package org.ametys.plugins.extrausermgt.users.aad;

import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.graph.core.tasks.PageIterator;
import com.microsoft.graph.models.User;
import com.microsoft.graph.models.UserCollectionResponse;
import com.microsoft.graph.serviceclient.GraphServiceClient;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import org.ametys.core.user.directory.NotUniqueUserException;
import org.ametys.core.user.directory.StoredUser;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.plugins.core.impl.user.directory.AbstractCachingUserDirectory;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/ametys/plugins/extrausermgt/users/aad/AADUserDirectory.class */
public class AADUserDirectory extends AbstractCachingUserDirectory {
    private static final String[] __USER_ATTRIBUTES_SELECT = {"userPrincipalName", "surname", "givenName", "mail"};
    private GraphServiceClient _graphClient;
    private String _filter;

    public void init(String str, String str2, Map<String, Object> map, String str3) throws Exception {
        super.init(str, str2, map, str3);
        String str4 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.appid");
        String str5 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.clientsecret");
        String str6 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.tenant");
        this._filter = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.filter");
        this._graphClient = new GraphServiceClient(new ClientSecretCredentialBuilder().clientId(str4).clientSecret(str5).tenantId(str6).build(), new String[0]);
        createCaches();
    }

    protected String getCacheTypeLabel() {
        return "AzureAD";
    }

    public Collection<StoredUser> getStoredUsers() {
        return getStoredUsers(-1, 0, null);
    }

    public List<StoredUser> getStoredUsers(int i, int i2, Map<String, Object> map) {
        UserCollectionResponse userCollectionResponse = this._graphClient.users().get(getRequestConfiguration -> {
            getRequestConfiguration.headers.add("ConsistencyLevel", "eventual");
            String str = map != null ? (String) map.get("pattern") : null;
            if (StringUtils.isNotEmpty(str)) {
                getRequestConfiguration.queryParameters.search = "\"givenName:" + str + "\" OR \"surname:" + str + "\" OR \"userPrincipalName:" + str + "\"";
            }
            if (i > 0 && i < Integer.MAX_VALUE) {
                getRequestConfiguration.queryParameters.top = Integer.valueOf(Math.min(i + i2, 999));
            }
            if (StringUtils.isNotEmpty(this._filter)) {
                getRequestConfiguration.queryParameters.filter = this._filter;
            }
            getRequestConfiguration.queryParameters.select = __USER_ATTRIBUTES_SELECT;
        });
        ArrayList arrayList = new ArrayList();
        AtomicInteger atomicInteger = new AtomicInteger(i2);
        try {
            new PageIterator.Builder().client(this._graphClient).collectionPage(userCollectionResponse).collectionPageFactory(UserCollectionResponse::createFromDiscriminatorValue).processPageItemCallback(user -> {
                if (atomicInteger.decrementAndGet() <= 0) {
                    _handleUser(user, arrayList);
                }
                return Boolean.valueOf(i <= 0 || arrayList.size() < i);
            }).build().iterate();
            return arrayList;
        } catch (Exception e) {
            getLogger().error("Error while fetching users from Entra ID", e);
            return Collections.emptyList();
        }
    }

    private void _handleUser(User user, List<StoredUser> list) {
        StoredUser storedUser = new StoredUser(user.getUserPrincipalName(), user.getSurname(), user.getGivenName(), user.getMail());
        list.add(storedUser);
        if (isCachingEnabled()) {
            getCacheByLogin().put(storedUser.getIdentifier(), storedUser);
        }
    }

    public StoredUser getStoredUser(String str) {
        if (isCachingEnabled() && getCacheByLogin().hasKey(str)) {
            return (StoredUser) getCacheByLogin().get(str);
        }
        StoredUser storedUser = null;
        try {
            User user = this._graphClient.users().byUserId(str).get(getRequestConfiguration -> {
                getRequestConfiguration.queryParameters.select = __USER_ATTRIBUTES_SELECT;
            });
            storedUser = new StoredUser(user.getUserPrincipalName(), user.getSurname(), user.getGivenName(), user.getMail());
            if (isCachingEnabled()) {
                getCacheByLogin().put(storedUser.getIdentifier(), storedUser);
            }
        } catch (Exception e) {
            getLogger().warn("Unable to retrieve user '{}' from AzureAD", str, e);
        }
        return storedUser;
    }

    public StoredUser getStoredUserByEmail(String str) throws NotUniqueUserException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        if (isCachingEnabled() && getCacheByMail().hasKey(str)) {
            return (StoredUser) getCacheByMail().get(str);
        }
        List value = this._graphClient.users().get(getRequestConfiguration -> {
            getRequestConfiguration.headers.add("ConsistencyLevel", "eventual");
            getRequestConfiguration.queryParameters.filter = "mail eq '" + str + "'";
            getRequestConfiguration.queryParameters.select = __USER_ATTRIBUTES_SELECT;
        }).getValue();
        if (value.size() != 1) {
            if (value.isEmpty()) {
                return null;
            }
            throw new NotUniqueUserException("Find " + value.size() + " users matching the email " + str);
        }
        User user = (User) value.get(0);
        StoredUser storedUser = new StoredUser(user.getUserPrincipalName(), user.getSurname(), user.getGivenName(), user.getMail());
        if (isCachingEnabled()) {
            getCacheByMail().put(storedUser.getEmail(), storedUser);
        }
        return storedUser;
    }

    public UserDirectory.CredentialsResult checkCredentials(String str, String str2) {
        throw new UnsupportedOperationException("The AADUserDirectory cannot authenticate users");
    }
}
