package com.oneidentity.safeguard.safeguardjava.authentication;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.oneidentity.safeguard.safeguardjava.Utils;
import com.oneidentity.safeguard.safeguardjava.data.AccessTokenBody;
import com.oneidentity.safeguard.safeguardjava.data.JsonBody;
import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
import com.oneidentity.safeguard.safeguardjava.restclient.RestClient;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import org.apache.http.HttpHeaders;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.utils.URLEncodedUtils;

/* loaded from: input_file:com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase.class */
abstract class AuthenticatorBase implements IAuthenticationMechanism {
    private boolean disposed;
    private final String networkAddress;
    private final int apiVersion;
    private final boolean ignoreSsl;
    private final HostnameVerifier validationCallback;
    protected char[] accessToken;
    protected final String safeguardRstsUrl;
    protected final String safeguardCoreUrl;
    protected RestClient rstsClient;
    protected RestClient coreClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/oneidentity/safeguard/safeguardjava/authentication/AuthenticatorBase$Provider.class */
    public class Provider {
        private String Id;
        private String DisplayName;

        public Provider(String str, String str2) {
            this.Id = str;
            this.DisplayName = str2;
        }

        public String getId() {
            return this.Id;
        }

        public String getDisplayName() {
            return this.DisplayName;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticatorBase(String str, int i, boolean z, HostnameVerifier hostnameVerifier) {
        this.networkAddress = str;
        this.apiVersion = i;
        this.ignoreSsl = z;
        this.validationCallback = hostnameVerifier;
        this.safeguardRstsUrl = String.format("https://%s/RSTS", this.networkAddress);
        this.rstsClient = new RestClient(this.safeguardRstsUrl, z, hostnameVerifier);
        this.safeguardCoreUrl = String.format("https://%s/service/core/v%d", this.networkAddress, Integer.valueOf(this.apiVersion));
        this.coreClient = new RestClient(this.safeguardCoreUrl, z, hostnameVerifier);
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public abstract String getId();

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public String getNetworkAddress() {
        return this.networkAddress;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public int getApiVersion() {
        return this.apiVersion;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public boolean isIgnoreSsl() {
        return this.ignoreSsl;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public HostnameVerifier getValidationCallback() {
        return this.validationCallback;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public boolean isAnonymous() {
        return false;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public boolean hasAccessToken() {
        return this.accessToken != null;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public void clearAccessToken() {
        if (this.accessToken != null) {
            Arrays.fill(this.accessToken, '0');
        }
        this.accessToken = null;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public char[] getAccessToken() throws ObjectDisposedException {
        if (this.disposed) {
            throw new ObjectDisposedException("AuthenticatorBase");
        }
        return this.accessToken;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public int getAccessTokenLifetimeRemaining() throws ObjectDisposedException, SafeguardForJavaException {
        if (this.disposed) {
            throw new ObjectDisposedException("AuthenticatorBase");
        }
        if (!hasAccessToken()) {
            return 0;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("Bearer %s", new String(this.accessToken)));
        hashMap.put("X-TokenLifetimeRemaining", "");
        CloseableHttpResponse execGET = this.coreClient.execGET("LoginMessage", null, hashMap, null);
        if (execGET == null) {
            throw new SafeguardForJavaException(String.format("Unable to connect to web service %s", this.coreClient.getBaseURL()));
        }
        if (!Utils.isSuccessful(execGET.getStatusLine().getStatusCode())) {
            return 0;
        }
        String str = null;
        if (execGET.containsHeader("X-TokenLifetimeRemaining")) {
            str = execGET.getFirstHeader("X-TokenLifetimeRemaining").getValue();
        }
        int i = 10;
        if (str != null) {
            try {
                i = Integer.parseInt(str);
            } catch (Exception e) {
            }
        }
        return i;
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public void refreshAccessToken() throws ObjectDisposedException, SafeguardForJavaException {
        if (this.disposed) {
            throw new ObjectDisposedException("AuthenticatorBase");
        }
        CloseableHttpResponse execPOST = this.coreClient.execPOST("Token/LoginResponse", null, null, null, new AccessTokenBody(getRstsTokenInternal()));
        if (execPOST == null) {
            throw new SafeguardForJavaException(String.format("Unable to connect to web service %s", this.coreClient.getBaseURL()));
        }
        String response = Utils.getResponse(execPOST);
        if (!Utils.isSuccessful(execPOST.getStatusLine().getStatusCode())) {
            throw new SafeguardForJavaException("Error exchanging RSTS token from " + getId() + "authenticator for Safeguard API access token, Error: " + String.format("%d %s", Integer.valueOf(execPOST.getStatusLine().getStatusCode()), response));
        }
        Map<String, String> parseResponse = Utils.parseResponse(response);
        if (parseResponse.containsKey("UserToken")) {
            this.accessToken = parseResponse.get("UserToken").toCharArray();
        }
    }

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public String resolveProviderToScope(String str) throws SafeguardForJavaException {
        try {
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            hashMap.clear();
            hashMap2.clear();
            hashMap.put(HttpHeaders.ACCEPT, "application/json");
            hashMap.put("Content-Type", URLEncodedUtils.CONTENT_TYPE);
            hashMap2.put("response_type", "token");
            hashMap2.put("redirect_uri", "urn:InstalledApplication");
            hashMap2.put("loginRequestStep", "1");
            CloseableHttpResponse execPOST = this.rstsClient.execPOST("UserLogin/LoginController", hashMap2, hashMap, null, new JsonBody("RelayState="));
            if (execPOST == null || !Utils.isSuccessful(execPOST.getStatusLine().getStatusCode())) {
                execPOST = this.rstsClient.execGET("UserLogin/LoginController", hashMap2, hashMap, null);
            }
            if (execPOST == null) {
                throw new SafeguardForJavaException("Unable to connect to RSTS to find identity provider scopes");
            }
            String response = Utils.getResponse(execPOST);
            if (!Utils.isSuccessful(execPOST.getStatusLine().getStatusCode())) {
                throw new SafeguardForJavaException("Error requesting identity provider scopes from RSTS, Error: " + String.format("%d %s", Integer.valueOf(execPOST.getStatusLine().getStatusCode()), response));
            }
            List<Provider> parseLoginResponse = parseLoginResponse(response);
            Provider matchingScope = getMatchingScope(str, parseLoginResponse);
            if (matchingScope != null) {
                return String.format("rsts:sts:primaryproviderid:%s", matchingScope.Id);
            }
            StringBuilder sb = new StringBuilder();
            parseLoginResponse.forEach(provider -> {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(provider.DisplayName + ", " + provider.Id);
            });
            throw new SafeguardForJavaException(String.format("Unable to find scope matching '%s' in [%s]", str, sb.toString()));
        } catch (SafeguardForJavaException e) {
            throw e;
        } catch (Exception e2) {
            throw new SafeguardForJavaException("Unable to connect to determine identity provider", e2);
        }
    }

    protected abstract char[] getRstsTokenInternal() throws ObjectDisposedException, SafeguardForJavaException;

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public abstract Object cloneObject() throws SafeguardForJavaException;

    @Override // com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism
    public void dispose() {
        clearAccessToken();
        this.disposed = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finalize() throws Throwable {
        try {
            if (this.accessToken != null) {
                Arrays.fill(this.accessToken, '0');
            }
        } finally {
            this.disposed = true;
            super.finalize();
        }
    }

    private List<Provider> parseLoginResponse(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<JsonNode> elements = new ObjectMapper().readTree(str).get("Providers").elements();
            while (elements.hasNext()) {
                JsonNode next = elements.next();
                arrayList.add(new Provider(getJsonValue(next, "Id"), getJsonValue(next, "DisplayName")));
            }
        } catch (IOException e) {
            Logger.getLogger(Utils.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
        }
        return arrayList;
    }

    private Provider getMatchingScope(String str, List<Provider> list) {
        for (Provider provider : list) {
            if (provider.DisplayName.equalsIgnoreCase(str) || provider.Id.equalsIgnoreCase(str)) {
                return provider;
            }
        }
        return null;
    }

    private String getJsonValue(JsonNode jsonNode, String str) {
        if (jsonNode.get(str) != null) {
            return jsonNode.get(str).asText();
        }
        return null;
    }
}
