package com.auth0;

import com.auth0.client.auth.AuthAPI;
import com.auth0.exception.Auth0Exception;
import com.auth0.json.auth.TokenHolder;
import com.auth0.json.auth.UserInfo;
import com.auth0.jwk.JwkException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.Validate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/auth0/RequestProcessor.class */
public class RequestProcessor {
    private static final String KEY_SUB = "sub";
    private static final String KEY_STATE = "state";
    private static final String KEY_ERROR = "error";
    private static final String KEY_ERROR_DESCRIPTION = "error_description";
    private static final String KEY_EXPIRES_IN = "expires_in";
    private static final String KEY_ACCESS_TOKEN = "access_token";
    private static final String KEY_ID_TOKEN = "id_token";
    private static final String KEY_REFRESH_TOKEN = "refresh_token";
    private static final String KEY_TOKEN_TYPE = "token_type";
    private static final String KEY_CODE = "code";
    private static final String KEY_TOKEN = "token";
    private static final String KEY_RESPONSE_MODE = "response_mode";
    private static final String KEY_FORM_POST = "form_post";
    final AuthAPI client;
    final String responseType;
    final TokenVerifier verifier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RequestProcessor(AuthAPI authAPI, String str, TokenVerifier tokenVerifier) {
        Validate.notNull(authAPI);
        Validate.notNull(str);
        this.client = authAPI;
        this.responseType = str;
        this.verifier = tokenVerifier;
    }

    List<String> getResponseType() {
        return Arrays.asList(this.responseType.split(" "));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthAPI getClient() {
        return this.client;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeUrl buildAuthorizeUrl(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        AuthorizeUrl withState = new AuthorizeUrl(this.client, httpServletRequest, str, this.responseType).withState(str2);
        List<String> responseType = getResponseType();
        if (responseType.contains(KEY_ID_TOKEN) && str3 != null) {
            withState.withNonce(str3);
        }
        if (responseType.contains(KEY_TOKEN) || responseType.contains(KEY_ID_TOKEN)) {
            withState.withParameter(KEY_RESPONSE_MODE, KEY_FORM_POST);
        }
        return withState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Tokens process(HttpServletRequest httpServletRequest) throws IdentityVerificationException {
        String fetchUserId;
        assertNoError(httpServletRequest);
        assertValidState(httpServletRequest);
        Tokens tokens = tokensFromRequest(httpServletRequest);
        String parameter = httpServletRequest.getParameter(KEY_CODE);
        if (parameter == null && this.verifier == null) {
            throw new InvalidRequestException("a0.missing_authorization_code", "Authorization Code is missing from the request and Implicit Grant is not allowed.");
        }
        if (this.verifier == null) {
            try {
                tokens = mergeTokens(tokens, exchangeCodeForTokens(parameter, httpServletRequest.getRequestURL().toString()));
                fetchUserId = fetchUserId(tokens.getAccessToken());
            } catch (Auth0Exception e) {
                throw new IdentityVerificationException("a0.api_error", "An error occurred while exchanging the Authorization Code for Auth0 Tokens.", e);
            }
        } else if (getResponseType().contains(KEY_ID_TOKEN)) {
            try {
                fetchUserId = this.verifier.verifyNonce(tokens.getIdToken(), RandomStorage.removeSessionNonce(httpServletRequest));
            } catch (JWTVerificationException e2) {
                throw new IdentityVerificationException("a0.invalid_jwt_error", "An error occurred while trying to verify the Id Token.", e2);
            } catch (JwkException e3) {
                throw new IdentityVerificationException("a0.missing_jwt_public_key_error", "An error occurred while trying to verify the Id Token.", e3);
            }
        } else {
            try {
                fetchUserId = fetchUserId(tokens.getAccessToken());
            } catch (Auth0Exception e4) {
                throw new IdentityVerificationException("a0.api_error", "An error occurred while trying to verify the Access Token.", e4);
            }
        }
        if (fetchUserId == null) {
            throw new IdentityVerificationException("An error occurred while trying to verify the user identity: The 'sub' claim contained in the token was null.");
        }
        return tokens;
    }

    private Tokens tokensFromRequest(HttpServletRequest httpServletRequest) {
        return new Tokens(httpServletRequest.getParameter(KEY_ACCESS_TOKEN), httpServletRequest.getParameter(KEY_ID_TOKEN), httpServletRequest.getParameter(KEY_REFRESH_TOKEN), httpServletRequest.getParameter(KEY_TOKEN_TYPE), httpServletRequest.getParameter(KEY_EXPIRES_IN) == null ? null : Long.valueOf(Long.parseLong(httpServletRequest.getParameter(KEY_EXPIRES_IN))));
    }

    private void assertNoError(HttpServletRequest httpServletRequest) throws InvalidRequestException {
        String parameter = httpServletRequest.getParameter(KEY_ERROR);
        if (parameter != null) {
            throw new InvalidRequestException(parameter, httpServletRequest.getParameter(KEY_ERROR_DESCRIPTION));
        }
    }

    private void assertValidState(HttpServletRequest httpServletRequest) throws InvalidRequestException {
        if (!RandomStorage.checkSessionState(httpServletRequest, httpServletRequest.getParameter(KEY_STATE))) {
            throw new InvalidRequestException("a0.invalid_state", "The received state doesn't match the expected one.");
        }
    }

    private Tokens exchangeCodeForTokens(String str, String str2) throws Auth0Exception {
        TokenHolder tokenHolder = (TokenHolder) this.client.exchangeCode(str, str2).execute();
        return new Tokens(tokenHolder.getAccessToken(), tokenHolder.getIdToken(), tokenHolder.getRefreshToken(), tokenHolder.getTokenType(), Long.valueOf(tokenHolder.getExpiresIn()));
    }

    private String fetchUserId(String str) throws Auth0Exception {
        UserInfo userInfo = (UserInfo) this.client.userInfo(str).execute();
        if (userInfo.getValues().containsKey(KEY_SUB)) {
            return (String) userInfo.getValues().get(KEY_SUB);
        }
        return null;
    }

    private Tokens mergeTokens(Tokens tokens, Tokens tokens2) {
        return new Tokens(tokens2.getAccessToken() != null ? tokens2.getAccessToken() : tokens.getAccessToken(), tokens2.getIdToken() != null ? tokens2.getIdToken() : tokens.getIdToken(), tokens2.getRefreshToken() != null ? tokens2.getRefreshToken() : tokens.getRefreshToken(), tokens2.getType() != null ? tokens2.getType() : tokens.getType(), tokens2.getExpiresIn() != null ? tokens2.getExpiresIn() : tokens.getExpiresIn());
    }
}
