package com.auth0;

import com.auth0.IdTokenVerifier;
import com.auth0.client.auth.AuthAPI;
import com.auth0.exception.Auth0Exception;
import com.auth0.json.auth.TokenHolder;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.Validate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/auth0/RequestProcessor.class */
public class RequestProcessor {
    private static final String KEY_STATE = "state";
    private static final String KEY_ERROR = "error";
    private static final String KEY_ERROR_DESCRIPTION = "error_description";
    private static final String KEY_EXPIRES_IN = "expires_in";
    private static final String KEY_ACCESS_TOKEN = "access_token";
    private static final String KEY_ID_TOKEN = "id_token";
    private static final String KEY_TOKEN_TYPE = "token_type";
    private static final String KEY_CODE = "code";
    private static final String KEY_TOKEN = "token";
    private static final String KEY_RESPONSE_MODE = "response_mode";
    private static final String KEY_FORM_POST = "form_post";
    private static final String KEY_MAX_AGE = "max_age";
    final IdTokenVerifier.Options verifyOptions;
    final boolean useLegacySameSiteCookie;
    private final String responseType;
    private final AuthAPI client;
    private final IdTokenVerifier tokenVerifier;
    private final String organization;
    private final String invitation;
    private final String cookiePath;

    /* loaded from: input_file:com/auth0/RequestProcessor$Builder.class */
    static class Builder {
        private final AuthAPI client;
        private final String responseType;
        private final IdTokenVerifier.Options verifyOptions;
        private boolean useLegacySameSiteCookie = true;
        private IdTokenVerifier tokenVerifier;
        private String organization;
        private String invitation;
        private String cookiePath;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder(AuthAPI authAPI, String str, IdTokenVerifier.Options options) {
            Validate.notNull(authAPI);
            Validate.notNull(str);
            Validate.notNull(options);
            this.client = authAPI;
            this.responseType = str;
            this.verifyOptions = options;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder withCookiePath(String str) {
            this.cookiePath = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder withLegacySameSiteCookie(boolean z) {
            this.useLegacySameSiteCookie = z;
            return this;
        }

        Builder withIdTokenVerifier(IdTokenVerifier idTokenVerifier) {
            this.tokenVerifier = idTokenVerifier;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder withOrganization(String str) {
            this.organization = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder withInvitation(String str) {
            this.invitation = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public RequestProcessor build() {
            return new RequestProcessor(this.client, this.responseType, this.verifyOptions, this.tokenVerifier == null ? new IdTokenVerifier() : this.tokenVerifier, this.useLegacySameSiteCookie, this.organization, this.invitation, this.cookiePath);
        }
    }

    private RequestProcessor(AuthAPI authAPI, String str, IdTokenVerifier.Options options, IdTokenVerifier idTokenVerifier, boolean z, String str2, String str3, String str4) {
        Validate.notNull(authAPI);
        Validate.notNull(str);
        Validate.notNull(options);
        this.client = authAPI;
        this.responseType = str;
        this.verifyOptions = options;
        this.tokenVerifier = idTokenVerifier;
        this.useLegacySameSiteCookie = z;
        this.organization = str2;
        this.invitation = str3;
        this.cookiePath = str4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthAPI getClient() {
        return this.client;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeUrl buildAuthorizeUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) {
        AuthorizeUrl withState = new AuthorizeUrl(this.client, httpServletRequest, httpServletResponse, str, this.responseType).withState(str2);
        if (this.organization != null) {
            withState.withOrganization(this.organization);
        }
        if (this.invitation != null) {
            withState.withInvitation(this.invitation);
        }
        if (this.cookiePath != null) {
            withState.withCookiePath(this.cookiePath);
        }
        if (httpServletResponse != null) {
            withState.withLegacySameSiteCookie(this.useLegacySameSiteCookie);
        }
        return getAuthorizeUrl(str3, withState);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Tokens process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IdentityVerificationException {
        String removeSessionNonce;
        assertNoError(httpServletRequest);
        assertValidState(httpServletRequest, httpServletResponse);
        Tokens frontChannelTokens = getFrontChannelTokens(httpServletRequest);
        List<String> responseType = getResponseType();
        if (responseType.contains(KEY_ID_TOKEN) && frontChannelTokens.getIdToken() == null) {
            throw new InvalidRequestException("a0.missing_id_token", "ID Token is missing from the response.");
        }
        if (responseType.contains(KEY_TOKEN) && frontChannelTokens.getAccessToken() == null) {
            throw new InvalidRequestException("a0.missing_access_token", "Access Token is missing from the response.");
        }
        if (httpServletResponse != null) {
            removeSessionNonce = TransientCookieStore.getNonce(httpServletRequest, httpServletResponse);
            if (removeSessionNonce == null) {
                removeSessionNonce = RandomStorage.removeSessionNonce(httpServletRequest);
            }
        } else {
            removeSessionNonce = RandomStorage.removeSessionNonce(httpServletRequest);
        }
        this.verifyOptions.setNonce(removeSessionNonce);
        return getVerifiedTokens(httpServletRequest, frontChannelTokens, responseType);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean requiresFormPostResponseMode(List<String> list) {
        return list != null && (list.contains(KEY_TOKEN) || list.contains(KEY_ID_TOKEN));
    }

    private Tokens getVerifiedTokens(HttpServletRequest httpServletRequest, Tokens tokens, List<String> list) throws IdentityVerificationException {
        String idToken;
        String parameter = httpServletRequest.getParameter(KEY_CODE);
        Tokens tokens2 = null;
        try {
            if (list.contains(KEY_ID_TOKEN)) {
                this.tokenVerifier.verify(tokens.getIdToken(), this.verifyOptions);
            }
            if (list.contains(KEY_CODE)) {
                tokens2 = exchangeCodeForTokens(parameter, httpServletRequest.getRequestURL().toString());
                if (!list.contains(KEY_ID_TOKEN) && (idToken = tokens2.getIdToken()) != null) {
                    this.tokenVerifier.verify(idToken, this.verifyOptions);
                }
            }
            return mergeTokens(tokens, tokens2);
        } catch (Auth0Exception e) {
            throw new IdentityVerificationException("a0.api_error", "An error occurred while exchanging the authorization code.", e);
        } catch (TokenValidationException e2) {
            throw new IdentityVerificationException("a0.invalid_jwt_error", "An error occurred while trying to verify the ID Token.", e2);
        }
    }

    List<String> getResponseType() {
        return Arrays.asList(this.responseType.split(" "));
    }

    private AuthorizeUrl getAuthorizeUrl(String str, AuthorizeUrl authorizeUrl) {
        List<String> responseType = getResponseType();
        if (responseType.contains(KEY_ID_TOKEN) && str != null) {
            authorizeUrl.withNonce(str);
        }
        if (requiresFormPostResponseMode(responseType)) {
            authorizeUrl.withParameter(KEY_RESPONSE_MODE, KEY_FORM_POST);
        }
        if (this.verifyOptions.getMaxAge() != null) {
            authorizeUrl.withParameter(KEY_MAX_AGE, this.verifyOptions.getMaxAge().toString());
        }
        return authorizeUrl;
    }

    private Tokens getFrontChannelTokens(HttpServletRequest httpServletRequest) {
        return new Tokens(httpServletRequest.getParameter(KEY_ACCESS_TOKEN), httpServletRequest.getParameter(KEY_ID_TOKEN), null, httpServletRequest.getParameter(KEY_TOKEN_TYPE), httpServletRequest.getParameter(KEY_EXPIRES_IN) == null ? null : Long.valueOf(Long.parseLong(httpServletRequest.getParameter(KEY_EXPIRES_IN))));
    }

    private void assertNoError(HttpServletRequest httpServletRequest) throws InvalidRequestException {
        String parameter = httpServletRequest.getParameter(KEY_ERROR);
        if (parameter != null) {
            throw new InvalidRequestException(parameter, httpServletRequest.getParameter(KEY_ERROR_DESCRIPTION));
        }
    }

    private void assertValidState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidRequestException {
        String parameter = httpServletRequest.getParameter(KEY_STATE);
        if (httpServletResponse == null) {
            checkSessionState(httpServletRequest, parameter);
            return;
        }
        String state = TransientCookieStore.getState(httpServletRequest, httpServletResponse);
        if (state == null) {
            checkSessionState(httpServletRequest, parameter);
        } else if (!state.equals(parameter)) {
            throw new InvalidRequestException("a0.invalid_state", "The received state doesn't match the expected one.");
        }
    }

    private void checkSessionState(HttpServletRequest httpServletRequest, String str) throws InvalidRequestException {
        if (!RandomStorage.checkSessionState(httpServletRequest, str)) {
            throw new InvalidRequestException("a0.invalid_state", "The received state doesn't match the expected one.");
        }
    }

    private Tokens exchangeCodeForTokens(String str, String str2) throws Auth0Exception {
        TokenHolder tokenHolder = (TokenHolder) this.client.exchangeCode(str, str2).execute();
        return new Tokens(tokenHolder.getAccessToken(), tokenHolder.getIdToken(), tokenHolder.getRefreshToken(), tokenHolder.getTokenType(), Long.valueOf(tokenHolder.getExpiresIn()));
    }

    private Tokens mergeTokens(Tokens tokens, Tokens tokens2) {
        String accessToken;
        String type;
        Long expiresIn;
        if (tokens2 == null) {
            return tokens;
        }
        if (tokens2.getAccessToken() != null) {
            accessToken = tokens2.getAccessToken();
            type = tokens2.getType();
            expiresIn = tokens2.getExpiresIn();
        } else {
            accessToken = tokens.getAccessToken();
            type = tokens.getType();
            expiresIn = tokens.getExpiresIn();
        }
        return new Tokens(accessToken, tokens.getIdToken() != null ? tokens.getIdToken() : tokens2.getIdToken(), tokens2.getRefreshToken(), type, expiresIn);
    }
}
