package si.irm.mm.ejb.util;

import com.github.scribejava.core.model.OAuthConstants;
import elemental.css.CSSStyleDeclaration;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Objects;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
import si.irm.common.enums.YesNoKey;
import si.irm.common.utils.Logger;
import si.irm.common.utils.StringUtils;
import si.irm.common.utils.Utils;
import si.irm.mm.ejb.SettingsEJBLocal;
import si.irm.mm.entities.ExternalApplication;
import si.irm.mm.enums.AuthProvider;
import si.irm.mm.exceptions.CheckException;
import si.irm.mm.exceptions.InternalNRException;
import si.irm.mm.exceptions.IrmException;
import si.irm.mm.messages.TransKey;
import si.irm.mm.util.CommonUtils;
import si.irm.mm.util.ConfigUtils;
import si.irm.mm.util.ConnectionUtils;
import si.irm.mm.util.JsonUtils;
import si.irm.mm.util.MsAuthenticator;
import si.irm.mm.util.QueryUtils;
import si.irm.mm.utils.data.ErrorData;
import si.irm.mm.utils.data.MarinaProxy;
import si.irm.mm.utils.data.OAuthCredentials;
import si.irm.mm.utils.data.OAuthToken;
import si.irm.mmrest.v2.LoginResource2;

@LocalBean
@Stateless
/* loaded from: input_file:MarinaMaster.jar:si/irm/mm/ejb/util/ExternalApplicationEJB.class */
public class ExternalApplicationEJB implements ExternalApplicationEJBLocal {

    @PersistenceContext
    private EntityManager em;

    @EJB
    private UtilsEJBLocal utilsEJB;

    @EJB
    private SettingsEJBLocal settingsEJB;

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public void insertExternalApplication(MarinaProxy marinaProxy, ExternalApplication externalApplication) {
        setDefaultExternalApplicationValues(marinaProxy, externalApplication);
        externalApplication.setUserCreated(marinaProxy.getUser());
        externalApplication.setDateCreated(this.utilsEJB.getCurrentDBLocalDateTime());
        this.utilsEJB.insertEntity(marinaProxy, externalApplication);
    }

    private void setDefaultExternalApplicationValues(MarinaProxy marinaProxy, ExternalApplication externalApplication) {
        if (StringUtils.isBlank(externalApplication.getActive())) {
            externalApplication.setActive(YesNoKey.YES.engVal());
        }
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public void updateExternalApplication(MarinaProxy marinaProxy, ExternalApplication externalApplication) {
        externalApplication.setUserChanged(CommonUtils.getUserFromProxyOrDefault(marinaProxy));
        externalApplication.setDateChanged(this.utilsEJB.getCurrentDBLocalDateTime());
        this.utilsEJB.updateEntity(marinaProxy, externalApplication);
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public void checkAndInsertOrUpdateExternalApplication(MarinaProxy marinaProxy, ExternalApplication externalApplication) throws CheckException {
        checkExternalApplication(marinaProxy, externalApplication);
        if (externalApplication.isNewEntry()) {
            insertExternalApplication(marinaProxy, externalApplication);
        } else {
            updateExternalApplication(marinaProxy, externalApplication);
        }
    }

    private void checkExternalApplication(MarinaProxy marinaProxy, ExternalApplication externalApplication) throws CheckException {
        if (Objects.isNull(externalApplication.getApplicationName())) {
            throw new CheckException(marinaProxy.getTranslation(TransKey.VALUE_MUST_BE_INSERTED, marinaProxy.getTranslation(TransKey.APPLICATION_NAME)));
        }
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public Long getExternalApplicationFilterResultsCount(MarinaProxy marinaProxy, ExternalApplication externalApplication) {
        return (Long) QueryUtils.getSingleResultOrNull(setParametersAndReturnQueryForExternalApplication(marinaProxy, Long.class, externalApplication, createQueryStringWithoutSortConditionForExternalApplication(externalApplication, true)));
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public List<ExternalApplication> getExternalApplicationFilterResultList(MarinaProxy marinaProxy, int i, int i2, ExternalApplication externalApplication, LinkedHashMap<String, Boolean> linkedHashMap) {
        return QueryUtils.getResultList(setParametersAndReturnQueryForExternalApplication(marinaProxy, ExternalApplication.class, externalApplication, String.valueOf(createQueryStringWithoutSortConditionForExternalApplication(externalApplication, false)) + getExternalApplicationSortCriteria(marinaProxy, "E", linkedHashMap)), i, i2);
    }

    private String createQueryStringWithoutSortConditionForExternalApplication(ExternalApplication externalApplication, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append("SELECT COUNT(E) FROM ExternalApplication E ");
        } else {
            sb.append("SELECT E FROM ExternalApplication E ");
        }
        sb.append("WHERE E.idExternalApplication IS NOT NULL ");
        if (StringUtils.isNotBlank(externalApplication.getApplicationName())) {
            sb.append("AND UPPER(E.applicationName) LIKE :applicationName ");
        }
        if (StringUtils.isNotBlank(externalApplication.getClientId())) {
            sb.append("AND UPPER(E.clientId) LIKE :clientId ");
        }
        if (StringUtils.isNotBlank(externalApplication.getTenantId())) {
            sb.append("AND UPPER(E.tenantId) LIKE :tenantId ");
        }
        if (StringUtils.getBoolFromEngStr(externalApplication.getActive())) {
            sb.append("AND E.active = 'Y' ");
        }
        return sb.toString();
    }

    private <T> TypedQuery<T> setParametersAndReturnQueryForExternalApplication(MarinaProxy marinaProxy, Class<T> cls, ExternalApplication externalApplication, String str) {
        TypedQuery<T> createQuery = this.em.createQuery(str, cls);
        if (StringUtils.isNotBlank(externalApplication.getApplicationName())) {
            createQuery.setParameter(ExternalApplication.APPLICATION_NAME, CSSStyleDeclaration.Unit.PCT + StringUtils.trimAndSetToUpperCase(marinaProxy.getLocale(), externalApplication.getApplicationName()) + CSSStyleDeclaration.Unit.PCT);
        }
        if (StringUtils.isNotBlank(externalApplication.getClientId())) {
            createQuery.setParameter("clientId", CSSStyleDeclaration.Unit.PCT + StringUtils.trimAndSetToUpperCase(marinaProxy.getLocale(), externalApplication.getClientId()) + CSSStyleDeclaration.Unit.PCT);
        }
        if (StringUtils.isNotBlank(externalApplication.getTenantId())) {
            createQuery.setParameter(ExternalApplication.TENANT_ID, CSSStyleDeclaration.Unit.PCT + StringUtils.trimAndSetToUpperCase(marinaProxy.getLocale(), externalApplication.getTenantId()) + CSSStyleDeclaration.Unit.PCT);
        }
        return createQuery;
    }

    private String getExternalApplicationSortCriteria(MarinaProxy marinaProxy, String str, LinkedHashMap<String, Boolean> linkedHashMap) {
        if (!Utils.isNullOrEmpty(linkedHashMap)) {
            return QueryUtils.createSortCriteria(str, ExternalApplication.ID_EXTERNAL_APPLICATION, linkedHashMap);
        }
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("dateCreated", false);
        return QueryUtils.createSortCriteria(str, ExternalApplication.ID_EXTERNAL_APPLICATION, linkedHashMap2);
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public String generateAuthorizationUrlForExternalApplication(MarinaProxy marinaProxy, ExternalApplication externalApplication) throws CheckException {
        if (externalApplication.getAuthProviderType().isGoogle()) {
            return checkAndGenerateAuthorizationUrlForGoogle(marinaProxy, externalApplication);
        }
        return null;
    }

    private String checkAndGenerateAuthorizationUrlForGoogle(MarinaProxy marinaProxy, ExternalApplication externalApplication) throws CheckException {
        if (StringUtils.isBlank(externalApplication.getClientId())) {
            throw new CheckException(marinaProxy.getTranslation(TransKey.VALUE_MUST_BE_INSERTED, marinaProxy.getTranslation(TransKey.CLIENT_ID)));
        }
        if (StringUtils.isBlank(externalApplication.getClientSecret())) {
            throw new CheckException(marinaProxy.getTranslation(TransKey.VALUE_MUST_BE_INSERTED, marinaProxy.getTranslation(TransKey.CLIENT_SECRET)));
        }
        String generateAuthorizationUrlForGoogle = generateAuthorizationUrlForGoogle(marinaProxy, externalApplication.getClientId());
        Logger.log(generateAuthorizationUrlForGoogle);
        return generateAuthorizationUrlForGoogle;
    }

    private String generateAuthorizationUrlForGoogle(MarinaProxy marinaProxy, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(ConfigUtils.getProperty("google.accounts.auth.url", "https://accounts.google.com/o/oauth2/auth")).append("?");
        sb.append("client_id=").append(str).append("&");
        sb.append("redirect_uri=").append(getRedirectUrlForAuthProvider(AuthProvider.GOOGLE)).append("&");
        sb.append("scope=").append(getSupportedScopesForAuthProvider(AuthProvider.GOOGLE)).append("&");
        sb.append("response_type=code").append("&");
        sb.append("access_type=offline").append("&");
        sb.append("prompt=consent");
        return sb.toString();
    }

    private String getRedirectUrlForAuthProvider(AuthProvider authProvider) {
        String uRLAddressForWebApplicationPath = CommonUtils.getURLAddressForWebApplicationPath(this.settingsEJB.getGlobalApplicationServerAddress(false), "portal");
        if (authProvider.isGoogle()) {
            return String.valueOf(uRLAddressForWebApplicationPath) + "?action=authorization";
        }
        return null;
    }

    private String getSupportedScopesForAuthProvider(AuthProvider authProvider) {
        if (authProvider.isGoogle()) {
            return "https://mail.google.com/";
        }
        return null;
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public void peformOperationsOnKnownAuthorizationCode(MarinaProxy marinaProxy, AuthProvider authProvider, String str) throws IrmException {
        if (Objects.isNull(authProvider) || authProvider.isUnknown()) {
            throw new IrmException(marinaProxy.getTranslation(TransKey.OBJECT_NOT_FOUND, marinaProxy.getTranslation(TransKey.PROVIDER_NS)));
        }
        if (StringUtils.isBlank(str)) {
            throw new IrmException(marinaProxy.getTranslation(TransKey.OBJECT_NOT_FOUND, marinaProxy.getTranslation(TransKey.CODE_NS)));
        }
        ExternalApplication firstExternalApplicationByAuthProvider = getFirstExternalApplicationByAuthProvider(authProvider.getCode());
        if (Objects.isNull(firstExternalApplicationByAuthProvider)) {
            throw new IrmException(marinaProxy.getTranslation(TransKey.OBJECT_NOT_FOUND, marinaProxy.getTranslation(TransKey.EXTERNAL_APPLICATION_NS)));
        }
        if (authProvider.isGoogle()) {
            exchangeGoogleAuthCodeForTokensAndSaveThem(marinaProxy, firstExternalApplicationByAuthProvider, str);
        }
    }

    private ExternalApplication getFirstExternalApplicationByAuthProvider(String str) {
        List<ExternalApplication> allExternalApplicationsByAuthProvider = getAllExternalApplicationsByAuthProvider(str);
        if (Utils.isNotNullOrEmpty(allExternalApplicationsByAuthProvider)) {
            return allExternalApplicationsByAuthProvider.get(0);
        }
        return null;
    }

    private List<ExternalApplication> getAllExternalApplicationsByAuthProvider(String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery(ExternalApplication.QUERY_NAME_GET_ALL_ACTIVE_BY_AUTH_PROVIDER, ExternalApplication.class);
        createNamedQuery.setParameter(ExternalApplication.AUTH_PROVIDER, str);
        return createNamedQuery.getResultList();
    }

    private void exchangeGoogleAuthCodeForTokensAndSaveThem(MarinaProxy marinaProxy, ExternalApplication externalApplication, String str) throws IrmException {
        try {
            externalApplication.setRefreshToken(getOAuthTokenFromGoogleAuthorizationCode(externalApplication, str).getRefreshToken());
            updateExternalApplication(marinaProxy, externalApplication);
        } catch (Exception e) {
            throw new IrmException(e.getMessage());
        }
    }

    private OAuthToken getOAuthTokenFromGoogleAuthorizationCode(ExternalApplication externalApplication, String str) throws IrmException {
        OAuthCredentials oAuthCredentials = new OAuthCredentials(externalApplication.getClientId(), externalApplication.getClientSecret());
        oAuthCredentials.setCode(str);
        oAuthCredentials.setGrantType(OAuthConstants.AUTHORIZATION_CODE);
        oAuthCredentials.setRedirectUri(getRedirectUrlForAuthProvider(AuthProvider.GOOGLE));
        return tryToSendGoogleAuthCredentialsJsonRequestAndGetAuthTokenResponse(oAuthCredentials);
    }

    private String getGoogleApiTokenAuthUrl() {
        return String.valueOf(ConfigUtils.getProperty("google.api.auth.url", "https://oauth2.googleapis.com")) + LoginResource2.LOGIN_REQUEST_PATH;
    }

    private OAuthToken tryToSendGoogleAuthCredentialsJsonRequestAndGetAuthTokenResponse(OAuthCredentials oAuthCredentials) throws InternalNRException {
        try {
            return sendGoogleAuthCredentialsJsonRequestAndGetAuthTokenResponse(oAuthCredentials);
        } catch (Exception e) {
            throw new InternalNRException(e.getMessage());
        }
    }

    private OAuthToken sendGoogleAuthCredentialsJsonRequestAndGetAuthTokenResponse(OAuthCredentials oAuthCredentials) throws Exception {
        String jsonStringFromObject = JsonUtils.getJsonStringFromObject(oAuthCredentials);
        Logger.log(jsonStringFromObject);
        String sendJsonRequestAndReadReponse = ConnectionUtils.sendJsonRequestAndReadReponse(getGoogleApiTokenAuthUrl(), "POST", null, jsonStringFromObject, null);
        Logger.log(sendJsonRequestAndReadReponse);
        ErrorData errorData = (ErrorData) JsonUtils.getObjectFromJsonString(ErrorData.class, sendJsonRequestAndReadReponse);
        if (Objects.nonNull(errorData) && StringUtils.isNotBlank(errorData.getError())) {
            throw new Exception(StringUtils.isNotBlank(errorData.getDescription()) ? errorData.getDescription() : errorData.getError());
        }
        return (OAuthToken) JsonUtils.getObjectFromJsonString(OAuthToken.class, sendJsonRequestAndReadReponse);
    }

    @Override // si.irm.mm.ejb.util.ExternalApplicationEJBLocal
    public String getAccessTokenForExternalApplication(Long l) throws InternalNRException {
        ExternalApplication externalApplication = (ExternalApplication) this.utilsEJB.findEntity(ExternalApplication.class, l);
        if (Objects.isNull(externalApplication)) {
            throw new InternalNRException("External application not found");
        }
        AuthProvider authProviderType = externalApplication.getAuthProviderType();
        if (authProviderType.isGoogle()) {
            return getOAuthAccessTokenFromGoogleExternalApp(externalApplication);
        }
        if (authProviderType.isMicrosoft()) {
            return externalApplication.getOAuth2AccessToken(MsAuthenticator.MsScope.OUTLOOK_OFFICE_365);
        }
        return null;
    }

    private String getOAuthAccessTokenFromGoogleExternalApp(ExternalApplication externalApplication) throws InternalNRException {
        if (StringUtils.isBlank(externalApplication.getRefreshToken())) {
            throw new InternalNRException("Refresh token not found");
        }
        OAuthCredentials oAuthCredentials = new OAuthCredentials(externalApplication.getClientId(), externalApplication.getClientSecret());
        oAuthCredentials.setRefreshToken(externalApplication.getRefreshToken());
        oAuthCredentials.setGrantType(OAuthConstants.REFRESH_TOKEN);
        return tryToSendGoogleAuthCredentialsJsonRequestAndGetAuthTokenResponse(oAuthCredentials).getAccessToken();
    }
}
