package net.shibboleth.idp.plugin.authn.duo.sdk.impl;

import com.duosecurity.Client;
import com.duosecurity.exception.DuoException;
import com.duosecurity.model.HealthCheckResponse;
import com.duosecurity.model.Token;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.text.ParseException;
import java.util.List;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.idp.plugin.authn.duo.AbstractDuoOIDCClient;
import net.shibboleth.idp.plugin.authn.duo.DuoClientException;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.model.DuoHealthCheck;
import net.shibboleth.idp.plugin.authn.duo.model.DuoHealthCheckResponse;
import net.shibboleth.oidc.security.JWSAssemblyUtils;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.slf4j.Logger;

@ThreadSafe
@Immutable
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/sdk/impl/DuoSDKClientAdaptor.class */
public final class DuoSDKClientAdaptor extends AbstractDuoOIDCClient {

    @Nonnull
    private final Client client;

    @Nonnull
    private final DuoOIDCIntegration duoIntegration;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DuoSDKClientAdaptor.class);

    @Nonnull
    private final Function<HealthCheckResponse, DuoHealthCheck> healthCheckResponseConverter = new DefaultHealthCheckResponseConverter();

    @Nonnull
    private final BiFunction<Token, DuoOIDCIntegration, JWT> tokenResponseConverter = new DefaultTokenResponseConverter();

    @ThreadSafe
    /* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/sdk/impl/DuoSDKClientAdaptor$DefaultHealthCheckResponseConverter.class */
    private class DefaultHealthCheckResponseConverter implements Function<HealthCheckResponse, DuoHealthCheck> {
        static final /* synthetic */ boolean $assertionsDisabled;

        private DefaultHealthCheckResponseConverter() {
        }

        @Override // java.util.function.Function
        public DuoHealthCheck apply(@Nullable HealthCheckResponse healthCheckResponse) {
            if ($assertionsDisabled || healthCheckResponse != null) {
                return DuoHealthCheck.builder().withStatus(healthCheckResponse.getStat()).withCode(healthCheckResponse.getCode()).withMessage(healthCheckResponse.getMessage()).withMessageDetail(healthCheckResponse.getMessage_detail()).withResponse(new DuoHealthCheckResponse(healthCheckResponse.getResponse().getTimestamp())).withTimestamp(healthCheckResponse.getTimestamp()).build();
            }
            throw new AssertionError();
        }

        static {
            $assertionsDisabled = !DuoSDKClientAdaptor.class.desiredAssertionStatus();
        }
    }

    @ThreadSafe
    /* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/sdk/impl/DuoSDKClientAdaptor$DefaultTokenResponseConverter.class */
    private final class DefaultTokenResponseConverter implements BiFunction<Token, DuoOIDCIntegration, JWT> {

        @Nonnull
        private final ObjectMapper objectMapper = new ObjectMapper();

        private DefaultTokenResponseConverter() {
        }

        @Override // java.util.function.BiFunction
        @Nullable
        public JWT apply(@Nullable Token token, @Nullable DuoOIDCIntegration duoOIDCIntegration) {
            if (duoOIDCIntegration == null) {
                return null;
            }
            try {
                return JWSAssemblyUtils.assembleMacJws(JWSAlgorithm.HS512, JWTClaimsSet.parse(this.objectMapper.writeValueAsString(token)), JWSAssemblyUtils.getSecretBytes(duoOIDCIntegration.getSecretKey()));
            } catch (JsonProcessingException | ParseException | JOSEException | EncodingException e) {
                DuoSDKClientAdaptor.this.log.error("Could not convert Duo Token to a Nimbus JWT Token", e);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DuoSDKClientAdaptor(@Nonnull DuoOIDCIntegration duoOIDCIntegration, @Nullable List<String> list) throws DuoClientException {
        this.duoIntegration = (DuoOIDCIntegration) Constraint.isNotNull(duoOIDCIntegration, "Duo SDK Client requires a non-null Duo Integration");
        try {
            if (list == null) {
                this.client = new Client.Builder(duoOIDCIntegration.getClientId(), duoOIDCIntegration.getSecretKey(), duoOIDCIntegration.getAPIHost(), duoOIDCIntegration.getRedirectURI()).setUseDuoCodeAttribute(false).build();
            } else {
                this.client = new Client.Builder(duoOIDCIntegration.getClientId(), duoOIDCIntegration.getSecretKey(), duoOIDCIntegration.getAPIHost(), duoOIDCIntegration.getRedirectURI()).setCACerts((String[]) list.toArray(new String[list.size()])).setUseDuoCodeAttribute(false).build();
            }
        } catch (DuoException e) {
            throw new DuoClientException(e);
        }
    }

    @Nonnull
    public DuoHealthCheck healthCheck() throws DuoClientException {
        try {
            HealthCheckResponse healthCheck = this.client.healthCheck();
            if (healthCheck == null) {
                throw new DuoClientException("Duo health check response was null");
            }
            return this.healthCheckResponseConverter.apply(healthCheck);
        } catch (DuoException e) {
            throw new DuoClientException(e);
        }
    }

    @Nonnull
    public String createAuthUrl(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2, @Nullable String str3, @Nullable String str4) throws DuoClientException {
        Constraint.isNotEmpty(str, "Username can not be null or empty");
        Constraint.isNotEmpty(str2, "State can not be null or empty");
        try {
            return this.client.createAuthUrl(str, str2);
        } catch (DuoException e) {
            throw new DuoClientException(e);
        }
    }

    @Nonnull
    public JWT exchangeAuthorizationCodeFor2FAResult(@Nonnull String str, @Nonnull String str2, @Nullable String str3) throws DuoClientException {
        Constraint.isNotEmpty(str, "Auth_code can not be null");
        try {
            Token exchangeAuthorizationCodeFor2FAResult = this.client.exchangeAuthorizationCodeFor2FAResult(str, str2);
            if (exchangeAuthorizationCodeFor2FAResult == null) {
                throw new DuoClientException("Duo token was null");
            }
            JWT apply = this.tokenResponseConverter.apply(exchangeAuthorizationCodeFor2FAResult, this.duoIntegration);
            if (apply == null) {
                throw new DuoClientException("Duo token could not be converted to a JWT");
            }
            return apply;
        } catch (DuoException e) {
            throw new DuoClientException(e);
        }
    }

    public boolean isSupportsNonce() {
        return false;
    }
}
