package org.sonarqube.auth.choerodonoauth;

import com.github.pagehelper.PageInfo;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuthConstants;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Response;
import com.github.scribejava.core.model.Token;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.model.Verifier;
import com.github.scribejava.core.oauth.OAuthService;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.http.message.BasicNameValuePair;
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.OAuth2IdentityProvider;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.auth.dto.GsonUser;
import org.sonarqube.auth.dto.ProjectDTO;
import org.sonarqube.auth.dto.SonarInfo;
import org.sonarqube.auth.util.HttpConnectionPoolUtil;
import org.sonarqube.auth.util.PermissionType;

@ServerSide
/* loaded from: input_file:org/sonarqube/auth/choerodonoauth/ChoerodonIdentityProvider.class */
public class ChoerodonIdentityProvider implements OAuth2IdentityProvider {
    private static final String API_CREATE_GROUP = "/api/user_groups/create";
    private static final String API_ADD_GROUP = "/api/permissions/add_group";
    private static final String API_GET_SONAR = "/devops/sonar/info";
    private static final String PAR_NAME = "name";
    private static final String PAR_PROJECT_KEY = "projectKey";
    private static final String PAR_GROUP_NAME = "groupName";
    private static final String PAR_PERMISSION = "permission";
    private static final String PAR_ORGANIZATION = "organization";
    private static final String CHOERODON = "choerodon-";
    private final ChoerodonConfiguration configuration;
    private SonarInfo sonarInfo = null;
    private static final Logger LOGGER = Loggers.get(ChoerodonIdentityProvider.class);
    private static final Gson gson = new Gson();
    private static final Token EMPTY_TOKEN = null;
    private static HttpConnectionPoolUtil connectionPoolUtil = null;

    public ChoerodonIdentityProvider(ChoerodonConfiguration choerodonConfiguration) {
        this.configuration = choerodonConfiguration;
    }

    public String getKey() {
        return "choerodon";
    }

    public String getName() {
        return ChoerodonAuthPlugin.CATEGORY;
    }

    public Display getDisplay() {
        return Display.builder().setIconPath("/static/choerodon/choerodon.png").setBackgroundColor("#333c47").build();
    }

    public boolean isEnabled() {
        return this.configuration.isEnabled();
    }

    public boolean allowsUsersToSignUp() {
        return this.configuration.allowUsersToSignUp();
    }

    public void init(OAuth2IdentityProvider.InitContext initContext) {
        connectionPoolUtil = new HttpConnectionPoolUtil();
        this.sonarInfo = new SonarInfo(this.configuration.sonarUsername(), this.configuration.sonarPassword(), this.configuration.sonarUrl());
        if (this.sonarInfo.getUrl() == null || this.sonarInfo.getUrl().isEmpty()) {
            this.sonarInfo = connectionPoolUtil.doSonarDTO(this.configuration.url() + API_GET_SONAR);
        }
        if (this.sonarInfo.getUrl() == null) {
            LOGGER.error("error.illegal.url");
            return;
        }
        String url = this.sonarInfo.getUrl();
        String authorizationUrl = prepareScribe(url).build().getAuthorizationUrl(EMPTY_TOKEN);
        try {
            String replace = URLDecoder.decode(initContext.getRequest().getQueryString(), "UTF-8").replace("%3A", ":");
            String substringBetween = StringUtils.substringBetween(replace, "id=", ":");
            String substringBetween2 = StringUtils.substringBetween(replace, ":", "&");
            if (substringBetween != null && !substringBetween.isEmpty() && substringBetween2 != null && !substringBetween2.isEmpty()) {
                ArrayList arrayList = new ArrayList(0);
                arrayList.add(new BasicNameValuePair(PAR_NAME, substringBetween));
                connectionPoolUtil.doPost(url + API_CREATE_GROUP, arrayList, this.sonarInfo);
                ArrayList arrayList2 = new ArrayList(0);
                arrayList2.add(new BasicNameValuePair(PAR_PROJECT_KEY, substringBetween + ":" + substringBetween2));
                arrayList2.add(new BasicNameValuePair(PAR_GROUP_NAME, substringBetween));
                arrayList2.add(new BasicNameValuePair(PAR_PERMISSION, PermissionType.USER.toValue()));
                arrayList2.add(new BasicNameValuePair(PAR_ORGANIZATION, "default-organization"));
                connectionPoolUtil.doPost(url + API_ADD_GROUP, arrayList2, this.sonarInfo);
                arrayList2.remove(new BasicNameValuePair(PAR_PERMISSION, PermissionType.USER.toValue()));
                arrayList2.add(new BasicNameValuePair(PAR_PERMISSION, PermissionType.SCAN.toValue()));
                connectionPoolUtil.doPost(url + API_ADD_GROUP, arrayList2, this.sonarInfo);
                arrayList2.remove(new BasicNameValuePair(PAR_PERMISSION, PermissionType.SCAN.toValue()));
                arrayList2.add(new BasicNameValuePair(PAR_PERMISSION, PermissionType.CODEVIEWER.toValue()));
                connectionPoolUtil.doPost(url + API_ADD_GROUP, arrayList2, this.sonarInfo);
            }
        } catch (Exception e) {
            if (connectionPoolUtil != null) {
                connectionPoolUtil.closeConnectionPool();
            }
            LOGGER.error(e.getMessage());
        }
        initContext.redirectTo(authorizationUrl);
    }

    public void callback(OAuth2IdentityProvider.CallbackContext callbackContext) {
        String url = this.sonarInfo.getUrl();
        HttpServletRequest request = callbackContext.getRequest();
        OAuthService build = prepareScribe(url).build();
        Token accessToken = build.getAccessToken(EMPTY_TOKEN, new Verifier(request.getParameter(OAuthConstants.CODE)));
        OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, this.configuration.url() + "/base/v1/users/self", build);
        build.signRequest(accessToken, oAuthRequest);
        Response send = oAuthRequest.send();
        if (!send.isSuccessful()) {
            throw new IllegalStateException(String.format("Fail to authenticate the user. Error code is %s, Body of the response is %s", Integer.valueOf(send.getCode()), send.getBody()));
        }
        String body = send.getBody();
        LOGGER.trace("User response received : %s", body);
        GsonUser parse = GsonUser.parse(body);
        UserIdentity.Builder builder = UserIdentity.builder();
        if (parse.getLoginName().equals("admin")) {
            builder.setProviderLogin(CHOERODON + parse.getLoginName()).setLogin(CHOERODON + parse.getLoginName()).setName(parse.getRealName()).setEmail(parse.getEmail());
        } else {
            builder.setProviderLogin(parse.getLoginName()).setLogin(parse.getLoginName()).setName(parse.getRealName()).setEmail(parse.getEmail());
        }
        OAuthRequest oAuthRequest2 = new OAuthRequest(Verb.GET, this.configuration.url() + "/base/v1/users/" + parse.getId() + "/project_roles?size=0", build);
        build.signRequest(accessToken, oAuthRequest2);
        Response send2 = oAuthRequest2.send();
        if (!send2.isSuccessful()) {
            throw new IllegalStateException(String.format("Fail to authenticate the group. Error code is %s, Body of the response is %s", Integer.valueOf(send.getCode()), send.getBody()));
        }
        Set set = (Set) ((PageInfo) gson.fromJson(send2.getBody(), new TypeToken<PageInfo<ProjectDTO>>() { // from class: org.sonarqube.auth.choerodonoauth.ChoerodonIdentityProvider.1
        }.getType())).getList().stream().map(projectDTO -> {
            return String.format("%s-%s", projectDTO.getOrganizationCode(), projectDTO.getCode());
        }).collect(Collectors.toSet());
        set.forEach(str -> {
            LOGGER.info("===========:{}", str);
        });
        builder.setGroups(set);
        callbackContext.authenticate(builder.build());
        callbackContext.redirectToRequestedPage();
    }

    private ServiceBuilder prepareScribe(String str) {
        if (!isEnabled()) {
            throw new IllegalStateException("Choerodon Authentication is disabled");
        }
        ServiceBuilder callback = new ServiceBuilder().provider(new ChoerodonOAuthApi(this.configuration.url())).apiKey(this.configuration.applicationId()).apiSecret(this.configuration.secret()).grantType(OAuthConstants.AUTHORIZATION_CODE).callback(str.endsWith("/") ? str + "oauth2/callback/choerodon" : str + "/oauth2/callback/choerodon");
        if (this.configuration.scope() != null && !ChoerodonAuthPlugin.NONE_SCOPE.equals(this.configuration.scope())) {
            callback.scope(this.configuration.scope());
        }
        return callback;
    }
}
