package com.atlassian.crowd.directory.rest;

import com.atlassian.crowd.directory.query.GraphQuery;
import com.atlassian.crowd.directory.query.MicrosoftGraphQueryParam;
import com.atlassian.crowd.directory.query.MicrosoftGraphQueryParams;
import com.atlassian.crowd.directory.query.ODataSelect;
import com.atlassian.crowd.directory.query.ODataTop;
import com.atlassian.crowd.directory.rest.endpoint.AzureApiUriResolver;
import com.atlassian.crowd.directory.rest.entity.GraphDirectoryObjectList;
import com.atlassian.crowd.directory.rest.entity.PageableGraphList;
import com.atlassian.crowd.directory.rest.entity.delta.GraphDeltaQueryGroupList;
import com.atlassian.crowd.directory.rest.entity.delta.GraphDeltaQueryUserList;
import com.atlassian.crowd.directory.rest.entity.group.GraphGroupList;
import com.atlassian.crowd.directory.rest.entity.user.GraphUsersList;
import com.atlassian.crowd.directory.rest.util.IoUtilsWrapper;
import com.atlassian.crowd.directory.rest.util.JerseyLoggingFilter;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.security.xml.SecureXmlParserFactory;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Charsets;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.client.impl.ClientRequestImpl;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriBuilder;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/atlassian/crowd/directory/rest/AzureAdRestClient.class */
public class AzureAdRestClient {
    private static final Logger log = LoggerFactory.getLogger(AzureAdRestClient.class);
    public static final String GRAPH_API_VERSION = "/v1.0";
    public static final String GRAPH_USERS_ENDPOINT_SUFFIX = "users";
    public static final String GRAPH_GROUPS_ENDPOINT_SUFFIX = "groups";
    public static final String METADATA_ENDPOINT_SUFFIX = "$metadata";
    public static final String MEMBER_OF_NAVIGATIONAL_PROPERTY = "memberOf";
    public static final String MEMBERS_NAVIGATIONAL_PROPERTY = "members";
    public static final String DELTA_QUERY_ENDPOINT_SUFFIX = "delta";
    public static final String TRASH_ENDPOINT_SUFFIX = "directory/deleteditems";
    private static final String SCHEMA_XPATH = "/Edmx/DataServices/Schema";
    private static final String DELTA_RETURN_PATHS_XPATH = "/Edmx/DataServices/Schema/Function[@Name='delta']/ReturnType";
    private static final String CHARSET_PARAMETER_NAME = "charset";
    private static final String ALIAS_ATTRIBUTE_NAME = "Alias";
    private static final String RETURN_TYPE_ATTRIBUTE_NAME = "Type";
    private static final String NAMESPACE_ATTRIBUTE_NAME = "Namespace";
    public static final String COLLECTION_TYPE_FORMAT = "Collection(%s.%s)";
    public static final String USER_SUFFIX = "user";
    public static final String GROUP_SUFFIX = "group";
    private final Client client;
    private final String graphBaseEndpoint;
    private final IoUtilsWrapper ioUtilsWrapper;

    @VisibleForTesting
    public Client getClient() {
        return this.client;
    }

    @SuppressFBWarnings(value = {"XPATH_INJECTION"}, justification = "No user input processed")
    public AzureAdRestClient(Client client, AzureApiUriResolver azureApiUriResolver, IoUtilsWrapper ioUtilsWrapper) {
        this.client = client;
        this.graphBaseEndpoint = azureApiUriResolver.getGraphApiUrl();
        this.ioUtilsWrapper = ioUtilsWrapper;
    }

    public GraphUsersList searchUsers(GraphQuery graphQuery) throws OperationFailedException {
        return (GraphUsersList) handleRequest(() -> {
            return (GraphUsersList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_USERS_ENDPOINT_SUFFIX).queryParams(MicrosoftGraphQueryParams.asQueryParams(graphQuery.getFilter(), graphQuery.getSelect(), graphQuery.getLimit())).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphUsersList.class);
        });
    }

    public GraphGroupList searchGroups(GraphQuery graphQuery) throws OperationFailedException {
        return (GraphGroupList) handleRequest(() -> {
            return (GraphGroupList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_GROUPS_ENDPOINT_SUFFIX).queryParams(MicrosoftGraphQueryParams.asQueryParams(graphQuery.getFilter(), graphQuery.getSelect(), graphQuery.getLimit())).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphGroupList.class);
        });
    }

    public GraphDirectoryObjectList getDirectParentsOfUser(String str, ODataSelect oDataSelect) throws OperationFailedException {
        return (GraphDirectoryObjectList) handleRequest(() -> {
            return (GraphDirectoryObjectList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_USERS_ENDPOINT_SUFFIX).path(str).path(MEMBER_OF_NAVIGATIONAL_PROPERTY).queryParams(MicrosoftGraphQueryParams.asQueryParams(ODataTop.FULL_PAGE, oDataSelect)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphDirectoryObjectList.class);
        });
    }

    public GraphDirectoryObjectList getDirectParentsOfGroup(String str, ODataSelect oDataSelect) throws OperationFailedException {
        return (GraphDirectoryObjectList) handleRequest(() -> {
            return (GraphDirectoryObjectList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_GROUPS_ENDPOINT_SUFFIX).path(str).path(MEMBER_OF_NAVIGATIONAL_PROPERTY).queryParams(MicrosoftGraphQueryParams.asQueryParams(ODataTop.FULL_PAGE, oDataSelect)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphDirectoryObjectList.class);
        });
    }

    public GraphDirectoryObjectList getDirectChildrenOfGroup(String str, ODataSelect oDataSelect) throws OperationFailedException {
        return (GraphDirectoryObjectList) handleRequest(() -> {
            return (GraphDirectoryObjectList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_GROUPS_ENDPOINT_SUFFIX).path(str).path(MEMBERS_NAVIGATIONAL_PROPERTY).queryParams(MicrosoftGraphQueryParams.asQueryParams(oDataSelect)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphDirectoryObjectList.class);
        });
    }

    public GraphDeltaQueryUserList performUsersDeltaQuery(MicrosoftGraphQueryParam microsoftGraphQueryParam) throws OperationFailedException {
        return (GraphDeltaQueryUserList) handleRequest(() -> {
            return (GraphDeltaQueryUserList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_USERS_ENDPOINT_SUFFIX).path(DELTA_QUERY_ENDPOINT_SUFFIX).queryParams(MicrosoftGraphQueryParams.asQueryParams(microsoftGraphQueryParam)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphDeltaQueryUserList.class);
        });
    }

    public GraphDeltaQueryGroupList performGroupsDeltaQuery(MicrosoftGraphQueryParam... microsoftGraphQueryParamArr) throws OperationFailedException {
        return (GraphDeltaQueryGroupList) handleRequest(() -> {
            return (GraphDeltaQueryGroupList) loggingResource(this.client.resource(getGraphBaseResource())).path(GRAPH_GROUPS_ENDPOINT_SUFFIX).path(DELTA_QUERY_ENDPOINT_SUFFIX).queryParams(MicrosoftGraphQueryParams.asQueryParams(microsoftGraphQueryParamArr)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(GraphDeltaQueryGroupList.class);
        });
    }

    @SuppressFBWarnings(value = {"XXE_DOCUMENT"}, justification = "uses atlassian-secure-xml")
    public boolean supportsDeltaQuery() {
        try {
            log.debug("Fetching metadata from URI {}", UriBuilder.fromUri(getGraphBaseResource()).path(METADATA_ENDPOINT_SUFFIX).build(new Object[0]).toString());
            ClientResponse clientResponse = (ClientResponse) loggingResource(this.client.resource(getGraphBaseResource())).path(METADATA_ENDPOINT_SUFFIX).get(ClientResponse.class);
            checkStatusCode(clientResponse);
            Charset extractEncoding = extractEncoding(clientResponse);
            Document parse = SecureXmlParserFactory.newDocumentBuilder().parse(this.ioUtilsWrapper.toInputStream((String) clientResponse.getEntity(String.class), extractEncoding));
            XPath newXPath = XPathFactory.newInstance().newXPath();
            return supportsUsersAndGroupsDeltaQuery((NodeList) newXPath.compile(SCHEMA_XPATH).evaluate(parse, XPathConstants.NODESET), (NodeList) newXPath.compile(DELTA_RETURN_PATHS_XPATH).evaluate(parse, XPathConstants.NODESET));
        } catch (IOException | XPathExpressionException | SAXException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean supportsUsersAndGroupsDeltaQuery(NodeList nodeList, NodeList nodeList2) {
        IntStream range = IntStream.range(0, nodeList.getLength());
        nodeList.getClass();
        Set set = (Set) range.mapToObj(nodeList::item).map(node -> {
            return getPresentAttributeValues(node, ALIAS_ATTRIBUTE_NAME, NAMESPACE_ATTRIBUTE_NAME);
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
        Set set2 = (Set) set.stream().map(str -> {
            return String.format(COLLECTION_TYPE_FORMAT, str, USER_SUFFIX);
        }).collect(Collectors.toSet());
        Set set3 = (Set) set.stream().map(str2 -> {
            return String.format(COLLECTION_TYPE_FORMAT, str2, GROUP_SUFFIX);
        }).collect(Collectors.toSet());
        IntStream range2 = IntStream.range(0, nodeList2.getLength());
        nodeList2.getClass();
        Set set4 = (Set) range2.mapToObj(nodeList2::item).flatMap(node2 -> {
            return getPresentAttributeValues(node2, RETURN_TYPE_ATTRIBUTE_NAME).stream();
        }).collect(Collectors.toSet());
        return (Collections.disjoint(set2, set4) || Collections.disjoint(set3, set4)) ? false : true;
    }

    private Set<String> getPresentAttributeValues(Node node, String... strArr) {
        Optional map = Optional.ofNullable(node).map((v0) -> {
            return v0.getAttributes();
        });
        if (!map.isPresent()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            Optional map2 = map.map(namedNodeMap -> {
                return namedNodeMap.getNamedItem(str);
            }).map((v0) -> {
                return v0.getNodeValue();
            });
            hashSet.getClass();
            map2.ifPresent((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }

    private void checkStatusCode(ClientResponse clientResponse) {
        if (clientResponse.getStatus() >= 300) {
            throw new UniformInterfaceException(clientResponse, new ClientRequestImpl(clientResponse.getLocation(), "GET").getPropertyAsFeature("com.sun.jersey.client.property.bufferResponseEntityOnException", true));
        }
    }

    private Charset extractEncoding(ClientResponse clientResponse) {
        return (Charset) clientResponse.getType().getParameters().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).equals(CHARSET_PARAMETER_NAME);
        }).findFirst().map(entry2 -> {
            return Charset.forName((String) entry2.getValue());
        }).orElse(Charsets.UTF_8);
    }

    @VisibleForTesting
    public String getGraphBaseResource() {
        return this.graphBaseEndpoint + GRAPH_API_VERSION;
    }

    public <T extends PageableGraphList> T getNextPage(String str, Class<T> cls) throws OperationFailedException {
        return (T) handleRequest(() -> {
            return (PageableGraphList) loggingResource(this.client.resource(str)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(cls);
        });
    }

    public <T extends PageableGraphList> T getNextPage(String str, Class<T> cls, ODataTop oDataTop) throws OperationFailedException {
        URI build = UriBuilder.fromUri(str).replaceQueryParam(ODataTop.QUERY_PARAM_NAME, new Object[]{oDataTop.asRawValue()}).build(new Object[0]);
        return (T) handleRequest(() -> {
            return (PageableGraphList) loggingResource(this.client.resource(build)).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(cls);
        });
    }

    @VisibleForTesting
    public <T> T handleRequest(Supplier<T> supplier) throws OperationFailedException {
        try {
            return supplier.get();
        } catch (UniformInterfaceException e) {
            throw new OperationFailedException(String.format("Microsoft Graph API has returned an error response. Response status code: %d, content %s", Integer.valueOf(e.getResponse().getStatus()), e.getResponse().getEntity(String.class)), e);
        }
    }

    private WebResource loggingResource(WebResource webResource) {
        webResource.addFilter(new JerseyLoggingFilter());
        return webResource;
    }
}
