package edu.internet2.middleware.grouper.changeLog.consumer.o365;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.azure.AzureGroupType;
import edu.internet2.middleware.grouper.azure.AzureVisibility;
import edu.internet2.middleware.grouper.azure.model.AzureGraphDataIdContainer;
import edu.internet2.middleware.grouper.azure.model.AzureGraphGroup;
import edu.internet2.middleware.grouper.azure.model.AzureGraphGroupMember;
import edu.internet2.middleware.grouper.azure.model.AzureGraphGroupMembers;
import edu.internet2.middleware.grouper.azure.model.AzureGraphGroups;
import edu.internet2.middleware.grouper.azure.model.AzureGraphOAuthTokenInfo;
import edu.internet2.middleware.grouper.azure.model.AzureGraphUser;
import edu.internet2.middleware.grouper.azure.model.AzureGraphUsers;
import edu.internet2.middleware.grouper.changeLog.consumer.Office365ChangeLogConsumer;
import edu.internet2.middleware.grouper.exception.MemberAddAlreadyExistsException;
import edu.internet2.middleware.grouper.exception.MemberDeleteAlreadyDeletedException;
import edu.internet2.middleware.grouper.exception.UnableToPerformException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Response;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.log4j.Logger;
import retrofit2.Call;
import retrofit2.Retrofit;
import retrofit2.converter.moshi.MoshiConverterFactory;

/* loaded from: input_file:edu/internet2/middleware/grouper/changeLog/consumer/o365/GraphApiClient.class */
public class GraphApiClient {
    private static final Logger logger = Logger.getLogger(GraphApiClient.class);
    private final String authUrlBase;
    private final String resourceUrlBase;
    private final String clientId;
    private final String clientSecret;
    private final String tenantId;
    private final String scope;
    private final Office365GraphApiService service;
    String token = null;
    private final OkHttpClient graphApiHttpClient;
    private final OkHttpClient graphTokenHttpClient;
    private final AzureGroupType azureGroupType;
    private final AzureVisibility visibility;

    public GraphApiClient(String str, String str2, String str3, String str4, String str5, String str6, AzureGroupType azureGroupType, AzureVisibility azureVisibility, String str7, String str8, Integer num) {
        Proxy proxy;
        this.authUrlBase = str;
        this.resourceUrlBase = str2;
        this.clientId = str3;
        this.clientSecret = str4;
        this.tenantId = str5;
        this.scope = str6;
        this.azureGroupType = azureGroupType;
        this.visibility = azureVisibility;
        if (str7 == null) {
            proxy = null;
        } else if ("http".equals(str7)) {
            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str8, num.intValue()));
        } else if ("socks".equals(str7)) {
            proxy = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(str8, num.intValue()));
        } else {
            logger.warn("Unable to determine proxy type from '" + str7 + "'; Valid proxy types for this consumer are 'http' or 'socks'");
            proxy = null;
        }
        this.graphTokenHttpClient = buildBaseOkHttpClient(proxy);
        this.graphApiHttpClient = buildGraphOkHttpClient(this.graphTokenHttpClient);
        this.service = (Office365GraphApiService) buildRetrofit(this.graphApiHttpClient).create(Office365GraphApiService.class);
    }

    protected RetrofitWrapper buildRetrofit(OkHttpClient okHttpClient) {
        return new RetrofitWrapper(new Retrofit.Builder().baseUrl(this.resourceUrlBase).addConverterFactory(MoshiConverterFactory.create()).client(okHttpClient).build());
    }

    protected RetrofitWrapper buildRetrofitAuth(OkHttpClient okHttpClient) {
        return new RetrofitWrapper(new Retrofit.Builder().baseUrl(this.authUrlBase + this.tenantId + "/").addConverterFactory(MoshiConverterFactory.create()).client(okHttpClient).build());
    }

    protected OkHttpClient buildBaseOkHttpClient(Proxy proxy) {
        logger.trace("Building OkHttpClient: proxy=" + proxy);
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (proxy != null) {
            builder.proxy(proxy);
        }
        return builder.build();
    }

    protected OkHttpClient buildGraphOkHttpClient(OkHttpClient okHttpClient) {
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(str -> {
            logger.debug(str);
        });
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
        httpLoggingInterceptor.redactHeader("Authorization");
        return okHttpClient.newBuilder().addInterceptor(new Interceptor() { // from class: edu.internet2.middleware.grouper.changeLog.consumer.o365.GraphApiClient.1
            public Response intercept(Interceptor.Chain chain) throws IOException {
                return chain.proceed(chain.request().newBuilder().header("Authorization", "Bearer " + GraphApiClient.this.token).build());
            }
        }).addInterceptor(httpLoggingInterceptor).build();
    }

    public String getToken() throws IOException {
        logger.debug("Token client ID: " + this.clientId);
        logger.debug("Token tenant ID: " + this.tenantId);
        retrofit2.Response execute = ((Office365AuthApiService) buildRetrofitAuth(this.graphTokenHttpClient).create(Office365AuthApiService.class)).getOauth2Token("client_credentials", this.clientId, this.clientSecret, this.scope, "https://graph.microsoft.com").execute();
        if (!execute.isSuccessful()) {
            throw new IOException("error requesting token (" + execute.code() + "): " + execute.errorBody().string());
        }
        AzureGraphOAuthTokenInfo azureGraphOAuthTokenInfo = (AzureGraphOAuthTokenInfo) execute.body();
        logTokenInfo(azureGraphOAuthTokenInfo);
        return azureGraphOAuthTokenInfo.accessToken;
    }

    private void logTokenInfo(AzureGraphOAuthTokenInfo azureGraphOAuthTokenInfo) {
        logger.trace("Token scope: " + azureGraphOAuthTokenInfo.scope);
        logger.trace("Token expiresIn: " + azureGraphOAuthTokenInfo.expiresIn);
        logger.trace("Token expiresOn: " + azureGraphOAuthTokenInfo.expiresOn);
        logger.trace("Token resource: " + azureGraphOAuthTokenInfo.resource);
        logger.trace("Token tokenType: " + azureGraphOAuthTokenInfo.tokenType);
        logger.trace("Token notBefore: " + azureGraphOAuthTokenInfo.notBefore);
    }

    private <T> retrofit2.Response<T> invoke(Call<T> call) throws IOException {
        for (int i = 2; i > 0; i--) {
            if (this.token == null) {
                this.token = getToken();
            }
            retrofit2.Response<T> execute = call.execute();
            if (execute.isSuccessful()) {
                return execute;
            }
            if (execute.code() != 401) {
                throw new IOException("Unhandled invoke response (" + execute.code() + ") " + execute.errorBody().string());
            }
            logger.debug("auth fail, retry: " + call.request().url());
            call = call.clone();
            this.token = null;
        }
        throw new IOException("Retry failed for: " + call.request().url());
    }

    public AzureGraphGroup addGroup(String str, String str2, String str3) {
        boolean z;
        logger.debug("Creating group " + str + ", group type: " + this.azureGroupType.name());
        ArrayList arrayList = new ArrayList();
        switch (this.azureGroupType) {
            case Security:
                z = true;
                break;
            case Unified:
                arrayList.add("Unified");
                z = false;
                break;
            case MailEnabled:
            case MailEnabledSecurity:
                throw new UnableToPerformException("Mail enabled Azure groups are currently not supported");
            default:
                throw new IllegalStateException("Unexpected value: " + this.azureGroupType);
        }
        try {
            AzureGraphGroup azureGraphGroup = (AzureGraphGroup) invoke(this.service.createGroup(new AzureGraphGroup(null, str, false, str2, z, arrayList, str3, this.visibility))).body();
            logger.debug("Created group in Azure: id = " + (azureGraphGroup == null ? "null" : azureGraphGroup.id));
            return azureGraphGroup;
        } catch (IOException e) {
            logger.error(e);
            throw new RuntimeException("service.createGroup failed", e);
        }
    }

    public void removeGroup(String str) {
        try {
            invoke(this.service.deleteGroup(str));
        } catch (IOException e) {
            logger.error(e);
            throw new RuntimeException("service.deleteGroup failed", e);
        }
    }

    public AzureGraphUser lookupMSUser(String str) {
        logger.debug("calling getUserFrom Office365ApiClient");
        try {
            AzureGraphUser azureGraphUser = (AzureGraphUser) invoke(this.service.getUserByUPN(str)).body();
            logger.debug("user = " + (azureGraphUser == null ? "null" : azureGraphUser.toString()));
            return azureGraphUser;
        } catch (IOException e) {
            logger.debug("user principal " + str + " was not found");
            return null;
        }
    }

    protected String lookupOffice365GroupId(Group group) {
        return group.getAttributeValueDelegate().retrieveValueString(Office365ChangeLogConsumer.GROUP_ID_ATTRIBUTE_NAME);
    }

    public void addMemberToMS(String str, String str2) {
        try {
            invoke(this.service.addGroupMember(str, new AzureGraphDataIdContainer(this.resourceUrlBase + "users/" + str2)));
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
        } catch (MemberAddAlreadyExistsException e2) {
            logger.debug("member already exists for subject:" + str2 + " and group:" + str);
        }
    }

    public void removeMembership(String str, Group group) {
        if (group != null) {
            try {
                AzureGraphUser lookupMSUser = lookupMSUser(str);
                if (lookupMSUser == null) {
                    throw new RuntimeException("Failed to locate member: " + str);
                }
                String lookupOffice365GroupId = lookupOffice365GroupId(group);
                if (ifUserAndGroupExistInMS(lookupMSUser, lookupOffice365GroupId)) {
                    removeUserFromGroupInMS(lookupMSUser.id, lookupOffice365GroupId);
                }
            } catch (IOException e) {
                logger.error(e);
            } catch (MemberDeleteAlreadyDeletedException e2) {
                logger.debug("member already deleted for subject:" + str + " and group:" + group.getId());
            }
        }
    }

    protected boolean ifUserAndGroupExistInMS(AzureGraphUser azureGraphUser, String str) {
        return (azureGraphUser == null || str == null) ? false : true;
    }

    public void removeUserFromGroupInMS(String str, String str2) throws IOException {
        invoke(this.service.removeGroupMember(str, str2));
    }

    public List<AzureGraphGroup> getGroups() throws IOException {
        return ((AzureGraphGroups) invoke(this.service.getGroups(Collections.emptyMap())).body()).groups;
    }

    public List<AzureGraphGroupMember> getGroupMembers(String str) throws IOException {
        return ((AzureGraphGroupMembers) invoke(this.service.getGroupMembers(str)).body()).users;
    }

    public AzureGraphGroup retrieveGroup(String str) throws IOException {
        return (AzureGraphGroup) invoke(this.service.getGroup(str)).body();
    }

    public List<AzureGraphUser> getAllUsers() throws IOException {
        return ((AzureGraphUsers) invoke(this.service.getUsers()).body()).users;
    }
}
