package org.ametys.plugins.extrausermgt.users.aad;

import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.graph.authentication.TokenCredentialAuthProvider;
import com.microsoft.graph.http.GraphServiceException;
import com.microsoft.graph.options.HeaderOption;
import com.microsoft.graph.options.Option;
import com.microsoft.graph.options.QueryOption;
import com.microsoft.graph.requests.GraphServiceClient;
import com.microsoft.graph.requests.UserCollectionPage;
import com.microsoft.graph.requests.UserCollectionRequest;
import com.microsoft.graph.requests.UserCollectionRequestBuilder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.ametys.core.user.User;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.user.directory.NotUniqueUserException;
import org.ametys.plugins.core.impl.user.directory.AbstractCachingUserDirectory;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/ametys/plugins/extrausermgt/users/aad/AADUserDirectory.class */
public class AADUserDirectory extends AbstractCachingUserDirectory {
    private GraphServiceClient _graphClient;
    private String _filter;

    public void init(String str, String str2, Map<String, Object> map, String str3) throws Exception {
        super.init(str, str2, map, str3);
        String str4 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.appid");
        String str5 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.clientsecret");
        String str6 = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.tenant");
        this._filter = (String) map.get("org.ametys.plugins.extrausermgt.users.aad.filter");
        this._graphClient = GraphServiceClient.builder().authenticationProvider(new TokenCredentialAuthProvider(new ClientSecretCredentialBuilder().clientId(str4).clientSecret(str5).tenantId(str6).build())).buildClient();
        createCaches();
    }

    protected String getCacheTypeLabel() {
        return "AzureAD";
    }

    public Collection<User> getUsers() {
        return getUsers(-1, 0, null);
    }

    public List<User> getUsers(int i, int i2, Map<String, Object> map) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new HeaderOption("ConsistencyLevel", "eventual"));
        String str = map != null ? (String) map.get("pattern") : null;
        if (StringUtils.isNotEmpty(str)) {
            arrayList.add(new QueryOption("$search", "\"givenName:" + str + "\" OR \"surname:" + str + "\" OR \"userPrincipalName:" + str + "\""));
        }
        UserCollectionRequest buildRequest = this._graphClient.users().buildRequest(arrayList);
        int i3 = -1;
        if (i > 0 && i < Integer.MAX_VALUE) {
            i3 = i;
            buildRequest.top(i + i2);
        }
        if (StringUtils.isNotEmpty(this._filter)) {
            buildRequest.filter(this._filter);
        }
        UserCollectionPage userCollectionPage = (UserCollectionPage) buildRequest.count().get();
        ArrayList arrayList2 = new ArrayList();
        _handlePage(userCollectionPage, arrayList2, i3, i2);
        return arrayList2;
    }

    private void _handlePage(UserCollectionPage userCollectionPage, List<User> list, int i, int i2) {
        UserCollectionRequestBuilder nextPage;
        int i3 = i2;
        int i4 = i;
        for (com.microsoft.graph.models.User user : userCollectionPage.getCurrentPage()) {
            if (i3 > 0) {
                i3--;
            } else {
                User user2 = new User(new UserIdentity(user.userPrincipalName, getPopulationId()), user.surname, user.givenName, user.mail, this);
                list.add(user2);
                if (isCachingEnabled()) {
                    getCacheByLogin().put(user2.getIdentity().getLogin(), user2);
                }
                if (i4 > 0) {
                    i4--;
                    if (i4 == 0) {
                        break;
                    }
                } else {
                    continue;
                }
            }
        }
        if (i4 == 0 || (nextPage = userCollectionPage.getNextPage()) == null) {
            return;
        }
        _handlePage((UserCollectionPage) nextPage.buildRequest(new Option[]{new HeaderOption("ConsistencyLevel", "eventual")}).get(), list, i4, i3);
    }

    public User getUser(String str) {
        if (isCachingEnabled() && getCacheByLogin().hasKey(str)) {
            return (User) getCacheByLogin().get(str);
        }
        User user = null;
        try {
            com.microsoft.graph.models.User user2 = this._graphClient.users(str).buildRequest(new Option[0]).select("userPrincipalName, surname, givenName, mail").get();
            user = new User(new UserIdentity(user2.userPrincipalName, getPopulationId()), user2.surname, user2.givenName, user2.mail, this);
            if (isCachingEnabled()) {
                getCacheByLogin().put(user.getIdentity().getLogin(), user);
            }
        } catch (GraphServiceException e) {
            getLogger().warn("Unable to retrieve user '{}' from AzureAD", str, e);
        }
        return user;
    }

    public User getUserByEmail(String str) throws NotUniqueUserException {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        if (isCachingEnabled() && getCacheByMail().hasKey(str)) {
            return (User) getCacheByMail().get(str);
        }
        List currentPage = this._graphClient.users().buildRequest(new Option[]{new HeaderOption("ConsistencyLevel", "eventual")}).filter("mail eq '" + str + "'").select("userPrincipalName, surname, givenName, mail").get().getCurrentPage();
        if (currentPage.size() != 1) {
            if (currentPage.isEmpty()) {
                return null;
            }
            throw new NotUniqueUserException("Find " + currentPage.size() + " users matching the email " + str);
        }
        com.microsoft.graph.models.User user = (com.microsoft.graph.models.User) currentPage.get(0);
        User user2 = new User(new UserIdentity(user.userPrincipalName, getPopulationId()), user.surname, user.givenName, user.mail, this);
        if (isCachingEnabled()) {
            getCacheByMail().put(user2.getEmail(), user2);
        }
        return user2;
    }

    public boolean checkCredentials(String str, String str2) {
        throw new UnsupportedOperationException("The AADUserDirectory cannot authenticate users");
    }
}
