package org.ametys.plugins.core.impl.captcha.recaptcha;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.ametys.core.authentication.AuthenticateAction;
import org.ametys.core.captcha.AbstractCaptcha;
import org.ametys.core.util.HttpUtils;
import org.ametys.core.util.JSONUtils;
import org.ametys.runtime.config.Config;
import org.ametys.runtime.i18n.I18nizableText;
import org.apache.avalon.framework.activity.Disposable;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.io.CloseMode;

/* loaded from: input_file:org/ametys/plugins/core/impl/captcha/recaptcha/ReCaptchaEnterprise.class */
public class ReCaptchaEnterprise extends AbstractCaptcha implements Serviceable, Initializable, Disposable {
    private static final String __RECAPTCHA_API_KEY = "runtime.captcha.recaptcha.enterprise.apikey";
    private static final String __RECAPTCHA_SITE_KEY = "runtime.captcha.recaptcha.enterprise.sitekey";
    private static final String __RECAPTCHA_PROJECT_ID = "runtime.captcha.recaptcha.enterprise.projectId";
    private static final String __RECAPTCHA_THRESHOLD = "runtime.captcha.recaptcha.enterprise.threshold";
    private static final String __RECAPTCHA_URL = "https://recaptchaenterprise.googleapis.com/v1/projects/";
    private JSONUtils _jsonUtils;
    private String _projectId;
    private String _apiKey;
    private Object _siteKey;
    private Double _threshold;
    private CloseableHttpClient _httpClient;

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._jsonUtils = (JSONUtils) serviceManager.lookup(JSONUtils.ROLE);
    }

    public void initialize() throws Exception {
        _initializeConfig();
        this._httpClient = HttpUtils.createHttpClient(0, 2);
    }

    private boolean _initializeConfig() {
        Config config = Config.getInstance();
        if (config == null) {
            return false;
        }
        this._apiKey = (String) config.getValue(__RECAPTCHA_API_KEY);
        this._projectId = (String) config.getValue(__RECAPTCHA_PROJECT_ID);
        this._siteKey = config.getValue(__RECAPTCHA_SITE_KEY);
        this._threshold = (Double) config.getValue(__RECAPTCHA_THRESHOLD);
        return true;
    }

    @Override // org.ametys.core.captcha.Captcha
    public boolean requireUserInteraction() {
        return false;
    }

    @Override // org.ametys.core.captcha.Captcha
    public synchronized boolean checkAndInvalidateCaptcha(String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            return false;
        }
        if (this._apiKey == null && !_initializeConfig()) {
            return false;
        }
        try {
            HttpPost httpPost = new HttpPost("https://recaptchaenterprise.googleapis.com/v1/projects/" + this._projectId + "/assessments?key=" + this._apiKey);
            HashMap hashMap = new HashMap(2);
            hashMap.put(AuthenticateAction.REQUEST_PARAMETER_TOKEN, str2);
            hashMap.put("siteKey", this._siteKey);
            httpPost.setEntity(new StringEntity(this._jsonUtils.convertObjectToJson(Map.of("event", hashMap)), ContentType.APPLICATION_JSON));
            return ((Boolean) this._httpClient.execute(httpPost, classicHttpResponse -> {
                if (classicHttpResponse.getCode() != 200) {
                    return false;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                InputStream content = classicHttpResponse.getEntity().getContent();
                try {
                    IOUtils.copy(content, byteArrayOutputStream);
                    if (content != null) {
                        content.close();
                    }
                    Map<String, Object> convertJsonToMap = this._jsonUtils.convertJsonToMap(byteArrayOutputStream.toString());
                    Map map = (Map) convertJsonToMap.get("tokenProperties");
                    if (map != null && ((Boolean) map.getOrDefault("valid", false)).booleanValue()) {
                        Map map2 = (Map) convertJsonToMap.get("riskAnalysis");
                        Double d = (Double) map2.get("score");
                        List list = (List) map2.computeIfAbsent("reasons", str3 -> {
                            return List.of("CLASSIFICATION_REASON_UNSPECIFIED");
                        });
                        if (d.doubleValue() >= this._threshold.doubleValue() || list.contains("LOW_CONFIDENCE_SCORE")) {
                            return true;
                        }
                    }
                    return false;
                } catch (Throwable th) {
                    if (content != null) {
                        try {
                            content.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            })).booleanValue();
        } catch (IOException e) {
            getLogger().error("Unable to contact Google server to validate reCaptcha.", e);
            return false;
        }
    }

    @Override // org.ametys.core.captcha.Captcha
    public I18nizableText getLabel() {
        return new I18nizableText("plugin.core-impl", "PLUGINS_CORE_CAPTCHA_CONFIG_TYPE_RECAPTCHA_ENTERPRISE");
    }

    @Override // org.ametys.core.captcha.Captcha
    public I18nizableText getLoginFailedBecauseCaptchaFailedLabel() {
        return new I18nizableText("plugin.core-impl", "PLUGINS_CORE_UI_LOGIN_SCREEN_FORM_FAILED_WITH_CAPTCHA_RECAPTCHA_ENTERPRISE");
    }

    @Override // org.ametys.core.captcha.Captcha
    public I18nizableText getLoginFailedBecauseTooManyAttemptLabel() {
        return new I18nizableText("plugin.core-ui", "PLUGINS_CORE_UI_LOGIN_SCREEN_FORM_AUTH_FAILURE");
    }

    @Override // org.ametys.core.captcha.Captcha
    public List<Pattern> getUsedUrlPatterns() {
        return List.of();
    }

    public void dispose() {
        this._httpClient.close(CloseMode.GRACEFUL);
    }
}
