package edu.internet2.middleware.grouper.changeLog.consumer;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.app.loader.GrouperLoaderConfig;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
import edu.internet2.middleware.grouper.azure.AzureGroupType;
import edu.internet2.middleware.grouper.azure.AzureVisibility;
import edu.internet2.middleware.grouper.azure.model.AzureGraphGroup;
import edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBaseImpl;
import edu.internet2.middleware.grouper.changeLog.ChangeLogEntry;
import edu.internet2.middleware.grouper.changeLog.ChangeLogProcessorMetadata;
import edu.internet2.middleware.grouper.changeLog.consumer.o365.GraphApiClient;
import edu.internet2.middleware.grouper.pit.PITAttributeAssignValueQuery;
import edu.internet2.middleware.grouper.pit.PITAttributeAssignValueView;
import edu.internet2.middleware.grouper.pit.PITAttributeDefName;
import edu.internet2.middleware.grouper.pit.PITGroup;
import edu.internet2.middleware.grouper.pit.finder.PITAttributeDefNameFinder;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import java.io.IOException;
import java.util.List;
import java.util.Set;
import org.apache.commons.jexl2.Expression;
import org.apache.commons.jexl2.JexlEngine;
import org.apache.commons.jexl2.MapContext;
import org.apache.commons.logging.Log;

/* loaded from: input_file:edu/internet2/middleware/grouper/changeLog/consumer/Office365ChangeLogConsumer.class */
public class Office365ChangeLogConsumer extends ChangeLogConsumerBaseImpl {
    private static final Log logger = GrouperUtil.getLog(Office365ChangeLogConsumer.class);
    private static final String CONFIG_PREFIX = "changeLog.consumer.";
    private static final String DEFAULT_ID_ATTRIBUTE = "uid";
    public static final String GROUP_ID_ATTRIBUTE_NAME = "etc:attribute:office365:o365Id";
    private GraphApiClient apiClient;
    private String tenantId;
    private String idAttribute;
    private String domain;
    private String upnAttribute;
    private String groupJexl;
    private String mailNicknameJexl;
    private String descriptionJexl;
    private String subjectJexl;
    private GrouperSession grouperSession;

    public void initialize(ChangeLogProcessorMetadata changeLogProcessorMetadata) {
        AzureGroupType azureGroupType;
        String str;
        Integer num;
        String consumerName = changeLogProcessorMetadata.getConsumerName();
        GrouperLoaderConfig retrieveConfig = GrouperLoaderConfig.retrieveConfig();
        String propertyValueString = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".loginEndpoint", "https://login.microsoftonline.com/");
        String propertyValueString2 = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".resourceEndpoint", "https://graph.microsoft.com/v1.0/");
        String propertyValueStringRequired = retrieveConfig.propertyValueStringRequired(CONFIG_PREFIX + consumerName + ".clientId");
        String propertyValueStringRequired2 = retrieveConfig.propertyValueStringRequired(CONFIG_PREFIX + consumerName + ".clientSecret");
        this.tenantId = retrieveConfig.propertyValueStringRequired(CONFIG_PREFIX + consumerName + ".tenantId");
        String propertyValueString3 = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".scope", "https://graph.microsoft.com/.default");
        this.idAttribute = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".idAttribute", DEFAULT_ID_ATTRIBUTE);
        this.domain = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".domain", this.tenantId);
        this.upnAttribute = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".upnAttribute");
        this.groupJexl = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".groupJexl");
        this.mailNicknameJexl = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".mailNicknameJexl");
        this.descriptionJexl = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".descriptionJexl");
        this.subjectJexl = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".subjectJexl");
        String propertyValueString4 = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".groupType", AzureGroupType.Security.name());
        try {
            azureGroupType = AzureGroupType.valueOf(propertyValueString4);
        } catch (IllegalArgumentException e) {
            azureGroupType = AzureGroupType.Security;
            logger.error("consumer " + getConsumerName() + ": Invalid option for property " + CONFIG_PREFIX + consumerName + ".groupType: " + propertyValueString4 + " - reverting to type " + azureGroupType.name());
        }
        AzureVisibility azureVisibility = null;
        String propertyValueString5 = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".visibility");
        if (propertyValueString5 != null) {
            if (azureGroupType == AzureGroupType.Unified) {
                try {
                    if ("Hiddenmembership".equals(propertyValueString5)) {
                        propertyValueString5 = "HiddenMembership";
                        logger.warn("For changeLog.consumer." + consumerName + ".visibility, legacy value Hiddenmembership was remapped to HiddenMembership");
                    }
                    azureVisibility = AzureVisibility.valueOf(propertyValueString5);
                } catch (IllegalArgumentException e2) {
                    azureVisibility = AzureVisibility.Public;
                    logger.error("consumer " + getConsumerName() + ": Invalid option for property " + CONFIG_PREFIX + consumerName + ".visibility: " + propertyValueString5 + " - reverting to type " + azureVisibility.name());
                }
            } else {
                logger.error("consumer " + getConsumerName() + ": Property " + CONFIG_PREFIX + consumerName + ".visibility is only valid for Unified group type -- ignoring");
            }
        }
        String propertyValueString6 = retrieveConfig.propertyValueString(CONFIG_PREFIX + consumerName + ".proxyType");
        if (propertyValueString6 != null) {
            str = retrieveConfig.propertyValueStringRequired(CONFIG_PREFIX + consumerName + ".proxyHost");
            num = Integer.valueOf(retrieveConfig.propertyValueIntRequired(CONFIG_PREFIX + consumerName + ".proxyPort"));
        } else {
            str = null;
            num = null;
        }
        this.grouperSession = GrouperSession.startRootSession();
        this.apiClient = new GraphApiClient(propertyValueString, propertyValueString2, propertyValueStringRequired, propertyValueStringRequired2, this.tenantId, propertyValueString3, azureGroupType, azureVisibility, propertyValueString6, str, num);
    }

    public long processChangeLogEntries(List<ChangeLogEntry> list, ChangeLogProcessorMetadata changeLogProcessorMetadata) {
        initialize(changeLogProcessorMetadata);
        return super.processChangeLogEntries(list, changeLogProcessorMetadata);
    }

    public String evaluateGroupJexlExpression(Group group, String str, String str2) {
        if (str == null) {
            return str2;
        }
        Expression createExpression = new JexlEngine().createExpression(str);
        MapContext mapContext = new MapContext();
        mapContext.set("group", group);
        mapContext.set("consumerName", getConsumerName());
        mapContext.set("tenantId", this.tenantId);
        mapContext.set("domain", this.domain);
        mapContext.set("idAttribute", this.idAttribute);
        String str3 = (String) createExpression.evaluate(mapContext);
        logger.trace("evaluated group jexl -> [" + str3 + "]");
        return str3;
    }

    public String evaluateSubjectJexlExpression(Subject subject, String str) {
        if (str == null) {
            return null;
        }
        Expression createExpression = new JexlEngine().createExpression(str);
        MapContext mapContext = new MapContext();
        mapContext.set("subject", subject);
        mapContext.set("subjectIdValue", subject.getAttributeValue(this.idAttribute));
        mapContext.set("subjectUpnValue", this.upnAttribute == null ? null : subject.getAttributeValue(this.upnAttribute));
        mapContext.set("consumerName", getConsumerName());
        mapContext.set("tenantId", this.tenantId);
        mapContext.set("domain", this.domain);
        mapContext.set("idAttribute", this.idAttribute);
        String str2 = (String) createExpression.evaluate(mapContext);
        logger.trace("evaluated subject jexl -> [" + str2 + "]");
        return str2;
    }

    public String getUserPrincipalName(Subject subject) {
        String str = null;
        String str2 = "N/A";
        if (this.upnAttribute != null) {
            str = subject.getAttributeValue(this.upnAttribute);
            str2 = "upnAttribute";
        }
        if (GrouperUtil.isBlank(str) && this.subjectJexl != null) {
            str = evaluateSubjectJexlExpression(subject, this.subjectJexl);
            str2 = "subjectJexl";
        }
        if (GrouperUtil.isBlank(str) && !GrouperUtil.isBlank(subject.getAttributeValue(this.idAttribute))) {
            str = subject.getAttributeValue(this.idAttribute).trim() + "@" + this.domain;
            str2 = "default (idAttribute)";
        }
        if (GrouperUtil.isBlank(str)) {
            logger.error("consumer " + getConsumerName() + " unable to determine principal name for subject " + subject);
            throw new RuntimeException("Failed to calculate principal name for subject " + subject);
        }
        logger.debug("consumer " + getConsumerName() + ": calculated subject principal by method " + str2 + " as " + str);
        return str;
    }

    protected void addGroup(Group group, ChangeLogEntry changeLogEntry) {
        logger.info("consumer " + getConsumerName() + ": Creating group " + group);
        String evaluateGroupJexlExpression = evaluateGroupJexlExpression(group, this.groupJexl, group.getName());
        logger.debug("consumer " + getConsumerName() + ": calculated displayName as " + evaluateGroupJexlExpression);
        String evaluateGroupJexlExpression2 = evaluateGroupJexlExpression(group, this.mailNicknameJexl, group.getUuid());
        logger.debug("consumer " + getConsumerName() + ": calculated mailNickname as " + evaluateGroupJexlExpression2);
        String evaluateGroupJexlExpression3 = evaluateGroupJexlExpression(group, this.descriptionJexl, group.getId());
        logger.debug("consumer " + getConsumerName() + ": calculated description as " + evaluateGroupJexlExpression3);
        AzureGraphGroup addGroup = this.apiClient.addGroup(evaluateGroupJexlExpression, evaluateGroupJexlExpression2, evaluateGroupJexlExpression3);
        group.getAttributeDelegate().assignAttribute(AttributeDefNameFinder.findByName(GROUP_ID_ATTRIBUTE_NAME, false));
        group.getAttributeValueDelegate().assignValue(GROUP_ID_ATTRIBUTE_NAME, addGroup.id);
    }

    protected void removeGroup(Group group, ChangeLogEntry changeLogEntry) {
        logger.info("consumer " + getConsumerName() + ": Sync attribute removed (will stop sync until re-added) for group " + group.getName());
        logger.debug("removeGroup() called (no effect except to stop future sync) for group " + group.getName());
    }

    protected void removeDeletedGroup(PITGroup pITGroup, ChangeLogEntry changeLogEntry) {
        logger.info("consumer " + getConsumerName() + ": Removing deleted group " + pITGroup.getName() + " from Azure");
        try {
            Set findByName = PITAttributeDefNameFinder.findByName(GROUP_ID_ATTRIBUTE_NAME, false, true);
            if (findByName.isEmpty()) {
                throw new RuntimeException("Could not find PITAttributeDefName etc:attribute:office365:o365Id");
            }
            Set execute = new PITAttributeAssignValueQuery().setAttributeDefNameId(((PITAttributeDefName) findByName.iterator().next()).getSourceId()).setOwnerGroupId(pITGroup.getSourceId()).execute();
            if (execute.isEmpty()) {
                throw new RuntimeException("no attribute value for etc:attribute:office365:o365Id");
            }
            String valueString = ((PITAttributeAssignValueView) execute.iterator().next()).getValueString();
            logger.debug("PITGroup " + pITGroup.getName() + " attribute " + GROUP_ID_ATTRIBUTE_NAME + " = " + valueString);
            this.apiClient.removeGroup(valueString);
        } catch (Exception e) {
            logger.error("consumer " + getConsumerName() + ": Failed to obtain Azure group id from attributes", e);
        }
    }

    protected void addMembership(Subject subject, Group group, ChangeLogEntry changeLogEntry) {
        logger.info("consumer " + getConsumerName() + ": Adding " + subject + " to " + group);
        String retrieveValueString = group.getAttributeValueDelegate().retrieveValueString(GROUP_ID_ATTRIBUTE_NAME);
        logger.debug("azure groupId: " + retrieveValueString);
        try {
            this.apiClient.addMemberToMS(retrieveValueString, getUserPrincipalName(subject));
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    protected void removeMembership(Subject subject, Group group, ChangeLogEntry changeLogEntry) {
        logger.info("consumer " + getConsumerName() + ": Removing " + subject + " from " + group);
        try {
            this.apiClient.removeUserFromGroupInMS(group.getAttributeValueDelegate().retrieveValueString(GROUP_ID_ATTRIBUTE_NAME), this.apiClient.lookupMSUser(getUserPrincipalName(subject)).id);
        } catch (IOException e) {
            logger.error(e);
        }
    }
}
