package org.wso2.carbon.identity.authenticator.github;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthAuthzResponse;
import org.apache.oltu.oauth2.client.response.OAuthClientResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.oidc.OpenIDConnectAuthenticator;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.authenticator.github.GithubAuthenticatorConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.utils.DiagnosticLog;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/github/GithubAuthenticator.class */
public class GithubAuthenticator extends OpenIDConnectAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(GithubAuthenticator.class);

    protected String getAuthorizationServerEndpoint(Map<String, String> map) {
        return GithubAuthenticatorConstants.GITHUB_OAUTH_ENDPOINT;
    }

    protected String getTokenEndpoint(Map<String, String> map) {
        return GithubAuthenticatorConstants.GITHUB_TOKEN_ENDPOINT;
    }

    protected String getUserInfoEndpoint(OAuthClientResponse oAuthClientResponse, Map<String, String> map) {
        return GithubAuthenticatorConstants.GITHUB_USER_INFO_ENDPOINT;
    }

    protected boolean requiredIDToken(Map<String, String> map) {
        return false;
    }

    public String getFriendlyName() {
        return GithubAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return GithubAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public String getScope(String str, Map<String, String> map) {
        String str2 = map.get(GithubAuthenticatorConstants.SCOPE);
        if (StringUtils.isEmpty(str2)) {
            str2 = GithubAuthenticatorConstants.USER_SCOPE;
        }
        return str2;
    }

    protected String getQueryString(Map<String, String> map) {
        String str = map.get(GithubAuthenticatorConstants.ADDITIONAL_QUERY_PARAMS);
        if (StringUtils.isNotEmpty(map.get(GithubAuthenticatorConstants.SCOPE)) && StringUtils.isNotEmpty(str) && str.toLowerCase().contains("scope=")) {
            String[] split = str.split("&");
            StringBuilder sb = new StringBuilder();
            for (String str2 : split) {
                if (!str2.toLowerCase().contains("scope=")) {
                    sb.append(str2);
                }
            }
            str = sb.toString();
        }
        return str;
    }

    protected boolean isPrimaryEmailUsed(Map<String, String> map) {
        return Boolean.parseBoolean(map.get(GithubAuthenticatorConstants.USE_PRIMARY_EMAIL));
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(GithubAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_GITHUB_SERVICE, GithubAuthenticatorConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
            diagnosticLogBuilder.resultMessage("Processing outbound GitHub authentication response.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParam("idp", authenticationContext.getExternalIdP().getIdPName()).inputParams(getApplicationDetails(authenticationContext));
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        try {
            Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
            OAuthClientResponse oauthResponse = getOauthResponse(new GithubOAuthClient(new URLConnectionClient()), getAccessRequest(getTokenEndpoint(authenticatorProperties), authenticatorProperties.get("ClientId"), OAuthAuthzResponse.oauthCodeAuthzResponse(httpServletRequest).getCode(), authenticatorProperties.get("ClientSecret"), getCallbackUrl(authenticatorProperties)));
            String param = oauthResponse.getParam("access_token");
            if (StringUtils.isBlank(param)) {
                throw new AuthenticationFailedException("Access token is empty or null");
            }
            String sendRequest = sendRequest(GithubAuthenticatorConstants.GITHUB_USER_INFO_ENDPOINT, param);
            if (StringUtils.isBlank(param)) {
                throw new AuthenticationFailedException("Access token is empty or null");
            }
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = null;
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(GithubAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_GITHUB_SERVICE, GithubAuthenticatorConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
                diagnosticLogBuilder2.inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext)).inputParam("idp", authenticationContext.getExternalIdP().getIdPName()).logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION);
            }
            AuthenticatedUser createFederateAuthenticatedUserFromSubjectIdentifier = AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(JSONUtils.parseJSON(sendRequest).get(GithubAuthenticatorConstants.USER_ID).toString());
            createFederateAuthenticatedUserFromSubjectIdentifier.setAuthenticatedSubjectIdentifier(JSONUtils.parseJSON(sendRequest).get(GithubAuthenticatorConstants.USER_ID).toString());
            Map subjectAttributes = getSubjectAttributes(oauthResponse, authenticatorProperties);
            if (isPrimaryEmailUsed(authenticatorProperties)) {
                List asList = Arrays.asList(getScope(null, authenticatorProperties).split(" "));
                if (asList.contains(GithubAuthenticatorConstants.USER_SCOPE) || asList.contains(GithubAuthenticatorConstants.USER_EMAIL_SCOPE)) {
                    String primaryEmail = getPrimaryEmail(GithubAuthenticatorConstants.GITHUB_USER_EMAILS_ENDPOINT, param);
                    if (StringUtils.isNotEmpty(primaryEmail)) {
                        for (Map.Entry entry : subjectAttributes.entrySet()) {
                            if (GithubAuthenticatorConstants.USER_EMAIL.equals(((ClaimMapping) entry.getKey()).getRemoteClaim().getClaimUri())) {
                                entry.setValue(primaryEmail);
                            }
                        }
                    }
                }
                if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                    diagnosticLogBuilder2.inputParam(GithubAuthenticatorConstants.SCOPE, asList);
                }
            }
            createFederateAuthenticatedUserFromSubjectIdentifier.setUserAttributes(subjectAttributes);
            authenticationContext.setSubject(createFederateAuthenticatedUserFromSubjectIdentifier);
            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                diagnosticLogBuilder2.resultMessage("Outbound GitHub authentication response processed successfully.").resultStatus(DiagnosticLog.ResultStatus.SUCCESS);
                if (authenticationContext.getSubject().getUserAttributes() != null) {
                    diagnosticLogBuilder2.inputParam("user attributes (local claim : remote claim)", getUserAttributeClaimMappingList(authenticationContext.getSubject()));
                }
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            }
        } catch (OAuthProblemException | IOException e) {
            throw new AuthenticationFailedException("Authentication process failed", e);
        }
    }

    protected OAuthClientResponse getOauthResponse(OAuthClient oAuthClient, OAuthClientRequest oAuthClientRequest) throws AuthenticationFailedException {
        try {
            return oAuthClient.accessToken(oAuthClientRequest);
        } catch (OAuthSystemException | OAuthProblemException e) {
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    private OAuthClientRequest getAccessRequest(String str, String str2, String str3, String str4, String str5) throws AuthenticationFailedException {
        try {
            return OAuthClientRequest.tokenLocation(str).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId(str2).setClientSecret(str4).setRedirectURI(str5).setCode(str3).buildBodyMessage();
        } catch (OAuthSystemException e) {
            throw new AuthenticationFailedException(e.getMessage(), e);
        }
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName("ClientId");
        property.setDisplayName("Client Id");
        property.setRequired(true);
        property.setDescription("Enter Github IDP client identifier value");
        property.setDisplayOrder(1);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName("ClientSecret");
        property2.setDisplayName("Client Secret");
        property2.setRequired(true);
        property2.setConfidential(true);
        property2.setDescription("Enter Github IDP client secret value");
        property2.setDisplayOrder(2);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName(GithubAuthenticatorConstants.SCOPE);
        property3.setDisplayName("Scope");
        property3.setRequired(false);
        property3.setDescription("Enter scope for the user access");
        property3.setDisplayOrder(3);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setName(GithubAuthenticatorConstants.ADDITIONAL_QUERY_PARAMS);
        property4.setDisplayName("Additional Query Parameters");
        property4.setRequired(false);
        property4.setValue("");
        property4.setDescription("Additional query parameters. e.g: paramName1=value1");
        property4.setDisplayOrder(4);
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setDisplayName("Callback URL");
        property5.setName("callbackUrl");
        property5.setDescription("Enter value corresponding to callback url.");
        property5.setDisplayOrder(5);
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setName(GithubAuthenticatorConstants.USE_PRIMARY_EMAIL);
        property6.setDisplayName("Use Primary Email");
        property6.setRequired(false);
        property6.setValue("true");
        property6.setType("boolean");
        property6.setDescription("Specifies if primary email is used instead of public email.");
        property6.setDisplayOrder(6);
        arrayList.add(property6);
        return arrayList;
    }

    protected String sendRequest(String str, String str2) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("Claim URL: " + str);
        }
        if (str == null) {
            return "";
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str3 = readLine;
            if (str3 == null) {
                break;
            }
            sb.append(str3).append("\n");
            readLine = bufferedReader.readLine();
        }
        bufferedReader.close();
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserIdToken")) {
            log.debug("response: " + sb.toString());
        }
        return sb.toString();
    }

    protected String getComponentId() {
        return GithubAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_GITHUB_SERVICE;
    }

    private String getPrimaryEmail(String str, String str2) throws IOException {
        String str3 = null;
        if (log.isDebugEnabled()) {
            log.debug("Access GitHub user emails endpoint using: " + str);
        }
        if (str == null) {
            return "";
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        int responseCode = httpURLConnection.getResponseCode();
        if (httpURLConnection.getResponseCode() != 200) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Failed to retrieve user emails. Status code: " + responseCode);
            return null;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str4 = readLine;
            if (!StringUtils.isNotEmpty(str4)) {
                break;
            }
            sb.append(str4).append("\n");
            readLine = bufferedReader.readLine();
        }
        bufferedReader.close();
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserIdToken")) {
            log.debug("GitHub user emails response: " + ((Object) sb));
        }
        JSONArray jSONArray = new JSONArray(sb.toString());
        int i = 0;
        while (true) {
            if (i >= jSONArray.length()) {
                break;
            }
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            if (Boolean.parseBoolean(jSONObject.get(GithubAuthenticatorConstants.PRIMARY).toString())) {
                str3 = jSONObject.get(GithubAuthenticatorConstants.USER_EMAIL).toString();
                break;
            }
            i++;
        }
        return str3;
    }

    private Map<String, String> getApplicationDetails(AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(str -> {
        });
        FrameworkUtils.getApplicationName(authenticationContext).ifPresent(str2 -> {
        });
        return hashMap;
    }

    private static List<String> getUserAttributeClaimMappingList(AuthenticatedUser authenticatedUser) {
        return (List) authenticatedUser.getUserAttributes().keySet().stream().map(claimMapping -> {
            return claimMapping.getLocalClaim().getClaimUri() + " : " + claimMapping.getRemoteClaim().getClaimUri();
        }).collect(Collectors.toList());
    }
}
