package org.wso2.carbon.identity.provisioning.connector.google;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.json.GoogleJsonResponseException;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserName;
import com.google.api.services.admin.directory.model.Users;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.provisioning.AbstractOutboundProvisioningConnector;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningException;
import org.wso2.carbon.identity.provisioning.ProvisionedIdentifier;
import org.wso2.carbon.identity.provisioning.ProvisioningEntity;
import org.wso2.carbon.identity.provisioning.ProvisioningEntityType;
import org.wso2.carbon.identity.provisioning.ProvisioningOperation;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/connector/google/GoogleProvisioningConnector.class */
public class GoogleProvisioningConnector extends AbstractOutboundProvisioningConnector {
    private static final long serialVersionUID = -6152718786151333233L;
    private GoogleProvisioningConnectorConfig configHolder;
    private static final Log log = LogFactory.getLog(GoogleProvisioningConnector.class);
    private static SecureRandom random = new SecureRandom();
    private static File googlePrvKey = null;

    public void init(Property[] propertyArr) throws IdentityProvisioningException {
        Properties properties = new Properties();
        if (propertyArr != null && propertyArr.length > 0) {
            for (Property property : propertyArr) {
                if (property.getName().equals("google_prov_private_key")) {
                    try {
                        byte[] decode = Base64Utils.decode(property.getValue());
                        googlePrvKey = new File("googlePrvKey");
                        FileOutputStream fileOutputStream = new FileOutputStream(googlePrvKey);
                        fileOutputStream.write(decode);
                        fileOutputStream.flush();
                        fileOutputStream.close();
                    } catch (IOException e) {
                        log.error("Error while generating private key file object", e);
                    }
                }
                properties.put(property.getName(), property.getValue());
                if ("jitProvisioningEnabled".equals(property.getName()) && "1".equals(property.getValue())) {
                    this.jitProvisioningEnabled = true;
                }
            }
        }
        this.configHolder = new GoogleProvisioningConnectorConfig(properties);
    }

    public String getClaimDialectUri() throws IdentityProvisioningException {
        return null;
    }

    public ProvisionedIdentifier provision(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        ProvisionedIdentifier provisionedIdentifier = null;
        if (provisioningEntity != null) {
            if (provisioningEntity.isJitProvisioning() && !isJitProvisioningEnabled()) {
                log.debug("JIT provisioning disabled for Google connector");
                return null;
            }
            if (provisioningEntity.getEntityType() != ProvisioningEntityType.USER) {
                log.warn("Unsupported provisioning opertaion for Google Provisioning Connector.");
            } else if (provisioningEntity.getOperation() == ProvisioningOperation.DELETE) {
                deleteUser(provisioningEntity);
                provisionedIdentifier = new ProvisionedIdentifier();
                provisionedIdentifier.setIdentifier((String) null);
            } else if (provisioningEntity.getOperation() == ProvisioningOperation.POST) {
                String createUser = createUser(provisioningEntity);
                provisionedIdentifier = new ProvisionedIdentifier();
                provisionedIdentifier.setIdentifier(createUser);
            } else if (provisioningEntity.getOperation() == ProvisioningOperation.PUT) {
                updateUser(provisioningEntity);
            } else {
                log.warn("Unsupported provisioning opertaion for Google Provisioning Connector.");
            }
        }
        return provisionedIdentifier;
    }

    protected void updateUser(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Triggering update operation for Google Provisioning Connector");
        }
        ProvisionedIdentifier identifier = provisioningEntity.getIdentifier();
        if (identifier == null || identifier.getIdentifier() == null) {
            throw new IdentityProvisioningException("Cannot updating Google user, provisionedIdentifier is invalide.");
        }
        User updateGoogleUser = updateGoogleUser(provisioningEntity);
        if (updateGoogleUser == null) {
            return;
        }
        try {
            getDirectoryService().users().update(identifier.getIdentifier(), updateGoogleUser).execute();
            if (isDebugEnabled) {
                log.debug("updating user :" + provisioningEntity.getEntityName() + " with the primaryEmail : " + identifier.getIdentifier());
            }
            if (log.isTraceEnabled()) {
                log.trace("Ending updatingUser() of " + GoogleProvisioningConnector.class);
            }
        } catch (GoogleJsonResponseException e) {
            throw new IdentityProvisioningException("Error while updating Google user : " + provisioningEntity.getEntityName(), e);
        } catch (IOException e2) {
            throw new IdentityProvisioningException("Error while updating Google user : " + provisioningEntity.getEntityName(), e2);
        }
    }

    protected String createUser(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Triggering create operation for Google Provisioning Connector");
        }
        try {
            new User();
            User buildGoogleUser = buildGoogleUser(provisioningEntity);
            if (isDebugEnabled) {
                log.debug("New google user to be created : " + buildGoogleUser.toPrettyString());
            }
            User execute = getDirectoryService().users().insert(buildGoogleUser).execute();
            if (isDebugEnabled) {
                log.debug("Returning created user's email : " + execute.getPrimaryEmail());
            }
            if (log.isTraceEnabled()) {
                log.trace("Ending createUser() of " + GoogleProvisioningConnector.class);
            }
            return execute.getPrimaryEmail();
        } catch (GoogleJsonResponseException e) {
            throw new IdentityProvisioningException("Error while creating user : " + provisioningEntity.getEntityName(), e);
        } catch (IOException e2) {
            throw new IdentityProvisioningException("Error while creating user : " + provisioningEntity.getEntityName(), e2);
        }
    }

    protected void deleteUser(ProvisioningEntity provisioningEntity) throws IdentityProvisioningException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Triggering delete operation for Google Provisioning Connector");
        }
        ProvisionedIdentifier identifier = provisioningEntity.getIdentifier();
        if (identifier == null || identifier.getIdentifier() == null) {
            throw new IdentityProvisioningException("Cannot delete Google user, provisionedIdentifier is invalide.");
        }
        new User().setPrimaryEmail(identifier.getIdentifier());
        try {
            getDirectoryService().users().delete(identifier.getIdentifier()).execute();
            if (isDebugEnabled) {
                log.debug("Deleted user :" + provisioningEntity.getEntityName() + " with the primaryEmail : " + identifier.getIdentifier());
            }
            if (log.isTraceEnabled()) {
                log.trace("Ending deleteUser() of " + GoogleProvisioningConnector.class);
            }
        } catch (GoogleJsonResponseException e) {
            throw new IdentityProvisioningException("Error while deleting Google user : " + provisioningEntity.getEntityName(), e);
        } catch (IOException e2) {
            throw new IdentityProvisioningException("Error while deleting Google user : " + provisioningEntity.getEntityName(), e2);
        }
    }

    protected String listUsers(String str) throws IdentityProvisioningException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Starting listUsers() of " + GoogleProvisioningConnector.class);
        }
        StringBuilder sb = new StringBuilder();
        ArrayList<User> arrayList = new ArrayList();
        try {
            Directory.Users.List customer = getDirectoryService().users().list().setCustomer("my_customer");
            do {
                try {
                    Users execute = customer.execute();
                    arrayList.addAll(execute.getUsers());
                    customer.setPageToken(execute.getNextPageToken());
                } catch (IOException e) {
                    log.error("Error while retrieving user info, continue to retrieve", e);
                    customer.setPageToken(null);
                }
                if (customer.getPageToken() == null) {
                    break;
                }
            } while (customer.getPageToken().length() > 0);
            for (User user : arrayList) {
                sb.append(user.getPrimaryEmail() + "\n");
                if (isDebugEnabled) {
                    log.debug("List Google users : " + user.getPrimaryEmail());
                }
            }
            if (isDebugEnabled) {
                log.debug("Ending listUsers() of " + GoogleProvisioningConnector.class);
            }
            return sb.toString();
        } catch (IOException e2) {
            throw new IdentityProvisioningException(e2);
        }
    }

    protected Directory getDirectoryService() throws IdentityProvisioningException {
        boolean isDebugEnabled = log.isDebugEnabled();
        if (isDebugEnabled) {
            log.debug("Starting getDirectoryService() of " + GoogleProvisioningConnector.class);
        }
        String value = this.configHolder.getValue("google_prov_service_acc_email");
        String value2 = this.configHolder.getValue("google_prov_admin_email");
        this.configHolder.getValue("google_prov_private_key");
        String value3 = this.configHolder.getValue("google_prov_application_name");
        NetHttpTransport netHttpTransport = new NetHttpTransport();
        JacksonFactory jacksonFactory = new JacksonFactory();
        if (isDebugEnabled) {
            log.debug("serviceAccountId" + value);
            log.debug("setServiceAccountScopes" + Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER));
            log.debug("setServiceAccountUser" + value2);
        }
        try {
            GoogleCredential build = new GoogleCredential.Builder().setTransport((HttpTransport) netHttpTransport).setJsonFactory((JsonFactory) jacksonFactory).setServiceAccountId(value).setServiceAccountScopes(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER)).setServiceAccountUser(value2).setServiceAccountPrivateKeyFromP12File(googlePrvKey).build();
            Directory build2 = new Directory.Builder(netHttpTransport, jacksonFactory, build).setHttpRequestInitializer((HttpRequestInitializer) build).setApplicationName(value3).build();
            if (log.isDebugEnabled()) {
                log.debug("Ending getDirectoryService() of " + GoogleProvisioningConnector.class);
            }
            return build2;
        } catch (IOException e) {
            throw new IdentityProvisioningException("Error while obtaining connection from google", e);
        } catch (GeneralSecurityException e2) {
            throw new IdentityProvisioningException("Error while obtaining connection from google", e2);
        }
    }

    protected User buildGoogleUser(ProvisioningEntity provisioningEntity) {
        User user = new User();
        UserName userName = new UserName();
        List userNames = getUserNames(provisioningEntity.getAttributes());
        String str = null;
        if (userNames != null && userNames.size() > 0) {
            str = (String) userNames.get(0);
        }
        Map singleValuedClaims = getSingleValuedClaims(provisioningEntity.getAttributes());
        String str2 = (String) singleValuedClaims.get(this.configHolder.getValue("google_prov_givenname_claim_dropdown"));
        if (str2 == null || str2.isEmpty()) {
            String value = this.configHolder.getValue("google_prov_givenname");
            str2 = (value == null || value.isEmpty()) ? str + "-givenName" : value;
        }
        if (log.isDebugEnabled()) {
            log.debug("New Google user given name : " + str2);
        }
        userName.setGivenName(str2);
        String str3 = (String) singleValuedClaims.get(this.configHolder.getValue("google_prov_familyname_claim_dropdown"));
        if (str3 == null || str3.isEmpty()) {
            String value2 = this.configHolder.getValue("google_prov_familyname");
            str3 = (value2 == null || value2.isEmpty()) ? str + "-familyName" : value2;
        }
        if (log.isDebugEnabled()) {
            log.debug("New Google user family name : " + str3);
        }
        userName.setFamilyName(str3);
        user.setName(userName);
        user.setPassword(generatePassword());
        String str4 = (String) singleValuedClaims.get(this.configHolder.getValue("google_prov_email_claim_dropdown"));
        if (str4 == null || str4.isEmpty()) {
            str4 = provisioningEntity.getEntityName();
            String value3 = this.configHolder.getValue("google_prov_domain_name");
            if (value3 != null && !str4.contains("@")) {
                str4 = str4 + "@" + value3;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("New Google user primary email : " + str4);
        }
        user.setPrimaryEmail(str4);
        return user;
    }

    protected User updateGoogleUser(ProvisioningEntity provisioningEntity) {
        String value;
        String value2;
        User user = new User();
        user.setPrimaryEmail(provisioningEntity.getIdentifier().getIdentifier());
        UserName userName = new UserName();
        Map singleValuedClaims = getSingleValuedClaims(provisioningEntity.getAttributes());
        if (singleValuedClaims.size() == 0) {
            return null;
        }
        String str = (String) singleValuedClaims.get(this.configHolder.getValue("google_prov_givenname_claim_dropdown"));
        if ((str == null || str.isEmpty()) && (value = this.configHolder.getValue("google_prov_givenname")) != null && !value.isEmpty()) {
            str = value;
        }
        if (log.isDebugEnabled()) {
            log.debug("New Google user given name : " + str);
        }
        userName.setGivenName(str);
        String str2 = (String) singleValuedClaims.get(this.configHolder.getValue("google_prov_familyname_claim_dropdown"));
        if ((str2 == null || str2.isEmpty()) && (value2 = this.configHolder.getValue("google_prov_familyname")) != null && !value2.isEmpty()) {
            str2 = value2;
        }
        if (log.isDebugEnabled()) {
            log.debug("New Google user family name : " + str2);
        }
        userName.setFamilyName(str2);
        user.setName(userName);
        user.setPassword(generatePassword());
        return user;
    }

    protected String generatePassword() {
        return new BigInteger(130, random).toString(32);
    }
}
