package org.thingsboard.server.service.mail;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.auth.oauth2.RefreshTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import jakarta.mail.MessagingException;
import jakarta.mail.internet.MimeMessage;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Properties;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;
import org.springframework.mail.MailException;
import org.springframework.mail.javamail.JavaMailSenderImpl;
import org.thingsboard.server.common.data.AdminSettings;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.mail.MailOauth2Provider;
import org.thingsboard.server.dao.exception.IncorrectParameterException;

/* loaded from: input_file:org/thingsboard/server/service/mail/TbMailSender.class */
public class TbMailSender extends JavaMailSenderImpl {
    private static final Logger log = LoggerFactory.getLogger(TbMailSender.class);
    private static final String MAIL_PROP = "mail.";
    private final TbMailContextComponent ctx;
    private final Boolean oauth2Enabled;
    private volatile String accessToken;
    private final Lock lock = new ReentrantLock();
    private volatile long tokenExpires = 0;

    public TbMailSender(TbMailContextComponent tbMailContextComponent, JsonNode jsonNode) {
        this.ctx = tbMailContextComponent;
        this.oauth2Enabled = Boolean.valueOf(jsonNode.has("enableOauth2") && jsonNode.get("enableOauth2").asBoolean());
        setHost(jsonNode.get("smtpHost").asText());
        setPort(parsePort(jsonNode.get("smtpPort").asText()));
        setUsername(jsonNode.get("username").asText());
        if (jsonNode.has("password")) {
            setPassword(jsonNode.get("password").asText());
        }
        setJavaMailProperties(createJavaMailProperties(jsonNode));
    }

    public Boolean getOauth2Enabled() {
        return this.oauth2Enabled;
    }

    public long getTokenExpires() {
        return this.tokenExpires;
    }

    protected void doSend(MimeMessage[] mimeMessageArr, @Nullable Object[] objArr) throws MailException {
        updateOauth2PasswordIfExpired();
        doSendSuper(mimeMessageArr, objArr);
    }

    public void doSendSuper(MimeMessage[] mimeMessageArr, Object[] objArr) {
        super.doSend(mimeMessageArr, objArr);
    }

    public void testConnection() throws MessagingException {
        updateOauth2PasswordIfExpired();
        testConnectionSuper();
    }

    public void testConnectionSuper() throws MessagingException {
        super.testConnection();
    }

    public void updateOauth2PasswordIfExpired() {
        if (!getOauth2Enabled().booleanValue() || System.currentTimeMillis() <= getTokenExpires()) {
            return;
        }
        refreshAccessToken();
        setPassword(this.accessToken);
    }

    private Properties createJavaMailProperties(JsonNode jsonNode) {
        Properties properties = new Properties();
        String asText = jsonNode.get("smtpProtocol").asText();
        properties.put("mail.transport.protocol", asText);
        properties.put("mail." + asText + ".host", jsonNode.get("smtpHost").asText());
        properties.put("mail." + asText + ".port", jsonNode.get("smtpPort").asText());
        properties.put("mail." + asText + ".timeout", jsonNode.get("timeout").asText());
        properties.put("mail." + asText + ".auth", String.valueOf(StringUtils.isNotEmpty(jsonNode.get("username").asText())));
        boolean z = false;
        if (jsonNode.has("enableTls")) {
            if (jsonNode.get("enableTls").isBoolean() && jsonNode.get("enableTls").booleanValue()) {
                z = true;
            } else if (jsonNode.get("enableTls").isTextual()) {
                z = "true".equalsIgnoreCase(jsonNode.get("enableTls").asText());
            }
        }
        properties.put("mail." + asText + ".starttls.enable", Boolean.valueOf(z));
        if (z && jsonNode.has("tlsVersion") && !jsonNode.get("tlsVersion").isNull()) {
            String asText2 = jsonNode.get("tlsVersion").asText();
            if (StringUtils.isNoneEmpty(asText2)) {
                properties.put("mail." + asText + ".ssl.protocols", asText2);
            }
        }
        if (jsonNode.has("enableProxy") && jsonNode.get("enableProxy").asBoolean()) {
            properties.put("mail." + asText + ".proxy.host", jsonNode.get("proxyHost").asText());
            properties.put("mail." + asText + ".proxy.port", jsonNode.get("proxyPort").asText());
            String asText3 = jsonNode.get("proxyUser").asText();
            if (StringUtils.isNoneEmpty(asText3)) {
                properties.put("mail." + asText + ".proxy.user", asText3);
            }
            String asText4 = jsonNode.get("proxyPassword").asText();
            if (StringUtils.isNoneEmpty(asText4)) {
                properties.put("mail." + asText + ".proxy.password", asText4);
            }
        }
        if (this.oauth2Enabled.booleanValue()) {
            properties.put("mail." + asText + ".auth.mechanisms", "XOAUTH2");
        }
        return properties;
    }

    public void refreshAccessToken() {
        this.lock.lock();
        try {
            try {
                if (System.currentTimeMillis() > getTokenExpires()) {
                    AdminSettings findAdminSettingsByKey = this.ctx.getAdminSettingsService().findAdminSettingsByKey(TenantId.SYS_TENANT_ID, "mail");
                    ObjectNode jsonValue = findAdminSettingsByKey.getJsonValue();
                    String asText = jsonValue.get("clientId").asText();
                    String asText2 = jsonValue.get("clientSecret").asText();
                    String asText3 = jsonValue.get("refreshToken").asText();
                    String asText4 = jsonValue.get("tokenUri").asText();
                    String asText5 = jsonValue.get("providerId").asText();
                    TokenResponse execute = new RefreshTokenRequest(new NetHttpTransport(), new GsonFactory(), new GenericUrl(asText4), asText3).setClientAuthentication(new ClientParametersAuthentication(asText, asText2)).execute();
                    if (MailOauth2Provider.OFFICE_365.name().equals(asText5)) {
                        jsonValue.put("refreshToken", execute.getRefreshToken());
                        jsonValue.put("refreshTokenExpires", Instant.now().plus((TemporalAmount) Duration.ofDays(90L)).toEpochMilli());
                        this.ctx.getAdminSettingsService().saveAdminSettings(TenantId.SYS_TENANT_ID, findAdminSettingsByKey);
                    }
                    this.accessToken = execute.getAccessToken();
                    this.tokenExpires = System.currentTimeMillis() + (execute.getExpiresInSeconds().intValue() * 1000);
                }
            } catch (Exception e) {
                log.error("Unable to retrieve access token: {}", e.getMessage());
                throw new RuntimeException("Error while retrieving access token: " + e.getMessage());
            }
        } finally {
            this.lock.unlock();
        }
    }

    private int parsePort(String str) {
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            throw new IncorrectParameterException(String.format("Invalid smtp port value: %s", str));
        }
    }
}
