package com.stormpath.sdk.impl.saml;

import com.stormpath.sdk.api.ApiKey;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.error.Error;
import com.stormpath.sdk.error.jwt.InvalidJwtException;
import com.stormpath.sdk.http.HttpMethod;
import com.stormpath.sdk.http.HttpRequest;
import com.stormpath.sdk.idsite.AccountResult;
import com.stormpath.sdk.idsite.NonceStore;
import com.stormpath.sdk.impl.account.DefaultAccountResult;
import com.stormpath.sdk.impl.account.DefaultAuthenticationResult;
import com.stormpath.sdk.impl.account.DefaultLogoutResult;
import com.stormpath.sdk.impl.authc.HttpServletRequestWrapper;
import com.stormpath.sdk.impl.ds.DefaultDataStore;
import com.stormpath.sdk.impl.ds.InternalDataStore;
import com.stormpath.sdk.impl.error.DefaultError;
import com.stormpath.sdk.impl.http.HttpHeaders;
import com.stormpath.sdk.impl.idsite.DefaultNonceStore;
import com.stormpath.sdk.impl.idsite.IdSiteClaims;
import com.stormpath.sdk.impl.jwt.JwtHeaderParameters;
import com.stormpath.sdk.impl.jwt.JwtSignatureValidator;
import com.stormpath.sdk.impl.jwt.JwtWrapper;
import com.stormpath.sdk.impl.resource.AbstractResource;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Classes;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.saml.SamlCallbackHandler;
import com.stormpath.sdk.saml.SamlResultListener;
import com.stormpath.sdk.saml.SamlRuntimeException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/stormpath/sdk/impl/saml/DefaultSamlCallbackHandler.class */
public class DefaultSamlCallbackHandler implements SamlCallbackHandler {
    private static final String HTTP_SERVLET_REQUEST_FQCN = "javax.servlet.http.HttpServletRequest";
    private static final String HTTP_SERVLET_REQUEST_WRAPPER_FQCN = "com.stormpath.sdk.impl.authc.DefaultHttpServletRequestWrapper";
    private static final Class<? extends HttpServletRequestWrapper> HTTP_SERVLET_REQUEST_WRAPPER_CLASS;
    private final InternalDataStore dataStore;
    private final Application application;
    private final String jwtResponse;
    private NonceStore nonceStore;
    private List<SamlResultListener> resultListeners = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.stormpath.sdk.impl.saml.DefaultSamlCallbackHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/stormpath/sdk/impl/saml/DefaultSamlCallbackHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$stormpath$sdk$impl$saml$SamlResultStatus = new int[SamlResultStatus.values().length];

        static {
            try {
                $SwitchMap$com$stormpath$sdk$impl$saml$SamlResultStatus[SamlResultStatus.AUTHENTICATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$stormpath$sdk$impl$saml$SamlResultStatus[SamlResultStatus.LOGOUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public DefaultSamlCallbackHandler(InternalDataStore internalDataStore, Application application, Object obj) {
        Assert.notNull(internalDataStore, "datastore cannot be null or empty.");
        Assert.notNull(application, "application cannot be null.");
        Assert.notNull(obj, "httpRequest cannot be null.");
        this.dataStore = internalDataStore;
        this.application = application;
        this.jwtResponse = getJwtResponse(obj);
        this.nonceStore = new DefaultNonceStore(internalDataStore.getCacheResolver());
    }

    public SamlCallbackHandler setNonceStore(NonceStore nonceStore) {
        Assert.notNull(nonceStore);
        this.nonceStore = nonceStore;
        return this;
    }

    public AccountResult getAccountResult() {
        JwtWrapper jwtWrapper = new JwtWrapper(this.jwtResponse);
        Map jsonPayloadAsMap = jwtWrapper.getJsonPayloadAsMap();
        Map jsonHeaderAsMap = jwtWrapper.getJsonHeaderAsMap();
        getJwtSignatureValidator((String) getRequiredValue(jsonHeaderAsMap, JwtHeaderParameters.KEY_ID)).validate(jwtWrapper);
        verifyJwtIsNotExpired(((Number) getRequiredValue(jsonPayloadAsMap, "exp")).longValue());
        if (isError(jsonPayloadAsMap)) {
            throw new SamlRuntimeException(constructError(jsonPayloadAsMap, jsonHeaderAsMap));
        }
        String str = (String) getRequiredValue(jsonPayloadAsMap, IdSiteClaims.RESPONSE_ID);
        if (this.nonceStore.hasNonce(str)) {
            throw new InvalidJwtException("JWT has already been used.");
        }
        this.nonceStore.putNonce(str);
        String str2 = (String) getOptionalValue(jsonPayloadAsMap, "sub");
        boolean hasText = Strings.hasText(str2);
        SamlResultStatus valueOf = SamlResultStatus.valueOf((String) getRequiredValue(jsonPayloadAsMap, IdSiteClaims.STATUS));
        if (!hasText && !SamlResultStatus.LOGOUT.equals(valueOf)) {
            throw new InvalidJwtException("Required jwtResponse parameter is missing.");
        }
        Object obj = (Boolean) getRequiredValue(jsonPayloadAsMap, IdSiteClaims.IS_NEW_SUBJECT);
        Object obj2 = (String) getOptionalValue(jsonPayloadAsMap, IdSiteClaims.STATE);
        Map<String, Object> linkedHashMap = new LinkedHashMap<>();
        linkedHashMap.put(DefaultAccountResult.NEW_ACCOUNT.getName(), obj);
        linkedHashMap.put(DefaultAccountResult.STATE.getName(), obj2);
        if (hasText) {
            HashMap hashMap = new HashMap();
            hashMap.put(AbstractResource.HREF_PROP_NAME, str2);
            linkedHashMap.put(DefaultAccountResult.ACCOUNT.getName(), hashMap);
        }
        DefaultAccountResult defaultAccountResult = new DefaultAccountResult(this.dataStore, linkedHashMap);
        if (this.resultListeners.size() > 0) {
            dispatchResponseStatus(valueOf, linkedHashMap);
        }
        return defaultAccountResult;
    }

    public SamlCallbackHandler setResultListener(SamlResultListener samlResultListener) {
        if (samlResultListener == null) {
            return this;
        }
        this.resultListeners = new ArrayList();
        return addResultListener(samlResultListener);
    }

    public SamlCallbackHandler addResultListener(SamlResultListener samlResultListener) {
        if (samlResultListener != null) {
            this.resultListeners.add(samlResultListener);
        }
        return this;
    }

    private String getJwtResponse(Object obj) {
        String parameter;
        if (HttpRequest.class.isAssignableFrom(obj.getClass())) {
            HttpRequest httpRequest = (HttpRequest) obj;
            Assert.isTrue(httpRequest.getMethod() == HttpMethod.GET, "Only Http GET method is supported.");
            parameter = httpRequest.getParameter(IdSiteClaims.JWT_RESPONSE);
        } else {
            if (HTTP_SERVLET_REQUEST_WRAPPER_CLASS == null) {
                throw new RuntimeException("DefaultHttpServletRequestWrapper not loaded error occurred while handling httpRequest of type: " + obj.getClass().getName());
            }
            HttpServletRequestWrapper httpServletRequestWrapper = (HttpServletRequestWrapper) Classes.instantiate(Classes.getConstructor(HTTP_SERVLET_REQUEST_WRAPPER_CLASS, new Class[]{Object.class}), new Object[]{obj});
            Assert.isTrue(HttpMethod.GET == HttpMethod.fromName(httpServletRequestWrapper.getMethod()), "Only Http GET method is supported.");
            parameter = httpServletRequestWrapper.getParameter(IdSiteClaims.JWT_RESPONSE);
        }
        if (Strings.hasText(parameter)) {
            return parameter;
        }
        throw new InvalidJwtException("JWT parameter is required..");
    }

    private void verifyJwtIsNotExpired(long j) {
        if (System.currentTimeMillis() / 1000 > j) {
            throw new InvalidJwtException("JWT has already expired.");
        }
    }

    private JwtSignatureValidator getJwtSignatureValidator(String str) {
        ApiKey apiKey = this.dataStore.getApiKey();
        if (apiKey.getId().equals(str)) {
            return new JwtSignatureValidator(apiKey);
        }
        throw new InvalidJwtException("The client used to sign the jwrResponse is different than the one used in this datasore.");
    }

    private <T> T getRequiredValue(Map map, String str) {
        T t = (T) map.get(str);
        if (t == null) {
            throw new InvalidJwtException("Required jwtResponse parameter is missing.");
        }
        return t;
    }

    private <T> T getOptionalValue(Map map, String str) {
        T t = (T) map.get(str);
        if (t == null) {
            return null;
        }
        return t;
    }

    private void dispatchResponseStatus(SamlResultStatus samlResultStatus, Map<String, Object> map) {
        switch (AnonymousClass1.$SwitchMap$com$stormpath$sdk$impl$saml$SamlResultStatus[samlResultStatus.ordinal()]) {
            case DefaultDataStore.DEFAULT_API_VERSION /* 1 */:
                Iterator<SamlResultListener> it = this.resultListeners.iterator();
                while (it.hasNext()) {
                    it.next().onAuthenticated(new DefaultAuthenticationResult(this.dataStore, map));
                }
                return;
            case 2:
                Iterator<SamlResultListener> it2 = this.resultListeners.iterator();
                while (it2.hasNext()) {
                    it2.next().onLogout(new DefaultLogoutResult(this.dataStore, map));
                }
                return;
            default:
                throw new IllegalArgumentException("Encountered unknown IdSite result status: " + samlResultStatus);
        }
    }

    private Error constructError(Map map, Map map2) {
        Map map3 = (Map) getRequiredValue(map, IdSiteClaims.ERROR);
        if (map2.containsKey(HttpHeaders.STORMPATH_REQUEST_ID)) {
            map3.put(HttpHeaders.STORMPATH_REQUEST_ID, map2.get(HttpHeaders.STORMPATH_REQUEST_ID));
        }
        return new DefaultError(map3);
    }

    private boolean isError(Map map) {
        Assert.notNull(map, "jsonMap cannot be null.");
        return getOptionalValue(map, IdSiteClaims.ERROR) != null;
    }

    static {
        if (Classes.isAvailable(HTTP_SERVLET_REQUEST_FQCN)) {
            HTTP_SERVLET_REQUEST_WRAPPER_CLASS = Classes.forName(HTTP_SERVLET_REQUEST_WRAPPER_FQCN);
        } else {
            HTTP_SERVLET_REQUEST_WRAPPER_CLASS = null;
        }
    }
}
