package be.atbash.ee.security.octopus.sso.callback;

import be.atbash.ee.security.octopus.sso.client.OpenIdVariableClientData;
import be.atbash.ee.security.octopus.sso.client.requestor.OctopusUserRequestor;
import be.atbash.ee.security.octopus.sso.core.OctopusRetrievalException;
import be.atbash.ee.security.octopus.sso.core.token.OctopusSSOToken;
import be.atbash.util.exception.AtbashUnexpectedException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponseParser;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:be/atbash/ee/security/octopus/sso/callback/SSOCallbackServletHandler.class */
class SSOCallbackServletHandler {
    private HttpServletRequest httpServletRequest;
    private HttpServletResponse httpServletResponse;
    private CallbackErrorHandler callbackErrorHandler;
    private OpenIdVariableClientData variableClientData;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSOCallbackServletHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OpenIdVariableClientData openIdVariableClientData, CallbackErrorHandler callbackErrorHandler) {
        this.httpServletRequest = httpServletRequest;
        this.httpServletResponse = httpServletResponse;
        this.variableClientData = openIdVariableClientData;
        this.callbackErrorHandler = callbackErrorHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationSuccessResponse getAuthenticationResponse() {
        return verifyRequestStructural(this.httpServletRequest, this.httpServletResponse, this.variableClientData);
    }

    private AuthenticationSuccessResponse verifyRequestStructural(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OpenIdVariableClientData openIdVariableClientData) {
        State findStateFromParameters;
        ErrorObject errorObject = null;
        String queryString = httpServletRequest.getQueryString();
        AuthenticationResponse authenticationResponse = null;
        try {
            authenticationResponse = AuthenticationResponseParser.parse(new URI("?" + queryString));
        } catch (ParseException e) {
            errorObject = new ErrorObject("OCT-SSO-CLIENT-002", e.getMessage());
        } catch (URISyntaxException e2) {
            errorObject = new ErrorObject("OCT-SSO-CLIENT-001", e2.getMessage());
        }
        if (authenticationResponse instanceof AuthenticationErrorResponse) {
            AuthenticationErrorResponse authenticationErrorResponse = (AuthenticationErrorResponse) authenticationResponse;
            errorObject = authenticationErrorResponse.getErrorObject();
            if (errorObject.getCode() == null || errorObject.getDescription() == null) {
                errorObject = errorObject.setDescription(errorObject.getDescription() + " -- AuthenticationErrorResponse for url" + queryString);
            }
            findStateFromParameters = authenticationErrorResponse.getState();
        } else {
            findStateFromParameters = authenticationResponse == null ? findStateFromParameters(queryString) : authenticationResponse.getState();
        }
        if (errorObject == null) {
            errorObject = checkState(openIdVariableClientData, findStateFromParameters);
        }
        if (errorObject == null) {
            return authenticationResponse.toSuccessResponse();
        }
        this.callbackErrorHandler.showErrorMessage(httpServletResponse, errorObject);
        return null;
    }

    private State findStateFromParameters(String str) {
        State state = null;
        Map parseParameters = URLUtils.parseParameters(str);
        if (parseParameters.containsKey("state")) {
            state = State.parse((String) MultivaluedMapUtils.getFirstValue(parseParameters, "state"));
        }
        return state;
    }

    private ErrorObject checkState(OpenIdVariableClientData openIdVariableClientData, State state) {
        ErrorObject errorObject = null;
        if (!openIdVariableClientData.getState().equals(state)) {
            errorObject = new ErrorObject("OCT-SSO-CLIENT-011", "Request has an invalid 'state' value");
        }
        return errorObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BearerAccessToken getAccessTokenFromAuthorizationCode(AuthenticationSuccessResponse authenticationSuccessResponse, ExchangeForAccessCode exchangeForAccessCode) {
        AuthorizationCode authorizationCode = authenticationSuccessResponse.getAuthorizationCode();
        if (authorizationCode != null) {
            return exchangeForAccessCode.doExchange(this.httpServletResponse, this.variableClientData, authorizationCode);
        }
        this.callbackErrorHandler.showErrorMessage(this.httpServletResponse, new ErrorObject("OCT-SSO-CLIENT-013", "Missing Authorization code"));
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OctopusSSOToken retrieveUser(OctopusUserRequestor octopusUserRequestor, BearerAccessToken bearerAccessToken) {
        OctopusSSOToken octopusSSOToken = null;
        try {
            octopusSSOToken = octopusUserRequestor.getOctopusSSOToken(this.variableClientData, bearerAccessToken);
        } catch (JOSEException | URISyntaxException e) {
            throw new AtbashUnexpectedException(e);
        } catch (java.text.ParseException e2) {
            this.callbackErrorHandler.showErrorMessage(this.httpServletResponse, new ErrorObject("OCT-SSO-CLIENT-018", "User Info endpoint response JWT validation failure : " + e2.getMessage()));
        } catch (OctopusRetrievalException e3) {
            this.callbackErrorHandler.showErrorMessage(this.httpServletResponse, e3.getErrorObject());
        } catch (ParseException e4) {
            this.callbackErrorHandler.showErrorMessage(this.httpServletResponse, new ErrorObject("OCT-SSO-CLIENT-017", "User Info endpoint response validation failure : " + e4.getMessage()));
        }
        return octopusSSOToken;
    }
}
