package net.shibboleth.idp.plugin.authn.duo;

import com.google.common.net.UrlEscapers;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.net.CookieManager;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.security.DataSealer;
import net.shibboleth.shared.security.DataSealerException;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/PasswordlessCookieManager.class */
public class PasswordlessCookieManager extends AbstractInitializableComponent {

    @Nonnull
    @NotEmpty
    public static final String NEGATIVE_VALUE = "__NO";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(PasswordlessCookieManager.class);

    @NotEmpty
    @Nullable
    private String cookieName;

    @Nullable
    private CookieManager cookieManager;

    @Nullable
    private DataSealer dataSealer;
    private boolean active;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setCookieName(@Nullable String str) {
        checkSetterPreconditions();
        this.cookieName = StringSupport.trimOrNull(str);
    }

    public void setCookieManager(@Nullable CookieManager cookieManager) {
        checkSetterPreconditions();
        this.cookieManager = cookieManager;
    }

    public void setDataSealer(@Nullable DataSealer dataSealer) {
        checkSetterPreconditions();
        this.dataSealer = dataSealer;
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        this.active = (this.cookieName == null || this.cookieManager == null || this.dataSealer == null) ? false : true;
    }

    public boolean isOptOut() {
        checkComponentActive();
        if (!this.active) {
            return false;
        }
        if (!$assertionsDisabled && this.cookieManager == null) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || this.cookieName != null) {
            return NEGATIVE_VALUE.equals(this.cookieManager.getCookieValue(this.cookieName, (String) null));
        }
        throw new AssertionError();
    }

    @NotEmpty
    @Nullable
    public String readCookie() {
        checkComponentActive();
        if (!this.active) {
            return null;
        }
        if (!$assertionsDisabled && this.cookieManager == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.cookieName == null) {
            throw new AssertionError();
        }
        String cookieValue = this.cookieManager.getCookieValue(this.cookieName, (String) null);
        if (cookieValue == null || NEGATIVE_VALUE.equals(cookieValue)) {
            return null;
        }
        String doURLDecode = net.shibboleth.shared.net.URISupport.doURLDecode(cookieValue);
        if (doURLDecode == null) {
            this.log.error("Error decoding unwrapped cookie value");
            return null;
        }
        try {
            if ($assertionsDisabled || this.dataSealer != null) {
                return this.dataSealer.unwrap(doURLDecode);
            }
            throw new AssertionError();
        } catch (DataSealerException e) {
            this.log.warn("Unable to unwrap sealed cookie", e);
            return null;
        }
    }

    public boolean writeCookie(@Nullable String str) {
        checkComponentActive();
        if (!this.active) {
            return false;
        }
        if (str == null || NEGATIVE_VALUE.equals(str)) {
            if (!$assertionsDisabled && this.cookieManager == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && this.cookieName == null) {
                throw new AssertionError();
            }
            this.cookieManager.addCookie(this.cookieName, NEGATIVE_VALUE);
            return true;
        }
        try {
            if (!$assertionsDisabled && this.dataSealer == null) {
                throw new AssertionError();
            }
            String escape = UrlEscapers.urlFormParameterEscaper().escape(this.dataSealer.wrap(str));
            if (!$assertionsDisabled && this.cookieManager == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && this.cookieName == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && escape == null) {
                throw new AssertionError();
            }
            this.cookieManager.addCookie(this.cookieName, escape);
            return true;
        } catch (DataSealerException e) {
            this.log.warn("Unable to wrap username for cookie", e);
            return false;
        }
    }

    public boolean refreshCookie() {
        checkComponentActive();
        if (!this.active) {
            return false;
        }
        String readCookie = readCookie();
        if (readCookie != null) {
            return writeCookie(readCookie);
        }
        return true;
    }

    public void clearCookie() {
        checkComponentActive();
        if (this.active) {
            if (!$assertionsDisabled && this.cookieManager == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && this.cookieName == null) {
                throw new AssertionError();
            }
            this.cookieManager.unsetCookie(this.cookieName);
        }
    }

    static {
        $assertionsDisabled = !PasswordlessCookieManager.class.desiredAssertionStatus();
    }
}
