package org.gcube.keycloak.oidc.avatar.importer;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.ArrayUtils;
import org.gcube.keycloak.avatar.storage.AvatarStorageProvider;
import org.gcube.keycloak.oidc.avatar.importer.libravatar.Libravatar;
import org.gcube.keycloak.oidc.avatar.importer.libravatar.LibravatarDefaultImage;
import org.gcube.keycloak.oidc.avatar.importer.libravatar.LibravatarException;
import org.gcube.keycloak.oidc.avatar.importer.libravatar.LibravatarOptions;
import org.jboss.logging.Logger;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.keycloak.broker.oidc.mappers.AbstractClaimMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;

/* loaded from: input_file:avatar-importer.jar:org/gcube/keycloak/oidc/avatar/importer/AvatarImporter.class */
public class AvatarImporter extends AbstractClaimMapper {
    public static final String MAPPER_ID = "avatar-importer";
    private static final Logger logger = Logger.getLogger(AvatarImporter.class);
    public static final String[] PROVIDERS_WITH_PICTURE_CLAIM = {"google", "oidc", "keycloak-oidc"};
    public static final String[] PROVIDERS_WITH_SPECIFIC_CODE = {"facebook", "linkedin"};
    public static final String[] COMPATIBLE_PROVIDERS = (String[]) ArrayUtils.addAll(PROVIDERS_WITH_PICTURE_CLAIM, PROVIDERS_WITH_SPECIFIC_CODE);
    private static final Set<IdentityProviderSyncMode> IDENTITY_PROVIDER_SYNC_MODES = new HashSet(Arrays.asList(IdentityProviderSyncMode.values()));
    public static final Integer DEFAULT_AVATAR_SIZE = 160;
    public static final String USE_LIBRAVATAR_PROPERTY = "use-libravatar";
    public static final String FORK_IMPORT_THREAD_PROPERTY = "import-with-thread";
    private static final List<ProviderConfigProperty> configProperties = ProviderConfigurationBuilder.create().property().name(USE_LIBRAVATAR_PROPERTY).label("Use Libravater service").helpText("If the provider not provide the image claim, the email is used to search the avatar by using libravatar service.").defaultValue(Boolean.TRUE).type("boolean").add().property().name(FORK_IMPORT_THREAD_PROPERTY).label("Import avatar in a separate thread").helpText("Import the avatar by forking a new thread and don't wait the end of import.").defaultValue(Boolean.FALSE).type("boolean").add().build();

    public boolean supportsSyncMode(IdentityProviderSyncMode identityProviderSyncMode) {
        return IDENTITY_PROVIDER_SYNC_MODES.contains(identityProviderSyncMode);
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public String getId() {
        return MAPPER_ID;
    }

    public String[] getCompatibleProviders() {
        return COMPATIBLE_PROVIDERS;
    }

    public String getDisplayCategory() {
        return "Preprocessor";
    }

    public String getDisplayType() {
        return "Avatar importer";
    }

    public void updateBrokeredUserLegacy(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        logger.debug("Importing avatar for brokered user legacy");
        importNewUser(keycloakSession, realmModel, userModel, identityProviderMapperModel, brokeredIdentityContext);
    }

    public void updateBrokeredUser(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
        logger.debug("Importing avatar for brokered user");
        importNewUser(keycloakSession, realmModel, userModel, identityProviderMapperModel, brokeredIdentityContext);
    }

    public void importNewUser(final KeycloakSession keycloakSession, final RealmModel realmModel, final UserModel userModel, IdentityProviderMapperModel identityProviderMapperModel, final BrokeredIdentityContext brokeredIdentityContext) {
        final boolean booleanValue = Boolean.valueOf((String) identityProviderMapperModel.getConfig().get(USE_LIBRAVATAR_PROPERTY)).booleanValue();
        boolean booleanValue2 = Boolean.valueOf((String) identityProviderMapperModel.getConfig().get(FORK_IMPORT_THREAD_PROPERTY)).booleanValue();
        final String identityProviderAlias = identityProviderMapperModel.getIdentityProviderAlias();
        Runnable runnable = new Runnable() { // from class: org.gcube.keycloak.oidc.avatar.importer.AvatarImporter.1
            @Override // java.lang.Runnable
            public void run() {
                AvatarStorageProvider provider = keycloakSession.getProvider(AvatarStorageProvider.class);
                if (provider == null) {
                    AvatarImporter.logger.warn("Cannot perform avatar import since the avatar storage provider is null");
                    return;
                }
                InputStream inputStream = null;
                if (ArrayUtils.contains(AvatarImporter.PROVIDERS_WITH_PICTURE_CLAIM, identityProviderAlias)) {
                    String str = (String) AbstractClaimMapper.getClaimValue(brokeredIdentityContext, "picture");
                    if (str != null && !"".equals(str)) {
                        AvatarImporter.logger.infof("Getting avatar from token claim. Value is: %s", str);
                        try {
                            inputStream = new URL(str).openStream();
                        } catch (IOException e) {
                            AvatarImporter.logger.info("Cannot load avatar image from claim: " + str, e);
                        }
                    }
                } else if ("linkedin".equals(identityProviderAlias)) {
                    inputStream = AvatarImporter.this.loadAvatarFromLinkedIn(brokeredIdentityContext);
                } else if ("facebook".equals(identityProviderAlias)) {
                    inputStream = AvatarImporter.this.loadAvatarFromFacebook(brokeredIdentityContext);
                }
                if (inputStream == null) {
                    if (booleanValue) {
                        AvatarImporter.logger.debugf("Trying getting avatar from libravatar service", new Object[0]);
                        String email = userModel.getEmail();
                        try {
                            inputStream = Libravatar.from(email).withOptions(new LibravatarOptions().withHttps().defaultingTo(LibravatarDefaultImage.NOT_FOUND).withImageSize(AvatarImporter.DEFAULT_AVATAR_SIZE)).download();
                        } catch (LibravatarException e2) {
                            AvatarImporter.logger.infof("Avatar not found via libravatar for email: %s", email);
                        }
                    } else {
                        AvatarImporter.logger.debug("Skipped search on libravatar due to mapper configuration");
                    }
                }
                if (inputStream == null) {
                    AvatarImporter.logger.debugf("No avatar found for user: %s", userModel);
                } else {
                    AvatarImporter.logger.debug("Saving the image via avatar storage provider");
                    provider.saveAvatarImage(realmModel, userModel, inputStream);
                }
            }
        };
        if (booleanValue2) {
            logger.debug("Forking new thread to perform the avatar import");
            new Thread(runnable, "oidc-avatar-import").start();
        } else {
            logger.debug("Performing the avatar import in the same thread");
            runnable.run();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public InputStream loadAvatarFromLinkedIn(BrokeredIdentityContext brokeredIdentityContext) {
        logger.info("Getting avatar from LinkedIn profile picture prjection");
        try {
            String str = null;
            Iterator it = ((JSONArray) ((JSONObject) ((JSONObject) ((JSONObject) new JSONParser().parse(new InputStreamReader(new URL("https://api.linkedin.com/v2/me?projection=(profilePicture(displayImage~:playableStreams))&oauth2_access_token=" + getAccessTokenString(brokeredIdentityContext)).openStream()))).get("profilePicture")).get("displayImage~")).get("elements")).iterator();
            while (it.hasNext()) {
                JSONObject jSONObject = (JSONObject) it.next();
                if (((Double) ((JSONObject) ((JSONObject) ((JSONObject) jSONObject.get("data")).get("com.linkedin.digitalmedia.mediaartifact.StillImage")).get("displaySize")).get("width")).doubleValue() == 100.0d) {
                    str = (String) ((JSONObject) ((JSONArray) jSONObject.get("identifiers")).get(0)).get("identifier");
                }
            }
            if (str == null) {
                return null;
            }
            logger.infof("Opening stream connnection to %s", str);
            return new URL(str).openStream();
        } catch (IOException | ParseException e) {
            logger.info("Cannot load LinkedIn avatar image from projection", e);
            return null;
        }
    }

    protected InputStream loadAvatarFromFacebook(BrokeredIdentityContext brokeredIdentityContext) {
        logger.info("Getting avatar from Facebook Graph API call");
        try {
            return new URL(String.format("https://graph.facebook.com/%s/picture?type=normal", brokeredIdentityContext.getId())).openStream();
        } catch (IOException e) {
            logger.info("Cannot load Facebook avatar image from Graph API", e);
            return null;
        }
    }

    protected String getAccessTokenString(BrokeredIdentityContext brokeredIdentityContext) {
        return (String) brokeredIdentityContext.getContextData().get("FEDERATED_ACCESS_TOKEN");
    }

    public void preprocessFederatedIdentity(KeycloakSession keycloakSession, RealmModel realmModel, IdentityProviderMapperModel identityProviderMapperModel, BrokeredIdentityContext brokeredIdentityContext) {
    }

    public String getHelpText() {
        return "Import the IdP avatar image or use the libravatr service to find it.";
    }
}
