package org.apache.camel.component.linkedin.api;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.gargoylesoftware.htmlunit.BrowserVersion;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.ProxyConfig;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.WebClientOptions;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.WebResponse;
import com.gargoylesoftware.htmlunit.html.HtmlDivision;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import com.gargoylesoftware.htmlunit.html.HtmlTextInput;
import com.gargoylesoftware.htmlunit.util.WebConnectionWrapper;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.http.HttpHost;
import org.apache.http.conn.params.ConnRoutePNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(1000)
/* loaded from: input_file:org/apache/camel/component/linkedin/api/LinkedInOAuthRequestFilter.class */
public final class LinkedInOAuthRequestFilter implements ClientRequestFilter {
    public static final String BASE_ADDRESS = "https://api.linkedin.com/v1";
    private static final String AUTHORIZATION_URL = "https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=%s&state=%s&redirect_uri=%s";
    private static final String AUTHORIZATION_URL_WITH_SCOPE = "https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=%s&state=%s&scope=%s&redirect_uri=%s";
    private static final String ACCESS_TOKEN_URL = "https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=%s&redirect_uri=%s&client_id=%s&client_secret=%s";
    private final OAuthParams oAuthParams;
    private static final Logger LOG = LoggerFactory.getLogger(LinkedInOAuthRequestFilter.class);
    private static final Pattern QUERY_PARAM_PATTERN = Pattern.compile("&?([^=]+)=([^&]+)");
    private OAuthToken oAuthToken = null;
    private final WebClient webClient = new WebClient(BrowserVersion.FIREFOX_24);

    public LinkedInOAuthRequestFilter(OAuthParams oAuthParams, Map<String, Object> map, boolean z, String[] strArr) {
        this.oAuthParams = oAuthParams;
        WebClientOptions options = this.webClient.getOptions();
        options.setRedirectEnabled(true);
        options.setJavaScriptEnabled(false);
        options.setThrowExceptionOnFailingStatusCode(true);
        options.setThrowExceptionOnScriptError(true);
        options.setPrintContentOnFailingStatusCode(LOG.isDebugEnabled());
        options.setSSLClientProtocols(strArr);
        if (map != null && map.get(ConnRoutePNames.DEFAULT_PROXY) != null) {
            HttpHost httpHost = (HttpHost) map.get(ConnRoutePNames.DEFAULT_PROXY);
            Boolean bool = (Boolean) map.get("http.route.socks-proxy");
            options.setProxyConfig(new ProxyConfig(httpHost.getHostName(), httpHost.getPort(), bool != null ? bool.booleanValue() : false));
        }
        new WebConnectionWrapper(this.webClient) { // from class: org.apache.camel.component.linkedin.api.LinkedInOAuthRequestFilter.1
            @Override // com.gargoylesoftware.htmlunit.util.WebConnectionWrapper, com.gargoylesoftware.htmlunit.WebConnection
            public WebResponse getResponse(WebRequest webRequest) throws IOException {
                webRequest.setAdditionalHeader("Accept-Encoding", "identity");
                return super.getResponse(webRequest);
            }
        };
        if (z) {
            return;
        }
        try {
            updateOAuthToken();
        } catch (IOException e) {
            throw new IllegalArgumentException(String.format("Error authorizing user %s: %s", oAuthParams.getUserName(), e.getMessage()), e);
        }
    }

    private String getRefreshToken() {
        String format;
        HtmlPage htmlPage;
        String substring;
        this.webClient.getOptions().setRedirectEnabled(false);
        try {
            String valueOf = String.valueOf(new SecureRandom().nextLong());
            String encode = URLEncoder.encode(this.oAuthParams.getRedirectUri(), "UTF-8");
            OAuthScope[] scopes = this.oAuthParams.getScopes();
            if (scopes == null || scopes.length == 0) {
                format = String.format(AUTHORIZATION_URL, this.oAuthParams.getClientId(), valueOf, encode);
            } else {
                int length = scopes.length;
                StringBuilder sb = new StringBuilder();
                int i = 0;
                for (OAuthScope oAuthScope : scopes) {
                    sb.append(oAuthScope.getValue());
                    i++;
                    if (i < length) {
                        sb.append("%20");
                    }
                }
                format = String.format(AUTHORIZATION_URL_WITH_SCOPE, this.oAuthParams.getClientId(), valueOf, sb.toString(), encode);
            }
            try {
                htmlPage = (HtmlPage) this.webClient.getPage(format);
            } catch (FailingHttpStatusCodeException e) {
                if (e.getStatusCode() != 302) {
                    throw e;
                }
                URL url = new URL(e.getResponse().getResponseHeaderValue("Location"));
                String query = url.getQuery();
                if (query != null && query.contains("error=")) {
                    throw new IOException(URLDecoder.decode(query).replaceAll("&", ", "));
                }
                htmlPage = (HtmlPage) this.webClient.getPage(url);
            }
            HtmlDivision htmlDivision = (HtmlDivision) htmlPage.getFirstByXPath("//div[@role='alert']");
            if (htmlDivision != null) {
                throw new IllegalArgumentException("Error authorizing application: " + htmlDivision.getTextContent());
            }
            HtmlForm formByName = htmlPage.getFormByName("oauth2SAuthorizeForm");
            ((HtmlTextInput) formByName.getInputByName("session_key")).setText(this.oAuthParams.getUserName());
            ((HtmlPasswordInput) formByName.getInputByName("session_password")).setText(this.oAuthParams.getUserPassword());
            try {
                substring = ((HtmlSubmitInput) formByName.getInputByName("authorize")).click().getUrl().getQuery();
            } catch (FailingHttpStatusCodeException e2) {
                if (e2.getStatusCode() != 302) {
                    throw e2;
                }
                String responseHeaderValue = e2.getResponse().getResponseHeaderValue("Location");
                substring = responseHeaderValue.substring(responseHeaderValue.indexOf(63) + 1);
            }
            HashMap hashMap = new HashMap();
            Matcher matcher = QUERY_PARAM_PATTERN.matcher(substring);
            while (matcher.find()) {
                hashMap.put(matcher.group(1), matcher.group(2));
            }
            if (valueOf.equals((String) hashMap.get(OAuthConstants.STATE))) {
                return (String) hashMap.get("code");
            }
            throw new SecurityException("Invalid CSRF code!");
        } catch (IOException e3) {
            throw new IllegalArgumentException("Error authorizing application: " + e3.getMessage(), e3);
        }
    }

    public void close() {
        this.webClient.closeAllWindows();
    }

    private OAuthToken getAccessToken(String str) throws IOException {
        WebResponse loadWebResponse = this.webClient.loadWebResponse(new WebRequest(new URL(String.format(ACCESS_TOKEN_URL, str, this.oAuthParams.getRedirectUri(), this.oAuthParams.getClientId(), this.oAuthParams.getClientSecret())), HttpMethod.POST));
        if (loadWebResponse.getStatusCode() != 200) {
            throw new IOException(String.format("Error getting access token: [%s: %s]", Integer.valueOf(loadWebResponse.getStatusCode()), loadWebResponse.getStatusMessage()));
        }
        long currentTimeMillis = System.currentTimeMillis();
        return new OAuthToken(str, ((Map) new ObjectMapper().readValue(loadWebResponse.getContentAsStream(), Map.class)).get(OAuthConstants.ACCESS_TOKEN).toString(), currentTimeMillis + TimeUnit.MILLISECONDS.convert(Integer.valueOf(r0.get(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN).toString()).intValue(), TimeUnit.SECONDS));
    }

    public synchronized OAuthToken getOAuthToken() {
        return this.oAuthToken;
    }

    @Override // javax.ws.rs.client.ClientRequestFilter
    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        updateOAuthToken();
        String uri = clientRequestContext.getUri().toString();
        StringBuilder sb = new StringBuilder(uri);
        if (uri.contains("?")) {
            sb.append('&');
        } else {
            sb.append('?');
        }
        sb.append("oauth2_access_token=").append(this.oAuthToken.getAccessToken());
        clientRequestContext.setUri(URI.create(sb.toString()));
    }

    private synchronized void updateOAuthToken() throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.oAuthToken == null || this.oAuthToken.getExpiryTime() < currentTimeMillis) {
            LOG.info("OAuth token doesn't exist or has expired");
            OAuthSecureStorage secureStorage = this.oAuthParams.getSecureStorage();
            if (secureStorage != null) {
                this.oAuthToken = secureStorage.getOAuthToken();
                if (this.oAuthToken != null && this.oAuthToken.getExpiryTime() > currentTimeMillis) {
                    return;
                }
                LOG.info("OAuth secure storage returned a null or expired token, creating a new token...");
                if (this.oAuthParams.getUserPassword() == null || this.oAuthParams.getUserPassword().isEmpty()) {
                    throw new IllegalArgumentException("Missing password for LinkedIn authorization");
                }
            }
            this.oAuthToken = getAccessToken(getRefreshToken());
            LOG.info("OAuth token created!");
            if (secureStorage != null) {
                secureStorage.saveOAuthToken(this.oAuthToken);
            }
        }
    }
}
