package org.craftercms.security.social.impl;

import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.pdfbox.contentstream.operator.OperatorName;
import org.craftercms.commons.crypto.CryptoException;
import org.craftercms.commons.crypto.TextEncryptor;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.exception.AuthenticationException;
import org.craftercms.security.exception.OAuth2Exception;
import org.craftercms.security.social.ProviderLoginSupport;
import org.craftercms.security.utils.SecurityUtils;
import org.craftercms.security.utils.social.ConnectionUtils;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.social.connect.Connection;
import org.springframework.social.connect.ConnectionFactory;
import org.springframework.social.connect.ConnectionFactoryLocator;
import org.springframework.social.connect.support.OAuth1ConnectionFactory;
import org.springframework.social.connect.support.OAuth2ConnectionFactory;
import org.springframework.social.connect.web.ConnectSupport;
import org.springframework.util.MultiValueMap;
import org.springframework.web.context.request.ServletWebRequest;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-3.1.5.jar:org/craftercms/security/social/impl/ProviderLoginSupportImpl.class */
public class ProviderLoginSupportImpl implements ProviderLoginSupport {
    public static final String PARAM_OAUTH_TOKEN = "oauth_token";
    public static final String PARAM_CODE = "code";
    public static final String PARAM_ERROR = "error";
    public static final String PARAM_ERROR_DESCRIPTION = "error_description";
    public static final String PARAM_ERROR_URI = "error_uri";
    protected ConnectSupport connectSupport = new ConnectSupport();
    protected ConnectionFactoryLocator connectionFactoryLocator;
    protected ProfileService profileService;
    protected AuthenticationManager authenticationManager;
    protected TextEncryptor textEncryptor;

    public void setConnectSupport(ConnectSupport connectSupport) {
        this.connectSupport = connectSupport;
    }

    @Required
    public void setConnectionFactoryLocator(ConnectionFactoryLocator connectionFactoryLocator) {
        this.connectionFactoryLocator = connectionFactoryLocator;
    }

    @Required
    public void setProfileService(ProfileService profileService) {
        this.profileService = profileService;
    }

    @Required
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Required
    public void setTextEncryptor(TextEncryptor textEncryptor) {
        this.textEncryptor = textEncryptor;
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public String start(String str, String str2, HttpServletRequest httpServletRequest) throws AuthenticationException {
        return start(str, str2, httpServletRequest, null, null);
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public String start(String str, String str2, HttpServletRequest httpServletRequest, MultiValueMap<String, String> multiValueMap) throws AuthenticationException {
        return start(str, str2, httpServletRequest, multiValueMap, null);
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public String start(String str, String str2, HttpServletRequest httpServletRequest, MultiValueMap<String, String> multiValueMap, ConnectSupport connectSupport) throws AuthenticationException {
        if (connectSupport == null) {
            connectSupport = this.connectSupport;
        }
        return connectSupport.buildOAuthUrl(getConnectionFactory(str2), new ServletWebRequest(httpServletRequest), multiValueMap);
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public Authentication complete(String str, String str2, HttpServletRequest httpServletRequest) throws AuthenticationException {
        return complete(str, str2, httpServletRequest, null, null, null);
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public Authentication complete(String str, String str2, HttpServletRequest httpServletRequest, Set<String> set, Map<String, Object> map) throws AuthenticationException {
        return complete(str, str2, httpServletRequest, set, map, null);
    }

    @Override // org.craftercms.security.social.ProviderLoginSupport
    public Authentication complete(String str, String str2, HttpServletRequest httpServletRequest, Set<String> set, Map<String, Object> map, ConnectSupport connectSupport) throws AuthenticationException {
        Profile updateProfileConnectionData;
        if (connectSupport == null) {
            connectSupport = this.connectSupport;
        }
        Connection<?> completeConnection = completeConnection(connectSupport, str2, httpServletRequest);
        if (completeConnection == null) {
            return null;
        }
        Profile createProfile = ConnectionUtils.createProfile(completeConnection);
        Profile profile = getProfile(str, createProfile);
        if (profile == null) {
            if (CollectionUtils.isNotEmpty(set)) {
                createProfile.getRoles().addAll(set);
            }
            if (MapUtils.isNotEmpty(map)) {
                createProfile.getAttributes().putAll(map);
            }
            updateProfileConnectionData = createProfile(str, completeConnection, createProfile);
        } else {
            updateProfileConnectionData = updateProfileConnectionData(str, completeConnection, profile);
        }
        Authentication authenticateUser = this.authenticationManager.authenticateUser(updateProfileConnectionData);
        SecurityUtils.setAuthentication(httpServletRequest, authenticateUser);
        return authenticateUser;
    }

    protected Connection<?> completeConnection(ConnectSupport connectSupport, String str, HttpServletRequest httpServletRequest) throws OAuth2Exception {
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter(PARAM_OAUTH_TOKEN))) {
            return connectSupport.completeConnection((OAuth1ConnectionFactory<?>) getConnectionFactory(str), new ServletWebRequest(httpServletRequest));
        }
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter("code"))) {
            return connectSupport.completeConnection((OAuth2ConnectionFactory<?>) getConnectionFactory(str), new ServletWebRequest(httpServletRequest));
        }
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter("error"))) {
            throw new OAuth2Exception(httpServletRequest.getParameter("error"), httpServletRequest.getParameter(PARAM_ERROR_DESCRIPTION), httpServletRequest.getParameter(PARAM_ERROR_URI));
        }
        return null;
    }

    protected ConnectionFactory<?> getConnectionFactory(String str) {
        return this.connectionFactoryLocator.getConnectionFactory(str);
    }

    protected Profile getProfile(String str, Profile profile) {
        try {
            return this.profileService.getProfileByUsername(str, profile.getUsername(), new String[0]);
        } catch (ProfileException e) {
            throw new AuthenticationException("Unable to retrieve current profile for user '" + profile.getUsername() + "' of tenant '" + str + OperatorName.SHOW_TEXT_LINE, e);
        }
    }

    protected Profile createProfile(String str, Connection<?> connection, Profile profile) {
        try {
            ConnectionUtils.addConnectionData(profile, connection.createData(), this.textEncryptor);
            return this.profileService.createProfile(str, profile.getUsername(), null, profile.getEmail(), true, profile.getRoles(), profile.getAttributes(), null);
        } catch (CryptoException | ProfileException e) {
            throw new AuthenticationException("Unable to create profile of user '" + profile.getUsername() + "' in tenant '" + str + OperatorName.SHOW_TEXT_LINE, e);
        }
    }

    protected Profile updateProfileConnectionData(String str, Connection<?> connection, Profile profile) {
        try {
            ConnectionUtils.addConnectionData(profile, connection.createData(), this.textEncryptor);
            return this.profileService.updateAttributes(profile.getId().toString(), profile.getAttributes(), new String[0]);
        } catch (CryptoException | ProfileException e) {
            throw new AuthenticationException("Unable to update connection data of user '" + profile.getUsername() + "' of tenant '" + str + OperatorName.SHOW_TEXT_LINE, e);
        }
    }
}
