package org.flowable.app.service.idm;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.flowable.app.model.common.RemoteGroup;
import org.flowable.app.model.common.RemoteToken;
import org.flowable.app.model.common.RemoteUser;
import org.flowable.engine.impl.event.logger.handler.Fields;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/flowable-ui-common-6.0.0.RC1.jar:org/flowable/app/service/idm/RemoteIdmServiceImpl.class */
public class RemoteIdmServiceImpl implements RemoteIdmService {
    private static final Logger logger = LoggerFactory.getLogger(RemoteIdmService.class);
    private static final String PROPERTY_URL = "idm.app.url";
    private static final String PROPERTY_ADMIN_USER = "idm.admin.user";
    private static final String PROPERTY_ADMIN_PASSWORD = "idm.admin.password";

    @Autowired
    protected Environment environment;

    @Autowired
    protected ObjectMapper objectMapper;
    protected String url;
    protected String adminUser;
    protected String adminPassword;

    @PostConstruct
    protected void init() {
        this.url = this.environment.getRequiredProperty(PROPERTY_URL);
        this.adminUser = this.environment.getRequiredProperty(PROPERTY_ADMIN_USER);
        this.adminPassword = this.environment.getRequiredProperty(PROPERTY_ADMIN_PASSWORD);
    }

    @Override // org.flowable.app.service.idm.RemoteIdmService
    public RemoteUser authenticateUser(String str, String str2) {
        JsonNode callRemoteIdmService = callRemoteIdmService(this.url + "/api/idm/users/" + encode(str), str, str2);
        if (callRemoteIdmService != null) {
            return parseUserInfo(callRemoteIdmService);
        }
        return null;
    }

    @Override // org.flowable.app.service.idm.RemoteIdmService
    public RemoteToken getToken(String str) {
        JsonNode callRemoteIdmService = callRemoteIdmService(this.url + "/api/idm/tokens/" + encode(str), this.adminUser, this.adminPassword);
        if (callRemoteIdmService == null) {
            return null;
        }
        RemoteToken remoteToken = new RemoteToken();
        remoteToken.setId(callRemoteIdmService.get("id").asText());
        remoteToken.setValue(callRemoteIdmService.get("value").asText());
        remoteToken.setUserId(callRemoteIdmService.get(Fields.USER_ID).asText());
        return remoteToken;
    }

    @Override // org.flowable.app.service.idm.RemoteIdmService
    public RemoteUser getUser(String str) {
        JsonNode callRemoteIdmService = callRemoteIdmService(this.url + "/api/idm/users/" + encode(str), this.adminUser, this.adminPassword);
        if (callRemoteIdmService != null) {
            return parseUserInfo(callRemoteIdmService);
        }
        return null;
    }

    @Override // org.flowable.app.service.idm.RemoteIdmService
    public List<RemoteUser> findUsersByNameFilter(String str) {
        JsonNode callRemoteIdmService = callRemoteIdmService(this.url + "/api/idm/users?filter=" + encode(str), this.adminUser, this.adminPassword);
        return callRemoteIdmService != null ? parseUsersInfo(callRemoteIdmService) : new ArrayList();
    }

    @Override // org.flowable.app.service.idm.RemoteIdmService
    public List<RemoteGroup> findGroupsByNameFilter(String str) {
        JsonNode callRemoteIdmService = callRemoteIdmService(this.url + "/api/idm/groups?filter=" + encode(str), this.adminUser, this.adminPassword);
        return callRemoteIdmService != null ? parseGroupsInfo(callRemoteIdmService) : new ArrayList();
    }

    protected JsonNode callRemoteIdmService(String str, String str2, String str3) {
        HttpGet httpGet = new HttpGet(str);
        httpGet.setHeader("Authorization", "Basic " + new String(Base64.encodeBase64((str2 + ":" + str3).getBytes(Charset.forName("UTF-8")))));
        HttpClientBuilder create = HttpClientBuilder.create();
        try {
            SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
            sSLContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
            create.setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER));
        } catch (Exception e) {
            logger.warn("Could not configure SSL for http client", (Throwable) e);
        }
        CloseableHttpClient build = create.build();
        try {
            try {
                CloseableHttpResponse execute = build.execute((HttpUriRequest) httpGet);
                if (execute.getStatusLine().getStatusCode() == 200) {
                    JsonNode readTree = this.objectMapper.readTree(execute.getEntity().getContent());
                    if (build != null) {
                        try {
                            build.close();
                        } catch (IOException e2) {
                            logger.warn("Exception while closing http client", (Throwable) e2);
                        }
                    }
                    return readTree;
                }
                if (build == null) {
                    return null;
                }
                try {
                    build.close();
                    return null;
                } catch (IOException e3) {
                    logger.warn("Exception while closing http client", (Throwable) e3);
                    return null;
                }
            } catch (Throwable th) {
                if (build != null) {
                    try {
                        build.close();
                    } catch (IOException e4) {
                        logger.warn("Exception while closing http client", (Throwable) e4);
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            logger.warn("Exception while getting token", (Throwable) e5);
            if (build == null) {
                return null;
            }
            try {
                build.close();
                return null;
            } catch (IOException e6) {
                logger.warn("Exception while closing http client", (Throwable) e6);
                return null;
            }
        }
    }

    protected List<RemoteUser> parseUsersInfo(JsonNode jsonNode) {
        ArrayList arrayList = new ArrayList();
        if (jsonNode != null && jsonNode.isArray()) {
            Iterator<JsonNode> it = ((ArrayNode) jsonNode).iterator();
            while (it.hasNext()) {
                arrayList.add(parseUserInfo(it.next()));
            }
        }
        return arrayList;
    }

    protected RemoteUser parseUserInfo(JsonNode jsonNode) {
        RemoteUser remoteUser = new RemoteUser();
        remoteUser.setId(jsonNode.get("id").asText());
        remoteUser.setFirstName(jsonNode.get("firstName").asText());
        remoteUser.setLastName(jsonNode.get("lastName").asText());
        remoteUser.setEmail(jsonNode.get("email").asText());
        remoteUser.setFullName(jsonNode.get("fullName").asText());
        if (jsonNode.has("groups")) {
            Iterator<JsonNode> it = ((ArrayNode) jsonNode.get("groups")).iterator();
            while (it.hasNext()) {
                JsonNode next = it.next();
                remoteUser.getGroups().add(new RemoteGroup(next.get("id").asText(), next.get("name").asText()));
            }
        }
        if (jsonNode.has("privileges")) {
            Iterator<JsonNode> it2 = ((ArrayNode) jsonNode.get("privileges")).iterator();
            while (it2.hasNext()) {
                remoteUser.getPrivileges().add(it2.next().asText());
            }
        }
        return remoteUser;
    }

    protected List<RemoteGroup> parseGroupsInfo(JsonNode jsonNode) {
        ArrayList arrayList = new ArrayList();
        if (jsonNode != null && jsonNode.isArray()) {
            Iterator<JsonNode> it = ((ArrayNode) jsonNode).iterator();
            while (it.hasNext()) {
                arrayList.add(parseGroupInfo(it.next()));
            }
        }
        return arrayList;
    }

    protected RemoteGroup parseGroupInfo(JsonNode jsonNode) {
        RemoteGroup remoteGroup = new RemoteGroup();
        remoteGroup.setId(jsonNode.get("id").asText());
        remoteGroup.setName(jsonNode.get("name").asText());
        return remoteGroup;
    }

    protected String encode(String str) {
        if (str == null) {
            return "";
        }
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (Exception e) {
            logger.warn("Could not encode url param", (Throwable) e);
            return null;
        }
    }
}
