package net.shibboleth.idp.plugin.authn.duo.impl;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.duo.DuoIntegration;
import net.shibboleth.idp.plugin.authn.duo.DuoAdminClient;
import net.shibboleth.idp.plugin.authn.duo.DuoAdminListMapResponseWrapper;
import net.shibboleth.idp.plugin.authn.duo.DuoAdminResponseWrapper;
import net.shibboleth.idp.plugin.authn.duo.DuoException;
import net.shibboleth.idp.plugin.authn.duo.model.User;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.logic.FunctionSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.apache.hc.core5.net.URIBuilder;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.slf4j.Logger;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/DefaultDuoAdminClient.class */
public class DefaultDuoAdminClient extends AbstractIdentifiableInitializableComponent implements DuoAdminClient {
    private static final int DEFAULT_BACKOFF_FACTOR = 2;
    private static final int DEFAULT_INITIAL_BACKOFF_MS = 1000;
    private static final int DEFAULT_MAX_BACKOFF_MS = 16000;
    private static final int RATE_LIMIT_ERROR_CODE = 429;

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    @NonnullAfterInit
    private ObjectMapper objectMapper;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultDuoAdminClient.class);

    @Nonnull
    private final Random random = new Random();
    private int backoffFactor = DEFAULT_BACKOFF_FACTOR;
    private int initialBackoff = DEFAULT_INITIAL_BACKOFF_MS;
    private int maxBackoff = DEFAULT_MAX_BACKOFF_MS;

    @Nonnull
    private Function<ProfileRequestContext, DuoIntegration> adminDuoIntegrationLookupStrategy = FunctionSupport.constant((Object) null);

    @Nonnull
    @NotEmpty
    private String usersAdminEndpoint = "/admin/v1/users";

    public void setBackoffFactor(int i) {
        checkSetterPreconditions();
        this.backoffFactor = i;
    }

    public void setInitialBackoff(int i) {
        checkSetterPreconditions();
        this.initialBackoff = i;
    }

    public void setMaxBackoff(int i) {
        checkSetterPreconditions();
        this.maxBackoff = i;
    }

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        checkSetterPreconditions();
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HTTP client cannot be null");
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        checkSetterPreconditions();
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    public void setObjectMapper(@Nonnull ObjectMapper objectMapper) {
        checkSetterPreconditions();
        this.objectMapper = (ObjectMapper) Constraint.isNotNull(objectMapper, "Object mapper cannot be null");
    }

    public void setAdminDuoIntegrationLookupStrategy(@Nonnull Function<ProfileRequestContext, DuoIntegration> function) {
        checkSetterPreconditions();
        this.adminDuoIntegrationLookupStrategy = (Function) Constraint.isNotNull(function, "AdminDuoIntegrationLookup strategy can not be null");
    }

    public void setUsersAdminEndpoint(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.usersAdminEndpoint = Constraint.isNotEmpty(str, "UserAdminEndpoint can not be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpClient == null) {
            throw new ComponentInitializationException("HttpClient cannot be null");
        }
        if (this.objectMapper == null) {
            throw new ComponentInitializationException("ObjectMapper cannot be null");
        }
    }

    @Nullable
    public User getUser(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull String str) throws DuoException {
        try {
            List list = (List) doAPIRequest(buildRequest(profileRequestContext, this.usersAdminEndpoint, Map.of("username", str)), new TypeReference<DuoAdminResponseWrapper<List<User>>>() { // from class: net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoAdminClient.1
            }, this.initialBackoff).getResponse();
            if (list.isEmpty()) {
                return null;
            }
            if (list.size() > 1) {
                throw new DuoException("User API response contained more than one record");
            }
            return (User) list.get(0);
        } catch (Exception e) {
            throw new DuoException("Unable to to get User '" + str + "' from Duo's Admin API", e);
        }
    }

    @Nonnull
    public <T extends DuoAdminResponseWrapper<?>> T retrieve(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty String str, @Nullable @NonnullElements Map<String, String> map, @Nonnull TypeReference<T> typeReference) throws DuoException {
        try {
            return (T) doAPIRequest(buildRequest(profileRequestContext, str, map), typeReference, this.initialBackoff);
        } catch (DuoException | IOException e) {
            throw new DuoException(e);
        }
    }

    @Nonnull
    public DuoAdminListMapResponseWrapper retrieve(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty String str, @Nullable @NonnullElements Map<String, String> map) throws DuoException {
        try {
            return doAPIRequest(buildRequest(profileRequestContext, str, map), new TypeReference<DuoAdminListMapResponseWrapper>() { // from class: net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoAdminClient.2
            }, this.initialBackoff);
        } catch (DuoException | IOException e) {
            throw new DuoException(e);
        }
    }

    @Nonnull
    private DuoIntegration getIntegrationAndCheckComponentActive(@Nonnull ProfileRequestContext profileRequestContext) throws DuoException {
        checkComponentActive();
        DuoIntegration apply = this.adminDuoIntegrationLookupStrategy.apply(profileRequestContext);
        if (apply == null) {
            throw new DuoException("Unable to locate Duo Integration.");
        }
        return apply;
    }

    @Nonnull
    private ClassicHttpRequest buildRequest(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty String str, @Nullable @NonnullElements Map<String, String> map) throws DuoException {
        DuoIntegration integrationAndCheckComponentActive = getIntegrationAndCheckComponentActive(profileRequestContext);
        try {
            ClassicRequestBuilder uri = ClassicRequestBuilder.get().setUri(new URIBuilder().setScheme("https").setHost(integrationAndCheckComponentActive.getAPIHost()).setPath(str).build());
            if (map != null) {
                Objects.requireNonNull(uri);
                map.forEach(uri::addParameter);
            }
            if (!$assertionsDisabled && uri == null) {
                throw new AssertionError();
            }
            DuoSupport.signRequest(uri, integrationAndCheckComponentActive);
            ClassicHttpRequest build = uri.build();
            if ($assertionsDisabled || build != null) {
                return build;
            }
            throw new AssertionError();
        } catch (URISyntaxException | InvalidKeyException | NoSuchAlgorithmException | EncodingException e) {
            throw new DuoException("Unable to to get response from Duo Admin API", e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:138:0x02b4 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @javax.annotation.Nonnull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private <T extends net.shibboleth.idp.plugin.authn.duo.DuoAdminResponseWrapper<?>> T doAPIRequest(@javax.annotation.Nonnull org.apache.hc.core5.http.ClassicHttpRequest r6, @javax.annotation.Nonnull com.fasterxml.jackson.core.type.TypeReference<T> r7, int r8) throws net.shibboleth.idp.plugin.authn.duo.DuoException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 714
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.shibboleth.idp.plugin.authn.duo.impl.DefaultDuoAdminClient.doAPIRequest(org.apache.hc.core5.http.ClassicHttpRequest, com.fasterxml.jackson.core.type.TypeReference, int):net.shibboleth.idp.plugin.authn.duo.DuoAdminResponseWrapper");
    }

    static {
        $assertionsDisabled = !DefaultDuoAdminClient.class.desiredAssertionStatus();
    }
}
