package com.erudika.para.server.security.filters;

import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.Para;
import com.erudika.para.core.utils.ParaObjectUtils;
import com.erudika.para.core.utils.Utils;
import com.erudika.para.server.security.AuthenticatedUserDetails;
import com.erudika.para.server.security.OAuth1HmacSigner;
import com.erudika.para.server.security.SecurityUtils;
import com.erudika.para.server.security.UserAuthentication;
import com.erudika.para.server.utils.filters.CORSFilter;
import com.fasterxml.jackson.databind.ObjectReader;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.ParseException;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/server/security/filters/TwitterAuthFilter.class */
public class TwitterAuthFilter extends AbstractAuthenticationProcessingFilter {
    private static final Logger logger = LoggerFactory.getLogger(TwitterAuthFilter.class);
    private final CloseableHttpClient httpclient;
    private final ObjectReader jreader;
    private static final String FLOW_URL1 = "https://api.twitter.com/oauth/request_token";
    private static final String FLOW_URL2 = "https://api.twitter.com/oauth/authenticate?";
    private static final String FLOW_URL3 = "https://api.twitter.com/oauth/access_token";
    private static final String PROFILE_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
    public static final String TWITTER_ACTION = "twitter_auth";

    public TwitterAuthFilter(String str) {
        super(str);
        this.jreader = ParaObjectUtils.getJsonReader(Map.class);
        this.httpclient = HttpClientBuilder.create().setDefaultRequestConfig(RequestConfig.custom().setConnectionRequestTimeout(30, TimeUnit.SECONDS).build()).build();
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserAuthentication userAuthentication = null;
        if (httpServletRequest.getServletPath().endsWith(TWITTER_ACTION)) {
            String parameter = httpServletRequest.getParameter("oauth_verifier");
            String appidFromAuthRequest = SecurityUtils.getAppidFromAuthRequest(httpServletRequest);
            String parameter2 = httpServletRequest.getParameter("denied");
            String str = SecurityUtils.getRedirectUrl(httpServletRequest) + (appidFromAuthRequest == null ? CORSFilter.DEFAULT_EXPOSED_HEADERS : "?appid=" + appidFromAuthRequest);
            App app = (App) Para.getDAO().read(App.id(appidFromAuthRequest == null ? Para.getConfig().getRootAppIdentifier() : appidFromAuthRequest));
            String[] oAuthKeysForApp = Para.getConfig().getOAuthKeysForApp(app, "tw:");
            if (parameter2 != null) {
                throw new BadCredentialsException("Cancelled.");
            }
            if (parameter == null && stepOne(httpServletResponse, str, oAuthKeysForApp)) {
                return null;
            }
            userAuthentication = stepTwo(httpServletRequest, parameter, oAuthKeysForApp, app);
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    private boolean stepOne(HttpServletResponse httpServletResponse, String str, String[] strArr) throws IOException {
        String urlEncode = Utils.urlEncode(str);
        HashMap hashMap = new HashMap();
        hashMap.put("oauth_callback", new String[]{urlEncode});
        HttpPost httpPost = new HttpPost(FLOW_URL1);
        httpPost.setHeader("Authorization", OAuth1HmacSigner.sign("POST", FLOW_URL1, hashMap, strArr[0], strArr[1], null, null));
        httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        return ((Boolean) this.httpclient.execute(httpPost, classicHttpResponse -> {
            try {
                if (classicHttpResponse.getCode() == 200) {
                    String entityUtils = EntityUtils.toString(classicHttpResponse.getEntity());
                    EntityUtils.consumeQuietly(classicHttpResponse.getEntity());
                    for (String str2 : entityUtils.split("&")) {
                        if (str2.startsWith("oauth_token")) {
                            httpServletResponse.sendRedirect("https://api.twitter.com/oauth/authenticate?" + str2);
                            return true;
                        }
                        logger.info("Authentication request failed, token not found in response - " + entityUtils);
                    }
                } else {
                    logger.info("Authentication request failed with status '" + classicHttpResponse.getReasonPhrase() + "' and empty response body.");
                }
            } catch (ParseException e) {
                logger.error((String) null, e);
            }
            return false;
        })).booleanValue();
    }

    private UserAuthentication stepTwo(HttpServletRequest httpServletRequest, String str, String[] strArr, App app) throws UnsupportedEncodingException, IOException {
        String parameter = httpServletRequest.getParameter("oauth_token");
        HashMap hashMap = new HashMap();
        hashMap.put("oauth_verifier", new String[]{str});
        HttpPost httpPost = new HttpPost(FLOW_URL3);
        httpPost.setEntity(new StringEntity("oauth_verifier=" + str));
        httpPost.setHeader("Authorization", OAuth1HmacSigner.sign("POST", FLOW_URL3, hashMap, strArr[0], strArr[1], parameter, null));
        httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        return (UserAuthentication) this.httpclient.execute(httpPost, classicHttpResponse -> {
            try {
                if (classicHttpResponse.getCode() != 200) {
                    return null;
                }
                String entityUtils = EntityUtils.toString(classicHttpResponse.getEntity());
                EntityUtils.consumeQuietly(classicHttpResponse.getEntity());
                String str2 = null;
                String str3 = null;
                for (String str4 : entityUtils.split("&")) {
                    if (str4.startsWith("oauth_token_secret")) {
                        str3 = str4.substring(19);
                    } else if (str4.startsWith("oauth_token")) {
                        str2 = str4.substring(12);
                    }
                }
                return getOrCreateUser(app, str2 + Para.getConfig().separator() + str3);
            } catch (ParseException e) {
                logger.error((String) null, e);
                return null;
            }
        });
    }

    public UserAuthentication getOrCreateUser(App app, String str) throws IOException {
        if (str == null || !str.contains(Para.getConfig().separator())) {
            return SecurityUtils.checkIfActive(null, null, false);
        }
        String[] split = str.split(Para.getConfig().separator());
        String[] oAuthKeysForApp = Para.getConfig().getOAuthKeysForApp(app, "tw:");
        HashMap hashMap = new HashMap();
        HttpGet httpGet = new HttpGet("https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true");
        hashMap.put("include_email", new String[]{"true"});
        httpGet.setHeader("Authorization", OAuth1HmacSigner.sign("GET", PROFILE_URL, hashMap, oAuthKeysForApp[0], oAuthKeysForApp[1], split[0], split[1]));
        return (UserAuthentication) this.httpclient.execute(httpGet, classicHttpResponse -> {
            UserAuthentication userAuthentication = null;
            User user = new User();
            Map map = null;
            if (classicHttpResponse.getCode() == 200) {
                map = (Map) this.jreader.readValue(classicHttpResponse.getEntity().getContent());
                EntityUtils.consumeQuietly(classicHttpResponse.getEntity());
            }
            if (map == null || !map.containsKey("id_str")) {
                logger.info("Authentication request failed because user profile doesn't contain the expected attributes");
            } else {
                String str2 = (String) map.get("id_str");
                String str3 = (String) map.get("profile_image_url_https");
                String str4 = (String) map.get("screen_name");
                String str5 = (String) map.get("name");
                String str6 = (String) map.get("email");
                user.setAppid(getAppid(app));
                user.setIdentifier("tw:" + str2);
                user.setEmail(str6);
                user = User.readUserForIdentifier(user);
                if (user == null) {
                    user = new User();
                    user.setActive(true);
                    user.setAppid(getAppid(app));
                    user.setEmail(StringUtils.isBlank(str6) ? Utils.getNewId() + "@twitter.com" : str6);
                    user.setName(StringUtils.isBlank(str5) ? str4 : str5);
                    user.setPassword(Utils.generateSecurityToken());
                    user.setPicture(getPicture(str3));
                    user.setIdentifier("tw:" + str2);
                    if (user.create() == null) {
                        throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                    }
                } else if (updateUserInfo(user, str3, str6, str5)) {
                    user.update();
                }
                userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
            }
            return SecurityUtils.checkIfActive(userAuthentication, user, false);
        });
    }

    private boolean updateUserInfo(User user, String str, String str2, String str3) {
        String picture = getPicture(str);
        boolean z = false;
        if (!StringUtils.equals(user.getPicture(), picture)) {
            user.setPicture(picture);
            z = true;
        }
        if (!StringUtils.isBlank(str2) && !StringUtils.equals(user.getEmail(), str2)) {
            user.setEmail(str2);
            z = true;
        }
        if (!StringUtils.isBlank(str3) && !StringUtils.equals(user.getName(), str3)) {
            user.setName(str3);
            z = true;
        }
        return z;
    }

    private static String getPicture(String str) {
        if (str == null) {
            return null;
        }
        String replace = str.replace("_normal", CORSFilter.DEFAULT_EXPOSED_HEADERS);
        return replace.contains("?") ? replace.substring(0, replace.indexOf(63)) : replace;
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }
}
