrofit2.Response<T> invoke(Call<T> call) throws IOException {
        for (int i = 2; i > 0; i--) {
            if (this.token == null) {
                this.token = getToken();
            }
            retrofit2.Response<T> execute = call.execute();
            if (execute.isSuccessful()) {
                return execute;
            }
            if (execute.code() != 401) {
                throw new IOException("Unhandled invoke response (" + execute.code() + ") " + execute.errorBody().string());
            }
            logger.debug("auth fail, retry: " + call.request().url());
            call = call.clone();
            this.token = null;
        }
        throw new IOException("Retry failed for: " + call.request().url());
    }

    public retrofit2.Response addGroup(String str, boolean z, String str2, boolean z2, Collection<String> collection, String str3) {
        logger.debug("Creating group " + str);
        try {
            return invoke(this.service.createGroup(new Group(null, str, z, str2, z2, collection, str3)));
        } catch (IOException e) {
            logger.error(e);
            throw new RuntimeException("service.createGroup failed", e);
        }
    }

    public void removeGroup(Map map) {
        try {
            invoke(this.service.deleteGroup(((GroupsOdata) invoke(this.service.getGroups(map)).body()).groups.get(0).id));
        } catch (IOException e) {
            logger.error(e);
            throw new RuntimeException("service.deleteGroup failed", e);
        }
    }

    public User lookupMSUser(String str) {
        logger.debug("calling getUserFrom Office365ApiClient");
        try {
            User user = (User) invoke(this.service.getUserByUPN(str)).body();
            logger.debug("user = " + (user == null ? "null" : user.toString()));
            return user;
        } catch (IOException e) {
            logger.debug("user wasn't found on default domain of " + this.tenantId);
            return null;
        }
    }

    protected String lookupOffice365GroupId(edu.internet2.middleware.grouper.Group group) {
        return group.getAttributeValueDelegate().retrieveValueString("etc:attribute:office365:o365Id");
    }

    public void addMemberToMS(String str, String str2) {
        try {
            invoke(this.service.addGroupMember(str, new OdataIdContainer("https://graph.microsoft.com/v1.0/users/" + str2)));
        } catch (MemberAddAlreadyExistsException e) {
            logger.debug("member already exists for subject:" + str2 + " and group:" + str);
        } catch (IOException e2) {
            logger.error(e2.getMessage(), e2);
        }
    }

    public void removeMembership(String str, edu.internet2.middleware.grouper.Group group) {
        if (group != null) {
            try {
                User lookupMSUser = lookupMSUser(str);
                if (lookupMSUser == null) {
                    throw new RuntimeException("Failed to locate member: " + str);
                }
                String lookupOffice365GroupId = lookupOffice365GroupId(group);
                if (ifUserAndGroupExistInMS(lookupMSUser, lookupOffice365GroupId)) {
                    removeUserFromGroupInMS(lookupMSUser.id, lookupOffice365GroupId);
                }
            } catch (IOException e) {
                logger.error(e);
            } catch (MemberDeleteAlreadyDeletedException e2) {
                logger.debug("member already deleted for subject:" + str + " and group:" + group.getId());
            }
        }
    }

    protected boolean ifUserAndGroupExistInMS(User user, String str) {
        return (user == null || str == null) ? false : true;
    }

    public void removeUserFromGroupInMS(String str, String str2) throws IOException {
        invoke(this.service.removeGroupMember(str, str2));
    }
}
