package org.opencastproject.userdirectory.canvas;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.http.client.fluent.Request;
import org.opencastproject.security.api.JaxbOrganization;
import org.opencastproject.security.api.JaxbRole;
import org.opencastproject.security.api.JaxbUser;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.OrganizationDirectoryService;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.RoleProvider;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;
import org.opencastproject.security.api.UserProvider;
import org.opencastproject.util.NotFoundException;
import org.opencastproject.util.OsgiUtil;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=Provides for Canvas users and roles"}, immediate = true, service = {UserProvider.class, RoleProvider.class})
/* loaded from: input_file:org/opencastproject/userdirectory/canvas/CanvasUserRoleProvider.class */
public class CanvasUserRoleProvider implements UserProvider, RoleProvider {
    private static final String LTI_LEARNER_ROLE = "Learner";
    private static final String LTI_INSTRUCTOR_ROLE = "Instructor";
    private static final String PROVIDER_NAME = "canvas";
    private static final String ORGANIZATION_KEY = "org.opencastproject.userdirectory.canvas.org";
    private static final String DEFAULT_ORGANIZATION_VALUE = "mh_default_org";
    private static final String CANVAS_URL_KEY = "org.opencastproject.userdirectory.canvas.url";
    private static final String CANVAS_USER_TOKEN_KEY = "org.opencastproject.userdirectory.canvas.token";
    private static final String CACHE_SIZE_KEY = "org.opencastproject.userdirectory.canvas.cache.size";
    private static final String CACHE_EXPIRATION_KEY = "org.opencastproject.userdirectory.canvas.cache.expiration";
    private static final String CANVAS_INSTRUCTOR_ROLES_KEY = "org.opencastproject.userdirectory.canvas.instructor.roles";
    private static final String DEFAULT_CANVAS_INSTRUCTOR_ROLES = "teacher,ta";
    private static final String IGNORED_USERNAMES_KEY = "org.opencastproject.userdirectory.canvas.ignored.usernames";
    private static final String DEFAULT_INGROED_USERNAMES = "admin,anonymous";

    /* renamed from: org, reason: collision with root package name */
    private Organization f0org;
    private String url;
    private String token;
    private int cacheSize;
    private int cacheExpiration;
    private Set<String> instructorRoles;
    private Set<String> ignoredUsernames;
    private LoadingCache<String, Object> cache = null;
    private final Object nullToken = new Object();
    private OrganizationDirectoryService orgDirectory;
    private SecurityService securityService;
    private static final Logger logger = LoggerFactory.getLogger(CanvasUserRoleProvider.class);
    private static final Integer DEFAULT_CACHE_SIZE_VALUE = 1000;
    private static final Integer DEFAULT_CACHE_EXPIRATION_VALUE = 60;

    @Activate
    public void activate(ComponentContext componentContext) throws ConfigurationException {
        loadConfig(componentContext);
        logger.info("Activating CanvasUserRoleProvider(url={}, cacheSize={}, cacheExpiration={}, instructorRoles={}, ignoredUserNames={}", new Object[]{this.url, Integer.valueOf(this.cacheSize), Integer.valueOf(this.cacheExpiration), this.instructorRoles, this.ignoredUsernames});
        this.cache = CacheBuilder.newBuilder().maximumSize(this.cacheSize).expireAfterWrite(this.cacheExpiration, TimeUnit.MINUTES).build(new CacheLoader<String, Object>() { // from class: org.opencastproject.userdirectory.canvas.CanvasUserRoleProvider.1
            public Object load(String str) {
                User loadUserFromCanvas = CanvasUserRoleProvider.this.loadUserFromCanvas(str);
                return loadUserFromCanvas == null ? CanvasUserRoleProvider.this.nullToken : loadUserFromCanvas;
            }
        });
    }

    @Reference(name = "orgDirectory")
    public void setOrgDirectory(OrganizationDirectoryService organizationDirectoryService) {
        this.orgDirectory = organizationDirectoryService;
    }

    @Reference(name = "securityService")
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    private void loadConfig(ComponentContext componentContext) throws ConfigurationException {
        String componentContextProperty = OsgiUtil.getComponentContextProperty(componentContext, ORGANIZATION_KEY, DEFAULT_ORGANIZATION_VALUE);
        try {
            this.f0org = this.orgDirectory.getOrganization(componentContextProperty);
            this.url = OsgiUtil.getComponentContextProperty(componentContext, CANVAS_URL_KEY);
            if (this.url.endsWith("/")) {
                this.url = StringUtils.chop(this.url);
            }
            logger.debug("Canvas URL: {}", this.url);
            this.token = OsgiUtil.getComponentContextProperty(componentContext, CANVAS_USER_TOKEN_KEY);
            this.cacheSize = NumberUtils.toInt(OsgiUtil.getComponentContextProperty(componentContext, CACHE_SIZE_KEY, DEFAULT_CACHE_SIZE_VALUE.toString()));
            this.cacheExpiration = NumberUtils.toInt(OsgiUtil.getComponentContextProperty(componentContext, CACHE_EXPIRATION_KEY, DEFAULT_CACHE_EXPIRATION_VALUE.toString()));
            this.instructorRoles = parsePropertyLineAsSet(OsgiUtil.getComponentContextProperty(componentContext, CANVAS_INSTRUCTOR_ROLES_KEY, DEFAULT_CANVAS_INSTRUCTOR_ROLES));
            logger.debug("Canvas instructor roles: {}", this.instructorRoles);
            this.ignoredUsernames = parsePropertyLineAsSet(OsgiUtil.getComponentContextProperty(componentContext, IGNORED_USERNAMES_KEY, DEFAULT_INGROED_USERNAMES));
            logger.debug("Ignored users: {}", this.ignoredUsernames);
        } catch (NotFoundException e) {
            logger.warn("Organization {} not found!", componentContextProperty);
            throw new ConfigurationException(ORGANIZATION_KEY, "not found");
        }
    }

    public List<Role> getRolesForUser(String str) {
        logger.debug("getRolesForUser({})", str);
        ArrayList arrayList = new ArrayList();
        if (this.ignoredUsernames.contains(str)) {
            logger.debug("We don't answer for: {}", str);
            return arrayList;
        }
        User loadUser = loadUser(str);
        if (loadUser != null) {
            logger.debug("Returning cached rolset for {}", str);
            return new ArrayList(loadUser.getRoles());
        }
        logger.debug("Return empty roleset for {} - not found in Canvas", str);
        return Collections.emptyList();
    }

    public Iterator<Role> findRoles(String str, Role.Target target, int i, int i2) {
        logger.debug("findRoles(query={} offset={} limit={})", new Object[]{str, Integer.valueOf(i), Integer.valueOf(i2)});
        if (target == Role.Target.USER) {
            return Collections.emptyIterator();
        }
        boolean z = true;
        if (str.endsWith("%")) {
            z = false;
            str = StringUtils.chop(str);
        }
        if (str.isEmpty()) {
            return Collections.emptyIterator();
        }
        if (z && !str.endsWith("_Learner") && !str.endsWith("_Instructor")) {
            return Collections.emptyIterator();
        }
        ArrayList arrayList = new ArrayList();
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.f0org);
        Iterator<String> it = getCanvasSiteRolesByCurrentUser(str, z).iterator();
        while (it.hasNext()) {
            arrayList.add(new JaxbRole(it.next(), fromOrganization, "Canvas Site Role", Role.Type.EXTERNAL));
        }
        return arrayList.iterator();
    }

    public String getName() {
        return PROVIDER_NAME;
    }

    public Iterator<User> getUsers() {
        return Collections.emptyIterator();
    }

    public User loadUser(String str) {
        logger.debug("loadUser({})", str);
        Object unchecked = this.cache.getUnchecked(str);
        if (unchecked == this.nullToken) {
            logger.debug("Returning null user from cache");
            return null;
        }
        logger.debug("Returning user {} from cache", str);
        return (JaxbUser) unchecked;
    }

    public long countUsers() {
        return 0L;
    }

    public String getOrganization() {
        return this.f0org.getId();
    }

    public Iterator<User> findUsers(String str, int i, int i2) {
        if (str == null) {
            throw new IllegalArgumentException("Query must be set");
        }
        if (str.endsWith("%")) {
            str = str.substring(0, str.length() - 1);
        }
        if (!str.isEmpty() && verifyCanvasUser(str)) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new JaxbUser(str, PROVIDER_NAME, JaxbOrganization.fromOrganization(this.f0org), new HashSet()));
            return arrayList.iterator();
        }
        return Collections.emptyIterator();
    }

    public void invalidate(String str) {
        this.cache.invalidate(str);
    }

    private User loadUserFromCanvas(String str) {
        if (this.cache == null) {
            throw new IllegalArgumentException("The Canvas user detail service has not yet been configured");
        }
        if (this.ignoredUsernames.contains(str)) {
            this.cache.put(str, this.nullToken);
            logger.debug("We don't answer for: {}", str);
            return null;
        }
        logger.debug("In loadUserFromCanvas, currently processing user: {}", str);
        JaxbOrganization fromOrganization = JaxbOrganization.fromOrganization(this.f0org);
        String[] canvasUserInfo = getCanvasUserInfo(str);
        if (canvasUserInfo == null) {
            this.cache.put(str, this.nullToken);
            return null;
        }
        String str2 = canvasUserInfo[0];
        String str3 = canvasUserInfo[1];
        List<String> rolesFromCanvas = getRolesFromCanvas(str);
        if (rolesFromCanvas == null) {
            this.cache.put(str, this.nullToken);
            return null;
        }
        logger.debug("Canvas roles for {}: {}", str, rolesFromCanvas);
        HashSet hashSet = new HashSet();
        boolean z = false;
        for (String str4 : rolesFromCanvas) {
            hashSet.add(new JaxbRole(str4, fromOrganization, "Canvas external role", Role.Type.EXTERNAL));
            if (str4.endsWith(LTI_INSTRUCTOR_ROLE)) {
                z = true;
            }
        }
        hashSet.add(new JaxbRole("ROLE_GROUP_CANVAS", fromOrganization, "Canvas User", Role.Type.EXTERNAL_GROUP));
        if (z) {
            hashSet.add(new JaxbRole("ROLE_GROUP_CANVAS_INSTRUCTOR", fromOrganization, "Canvas Instructor", Role.Type.EXTERNAL_GROUP));
        }
        logger.debug("Returning JaxbRoles: {}", hashSet);
        JaxbUser jaxbUser = new JaxbUser(str, (String) null, str3, str2, PROVIDER_NAME, fromOrganization, hashSet);
        this.cache.put(str, jaxbUser);
        logger.debug("Returning user {}", str);
        return jaxbUser;
    }

    private String[] getCanvasUserInfo(String str) {
        String format = String.format("%s/api/v1/users/sis_login_id:%s", this.url, str);
        try {
            JsonNode requestJson = getRequestJson(format);
            return new String[]{requestJson.path("email").asText(), requestJson.path("name").asText()};
        } catch (IOException e) {
            logger.warn("Exception getting Canvas user information for user {} at {}: {}", new Object[]{str, format, e});
            return null;
        }
    }

    private List<String> getRolesFromCanvas(String str) {
        logger.debug("getRolesFromCanvas({})", str);
        String format = String.format("%s/api/v1/users/sis_login_id:%s/courses.json?per_page=500&enrollment_state=active&state[]=unpublished&state[]=available", this.url, str);
        try {
            ArrayList arrayList = new ArrayList();
            Iterator it = getRequestJson(format).iterator();
            while (it.hasNext()) {
                JsonNode jsonNode = (JsonNode) it.next();
                String asText = jsonNode.path("id").asText();
                Iterator it2 = jsonNode.path("enrollments").iterator();
                while (it2.hasNext()) {
                    arrayList.add(String.format("%s_%s", asText, this.instructorRoles.contains(((JsonNode) it2.next()).path("type").asText()) ? LTI_INSTRUCTOR_ROLE : LTI_LEARNER_ROLE));
                }
            }
            return arrayList;
        } catch (IOException e) {
            logger.warn("Exception getting site/role membership for Canvas user {} at {}: {}", new Object[]{str, format, e});
            return null;
        }
    }

    private JsonNode getRequestJson(String str) throws IOException {
        return new ObjectMapper().readTree(Request.Get(str).addHeader("Authorization", "Bearer " + this.token).execute().returnContent().asStream());
    }

    private boolean verifyCanvasUser(String str) {
        logger.debug("verifyCanvasUser({})", str);
        try {
            getRequestJson(String.format("%s/api/v1/users/sis_login_id:%s", this.url, str));
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    private Set<String> parsePropertyLineAsSet(String str) {
        HashSet hashSet = new HashSet();
        for (String str2 : str.split(",")) {
            hashSet.add(str2.trim());
        }
        return hashSet;
    }

    private List<String> getCanvasSiteRolesByCurrentUser(String str, boolean z) {
        User user = this.securityService.getUser();
        if (z) {
            return ((Set) user.getRoles().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet())).contains(str) ? Collections.singletonList(str) : Collections.emptyList();
        }
        String chop = StringUtils.chop(str);
        return (List) user.getRoles().stream().map((v0) -> {
            return v0.getName();
        }).filter(str2 -> {
            return str2.endsWith("_Instructor") || str2.endsWith("_Learner");
        }).map(str3 -> {
            return StringUtils.substringBeforeLast(str3, "_");
        }).distinct().map(str4 -> {
            return Arrays.asList(str4 + "_Learner", str4 + "_Instructor");
        }).flatMap(list -> {
            return list.stream();
        }).filter(str5 -> {
            return str5.startsWith(chop);
        }).collect(Collectors.toList());
    }
}
