package org.apereo.cas.azure.ad.authentication;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Maps;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.hjson.JsonValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:org/apereo/cas/azure/ad/authentication/AzureActiveDirectoryAuthenticationHandler.class */
public class AzureActiveDirectoryAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AzureActiveDirectoryAuthenticationHandler.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules().configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true).setSerializationInclusion(JsonInclude.Include.NON_NULL);
    private final String loginUrl;
    private final String resource;
    private final String clientId;

    public AzureActiveDirectoryAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, String str2, String str3, String str4) {
        super(str, servicesManager, principalFactory, num);
        this.clientId = str2;
        this.loginUrl = str3;
        this.resource = str4;
    }

    private String getUserInfoFromGraph(String str) throws Exception {
        URL url = new URL(StringUtils.appendIfMissing(this.resource, "/", new CharSequence[0]) + "v1.0/me");
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str);
        httpURLConnection.setRequestProperty("Accept", "application/json");
        LOGGER.debug("Fetching user info from [{}] using access token [{}]", url.toExternalForm(), str);
        int responseCode = httpURLConnection.getResponseCode();
        if (HttpStatus.valueOf(responseCode).is2xxSuccessful()) {
            return IOUtils.toString(httpURLConnection.getInputStream(), StandardCharsets.UTF_8);
        }
        throw new FailedLoginException(String.format("Failed: status %s with message: %s", Integer.valueOf(responseCode), httpURLConnection.getResponseMessage()));
    }

    private AuthenticationResult getAccessTokenFromUserCredentials(String str, String str2) throws Exception {
        ExecutorService executorService = (ExecutorService) null;
        try {
            executorService = Executors.newFixedThreadPool(1);
            AuthenticationContext authenticationContext = new AuthenticationContext(this.loginUrl, false, executorService);
            LOGGER.debug("Acquiring token for resource [{}] and client id [{}} for user [{}]", new Object[]{this.resource, this.clientId, str});
            AuthenticationResult authenticationResult = (AuthenticationResult) authenticationContext.acquireToken(this.resource, this.clientId, str, str2, (AuthenticationCallback) null).get();
            if (executorService != null) {
                executorService.shutdown();
            }
            return authenticationResult;
        } catch (Throwable th) {
            if (executorService != null) {
                executorService.shutdown();
            }
            throw th;
        }
    }

    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException {
        try {
            String username = usernamePasswordCredential.getUsername();
            LOGGER.trace("Fetching token for [{}]", username);
            AuthenticationResult accessTokenFromUserCredentials = getAccessTokenFromUserCredentials(username, usernamePasswordCredential.getPassword());
            LOGGER.debug("Retrieved token [{}] for [{}]", accessTokenFromUserCredentials.getAccessToken(), username);
            String userInfoFromGraph = getUserInfoFromGraph(accessTokenFromUserCredentials.getAccessToken());
            LOGGER.trace("Retrieved user info [{}]", userInfoFromGraph);
            Map map = (Map) MAPPER.readValue(JsonValue.readHjson(userInfoFromGraph).toString(), Map.class);
            HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(map.size());
            map.forEach((str2, obj) -> {
                ArrayList arrayList = (ArrayList) CollectionUtils.toCollection(obj, ArrayList.class);
                if (arrayList.isEmpty()) {
                    return;
                }
                newHashMapWithExpectedSize.put(str2, arrayList);
            });
            Principal createPrincipal = this.principalFactory.createPrincipal(username, newHashMapWithExpectedSize);
            LOGGER.debug("Created principal for id [{}] and [{}] attributes", username, newHashMapWithExpectedSize);
            return createHandlerResult(usernamePasswordCredential, createPrincipal, new ArrayList(0));
        } catch (Exception e) {
            throw new FailedLoginException("Invalid credentials: " + e.getMessage());
        }
    }
}
