package com.atomgraph.linkeddatahub.resource.admin.oauth2;

import com.atomgraph.core.MediaTypes;
import com.atomgraph.core.exception.ConfigurationException;
import com.atomgraph.linkeddatahub.apps.model.AdminApplication;
import com.atomgraph.linkeddatahub.apps.model.Application;
import com.atomgraph.linkeddatahub.apps.model.EndUserApplication;
import com.atomgraph.linkeddatahub.listener.EMailListener;
import com.atomgraph.linkeddatahub.model.Service;
import com.atomgraph.linkeddatahub.resource.admin.SignUp;
import com.atomgraph.linkeddatahub.resource.admin.oauth2.google.Authorize;
import com.atomgraph.linkeddatahub.server.filter.request.auth.IDTokenFilter;
import com.atomgraph.linkeddatahub.server.filter.response.BackendInvalidationFilter;
import com.atomgraph.linkeddatahub.server.model.impl.GraphStoreImpl;
import com.atomgraph.linkeddatahub.server.security.AgentContext;
import com.atomgraph.linkeddatahub.server.util.MessageBuilder;
import com.atomgraph.linkeddatahub.server.util.Skolemizer;
import com.atomgraph.linkeddatahub.vocabulary.ACL;
import com.atomgraph.linkeddatahub.vocabulary.FOAF;
import com.atomgraph.linkeddatahub.vocabulary.Google;
import com.atomgraph.linkeddatahub.vocabulary.LACL;
import com.atomgraph.linkeddatahub.vocabulary.LDHC;
import com.atomgraph.processor.vocabulary.DH;
import com.atomgraph.processor.vocabulary.SIOC;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Base64;
import java.util.GregorianCalendar;
import java.util.Optional;
import java.util.UUID;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.json.JsonObject;
import javax.mail.MessagingException;
import javax.servlet.ServletConfig;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import org.apache.jena.ontology.Ontology;
import org.apache.jena.query.ParameterizedSparqlString;
import org.apache.jena.query.Query;
import org.apache.jena.rdf.model.Model;
import org.apache.jena.rdf.model.ModelFactory;
import org.apache.jena.rdf.model.ResIterator;
import org.apache.jena.rdf.model.Resource;
import org.apache.jena.rdf.model.ResourceFactory;
import org.apache.jena.vocabulary.DCTerms;
import org.apache.jena.vocabulary.RDF;
import org.glassfish.jersey.server.internal.process.MappableException;
import org.glassfish.jersey.uri.UriComponent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("oauth2/login")
/* loaded from: input_file:com/atomgraph/linkeddatahub/resource/admin/oauth2/Login.class */
public class Login extends GraphStoreImpl {
    private static final Logger log = LoggerFactory.getLogger(Login.class);
    public static final String TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token";
    public static final String USER_INFO_ENDPOINT = "https://openidconnect.googleapis.com/v1/userinfo";
    public static final String ACCOUNT_PATH = "acl/users/";
    private final HttpHeaders httpHeaders;
    private final String emailSubject;
    private final String emailText;
    private final String clientID;
    private final String clientSecret;

    @Inject
    public Login(@Context Request request, @Context UriInfo uriInfo, MediaTypes mediaTypes, @Context HttpHeaders httpHeaders, Application application, Optional<Ontology> optional, Optional<Service> optional2, @Context SecurityContext securityContext, Optional<AgentContext> optional3, @Context Providers providers, com.atomgraph.linkeddatahub.Application application2, @Context ServletConfig servletConfig) {
        super(request, uriInfo, mediaTypes, application, optional, optional2, securityContext, optional3, providers, application2);
        this.httpHeaders = httpHeaders;
        this.emailSubject = servletConfig.getServletContext().getInitParameter(LDHC.signUpEMailSubject.getURI());
        if (this.emailSubject == null) {
            throw new InternalServerErrorException(new ConfigurationException(LDHC.signUpEMailSubject));
        }
        this.emailText = servletConfig.getServletContext().getInitParameter(LDHC.oAuthSignUpEMailText.getURI());
        if (this.emailText == null) {
            throw new InternalServerErrorException(new ConfigurationException(LDHC.oAuthSignUpEMailText));
        }
        this.clientID = (String) application2.getProperty(Google.clientID.getURI());
        this.clientSecret = (String) application2.getProperty(Google.clientSecret.getURI());
    }

    @GET
    public Response get(@QueryParam("default") @DefaultValue("false") Boolean bool, @QueryParam("graph") URI uri) {
        boolean z;
        if (getClientID() == null) {
            throw new ConfigurationException(Google.clientID);
        }
        if (getClientSecret() == null) {
            throw new ConfigurationException(Google.clientSecret);
        }
        String str = (String) getUriInfo().getQueryParameters().getFirst("error");
        if (str != null) {
            if (log.isErrorEnabled()) {
                log.error("OAuth callback error: {}", str);
            }
            throw new InternalServerErrorException(str);
        }
        String str2 = (String) getUriInfo().getQueryParameters().getFirst("code");
        String str3 = (String) getUriInfo().getQueryParameters().getFirst("state");
        Cookie cookie = (Cookie) getHttpHeaders().getCookies().get(Authorize.COOKIE_NAME);
        if (!str3.equals(cookie.getValue())) {
            throw new BadRequestException("OAuth 'state' parameter failed to validate");
        }
        Response post = getSystem().getClient().target(TOKEN_ENDPOINT).request().post(Entity.form(new Form().param("grant_type", "authorization_code").param("client_id", getClientID()).param("redirect_uri", getUriInfo().getAbsolutePath().toString()).param("client_secret", getClientSecret()).param("code", str2)));
        try {
            JsonObject jsonObject = (JsonObject) post.readEntity(JsonObject.class);
            if (jsonObject.containsKey("error")) {
                if (log.isErrorEnabled()) {
                    log.error("OAuth error: '{}'", jsonObject.getString("error"));
                }
                throw new InternalServerErrorException(jsonObject.getString("error"));
            }
            String string = jsonObject.getString("id_token");
            DecodedJWT decode = JWT.decode(string);
            if (jsonObject.containsKey("refresh_token")) {
                try {
                    getSystem().storeRefreshToken(decode.getSubject(), jsonObject.getString("refresh_token"));
                } catch (IOException e) {
                    if (log.isErrorEnabled()) {
                        log.error("Error storing OAuth refresh token", e);
                    }
                    throw new InternalServerErrorException(e);
                }
            }
            ParameterizedSparqlString parameterizedSparqlString = new ParameterizedSparqlString(getUserAccountQuery().toString());
            parameterizedSparqlString.setLiteral(SIOC.ID.getLocalName(), decode.getSubject());
            parameterizedSparqlString.setLiteral(LACL.issuer.getLocalName(), decode.getIssuer());
            if (!(!getAgentService().getSPARQLClient().loadModel(parameterizedSparqlString.asQuery()).isEmpty())) {
                String asString = decode.getClaim("email").asString();
                Resource createResource = ResourceFactory.createResource("mailto:" + asString);
                ParameterizedSparqlString parameterizedSparqlString2 = new ParameterizedSparqlString(getAgentQuery().toString());
                parameterizedSparqlString2.setParam(FOAF.mbox.getLocalName(), createResource);
                Model loadModel = getAgentService().getSPARQLClient().loadModel(parameterizedSparqlString2.asQuery());
                if (loadModel.isEmpty()) {
                    z = false;
                    URI build = getUriInfo().getBaseUriBuilder().path(SignUp.AGENT_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
                    createAgent(loadModel, build, loadModel.createResource(getUriInfo().getBaseUri().resolve(SignUp.AGENT_PATH).toString()), decode.getClaim("given_name").asString(), decode.getClaim("family_name").asString(), asString, decode.getClaim("picture") != null ? decode.getClaim("picture").asString() : null);
                    new Skolemizer(build.toString()).apply(loadModel);
                } else {
                    z = true;
                }
                ResIterator listResourcesWithProperty = loadModel.listResourcesWithProperty(FOAF.mbox);
                try {
                    try {
                        Resource resource = (Resource) listResourcesWithProperty.next();
                        Model createDefaultModel = ModelFactory.createDefaultModel();
                        URI build2 = getUriInfo().getBaseUriBuilder().path(ACCOUNT_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
                        createUserAccount(createDefaultModel, build2, createDefaultModel.createResource(getUriInfo().getBaseUri().resolve(ACCOUNT_PATH).toString()), decode.getSubject(), decode.getIssuer(), decode.getClaim("name").asString(), asString).addProperty(SIOC.ACCOUNT_OF, resource);
                        new Skolemizer(build2.toString()).apply(createDefaultModel);
                        if (super.post(createDefaultModel, false, build2).getStatus() != Response.Status.CREATED.getStatusCode()) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create UserAccount");
                            }
                            throw new InternalServerErrorException("Cannot create UserAccount");
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("Created UserAccount for user ID: {}", decode.getSubject());
                        }
                        resource.addProperty(FOAF.account, createDefaultModel.createResource(build2.toString()).getPropertyResourceValue(FOAF.primaryTopic));
                        loadModel.add(loadModel.createResource(getSystem().getSecretaryWebIDURI().toString()), ACL.delegates, resource);
                        URI create = URI.create(resource.getURI());
                        URI normalize = new URI(create.getScheme(), create.getSchemeSpecificPart(), null).normalize();
                        Response post2 = super.post(loadModel, false, normalize);
                        if ((!z && post2.getStatus() != Response.Status.CREATED.getStatusCode()) || (z && post2.getStatus() != Response.Status.OK.getStatusCode())) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create Agent or append metadata to it");
                            }
                            throw new InternalServerErrorException("Cannot create Agent or append metadata to it");
                        }
                        Model createDefaultModel2 = ModelFactory.createDefaultModel();
                        URI build3 = getUriInfo().getBaseUriBuilder().path(SignUp.AUTHORIZATION_PATH).path("{slug}/").build(new Object[]{UUID.randomUUID().toString()});
                        createAuthorization(createDefaultModel2, build3, createDefaultModel.createResource(getUriInfo().getBaseUri().resolve(SignUp.AUTHORIZATION_PATH).toString()), normalize, build2);
                        new Skolemizer(build3.toString()).apply(createDefaultModel2);
                        if (super.post(createDefaultModel2, false, build3).getStatus() != Response.Status.CREATED.getStatusCode()) {
                            if (log.isErrorEnabled()) {
                                log.error("Cannot create Authorization");
                            }
                            throw new InternalServerErrorException("Cannot create Authorization");
                        }
                        if (getApplication().mo17getService().getProxy() != null) {
                            ban(getApplication().mo17getService().getProxy(), decode.getSubject());
                        }
                        getSystem().getEventBus().post(new com.atomgraph.linkeddatahub.server.event.SignUp(getSystem().getSecretaryWebIDURI()));
                        if (log.isDebugEnabled()) {
                            log.debug("Created Agent for user ID: {}", decode.getSubject());
                        }
                        sendEmail(resource);
                        listResourcesWithProperty.close();
                    } catch (Throwable th) {
                        listResourcesWithProperty.close();
                        throw th;
                    }
                } catch (UnsupportedEncodingException | MessagingException | URISyntaxException | InternalServerErrorException e2) {
                    throw new MappableException(e2);
                }
            }
            Response build4 = Response.seeOther(URI.create(new String(Base64.getDecoder().decode(cookie.getValue())).split(Pattern.quote(";"))[1])).cookie(new NewCookie[]{new NewCookie(IDTokenFilter.COOKIE_NAME, string, getApplication().as(AdminApplication.class).getEndUserApplication().getBaseURI().getPath(), (String) null, 1, (String) null, -1, false)}).build();
            if (post != null) {
                post.close();
            }
            return build4;
        } catch (Throwable th2) {
            if (post != null) {
                try {
                    post.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    public boolean verify(DecodedJWT decodedJWT) {
        return true;
    }

    public Resource createAgent(Model model, URI uri, Resource resource, String str, String str2, String str3, String str4) {
        Resource addLiteral = model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString());
        Resource addProperty = model.createResource().addProperty(RDF.type, FOAF.Agent).addLiteral(FOAF.givenName, str).addLiteral(FOAF.familyName, str2).addProperty(FOAF.mbox, model.createResource("mailto:" + str3));
        if (str4 != null) {
            addProperty.addProperty(FOAF.img, model.createResource(str4));
        }
        addLiteral.addProperty(FOAF.primaryTopic, addProperty);
        return addProperty;
    }

    public Resource createUserAccount(Model model, URI uri, Resource resource, String str, String str2, String str3, String str4) {
        Resource addLiteral = model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString());
        Resource addProperty = model.createResource().addLiteral(DCTerms.created, GregorianCalendar.getInstance()).addProperty(RDF.type, SIOC.USER_ACCOUNT).addLiteral(SIOC.ID, str).addLiteral(LACL.issuer, str2).addLiteral(SIOC.NAME, str3).addProperty(SIOC.EMAIL, model.createResource("mailto:" + str4));
        addLiteral.addProperty(FOAF.primaryTopic, addProperty);
        return addProperty;
    }

    public Resource createAuthorization(Model model, URI uri, Resource resource, URI uri2, URI uri3) {
        Resource addLiteral = model.createResource(uri.toString()).addProperty(RDF.type, DH.Item).addProperty(SIOC.HAS_CONTAINER, resource).addLiteral(DH.slug, UUID.randomUUID().toString());
        Resource addProperty = model.createResource().addProperty(RDF.type, ACL.Authorization).addLiteral(DH.slug, UUID.randomUUID().toString()).addProperty(ACL.accessTo, ResourceFactory.createResource(uri2.toString())).addProperty(ACL.mode, ACL.Read).addProperty(ACL.agentClass, FOAF.Agent).addProperty(ACL.agentClass, ACL.AuthenticatedAgent);
        addLiteral.addProperty(FOAF.primaryTopic, addProperty);
        return addProperty;
    }

    public void sendEmail(Resource resource) throws MessagingException, UnsupportedEncodingException {
        String string = (resource.hasProperty(FOAF.givenName) && resource.hasProperty(FOAF.familyName)) ? resource.getRequiredProperty(FOAF.givenName).getString() + " " + resource.getRequiredProperty(FOAF.familyName).getString() : resource.getProperty(FOAF.name).getString();
        MessageBuilder textBodyPart = getSystem().getMessageBuilder().subject(String.format(getEmailSubject(), getEndUserApplication().getProperty(DCTerms.title).getString(), string)).to(resource.getRequiredProperty(FOAF.mbox).getResource().getURI().substring("mailto:".length()), string).textBodyPart(String.format(getEmailText(), getEndUserApplication().getProperty(DCTerms.title).getString(), getEndUserApplication().getBase(), resource.getURI()));
        if (getSystem().getNotificationAddress() != null) {
            textBodyPart = textBodyPart.from(getSystem().getNotificationAddress());
        }
        EMailListener.submit(textBodyPart.build());
    }

    public Response ban(Resource resource, String str) {
        if (str == null) {
            throw new IllegalArgumentException("Resource cannot be null");
        }
        return (Response) getSystem().getClient().target(resource.getURI()).request().header(BackendInvalidationFilter.HEADER_NAME, UriComponent.encode(str, UriComponent.Type.UNRESERVED)).method("BAN", Response.class);
    }

    public EndUserApplication getEndUserApplication() {
        return getApplication().canAs(EndUserApplication.class) ? getApplication().as(EndUserApplication.class) : getApplication().as(AdminApplication.class).getEndUserApplication();
    }

    public HttpHeaders getHttpHeaders() {
        return this.httpHeaders;
    }

    public Service getAgentService() {
        return getApplication().mo17getService();
    }

    public String getEmailSubject() {
        return this.emailSubject;
    }

    public String getEmailText() {
        return this.emailText;
    }

    public Query getUserAccountQuery() {
        return getSystem().getUserAccountQuery();
    }

    public Query getAgentQuery() {
        return getSystem().getAgentQuery();
    }

    private String getClientID() {
        return this.clientID;
    }

    private String getClientSecret() {
        return this.clientSecret;
    }
}
