package com.netflix.msl.userauth;

import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslUserAuthException;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.tokens.MslUser;
import com.netflix.msl.tokens.UserIdToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/userauth/UserIdTokenAuthenticationFactory.class */
public class UserIdTokenAuthenticationFactory extends UserAuthenticationFactory {
    private final AuthenticationUtils authutils;

    public UserIdTokenAuthenticationFactory(AuthenticationUtils authenticationUtils) {
        super(UserAuthenticationScheme.USER_ID_TOKEN);
        this.authutils = authenticationUtils;
    }

    @Override // com.netflix.msl.userauth.UserAuthenticationFactory
    public UserAuthenticationData createData(MslContext mslContext, MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslUserAuthException {
        return new UserIdTokenAuthenticationData(mslContext, mslObject);
    }

    @Override // com.netflix.msl.userauth.UserAuthenticationFactory
    public MslUser authenticate(MslContext mslContext, String str, UserAuthenticationData userAuthenticationData, UserIdToken userIdToken) throws MslUserAuthException {
        if (!(userAuthenticationData instanceof UserIdTokenAuthenticationData)) {
            throw new MslInternalException("Incorrect authentication data type " + userAuthenticationData.getClass().getName() + ".");
        }
        UserIdTokenAuthenticationData userIdTokenAuthenticationData = (UserIdTokenAuthenticationData) userAuthenticationData;
        if (!this.authutils.isSchemePermitted(str, getScheme())) {
            throw new MslUserAuthException(MslError.USERAUTH_ENTITY_INCORRECT_DATA, "Authentication scheme " + getScheme() + " not permitted for entity " + str + ".").setUserAuthenticationData(userAuthenticationData);
        }
        MasterToken masterToken = userIdTokenAuthenticationData.getMasterToken();
        String identity = masterToken.getIdentity();
        if (identity == null) {
            throw new MslUserAuthException(MslError.USERAUTH_MASTERTOKEN_NOT_DECRYPTED).setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
        }
        if (!str.equals(identity)) {
            throw new MslUserAuthException(MslError.USERAUTH_ENTITY_MISMATCH, "entity identity " + str + "; uad identity " + identity).setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
        }
        UserIdToken userIdToken2 = userIdTokenAuthenticationData.getUserIdToken();
        MslUser user = userIdToken2.getUser();
        if (user == null) {
            throw new MslUserAuthException(MslError.USERAUTH_USERIDTOKEN_NOT_DECRYPTED).setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
        }
        if (!this.authutils.isSchemePermitted(str, user, getScheme())) {
            throw new MslUserAuthException(MslError.USERAUTH_ENTITYUSER_INCORRECT_DATA, "Authentication scheme " + getScheme() + " not permitted for entity " + str + ".").setUserAuthenticationData(userAuthenticationData);
        }
        try {
            MslError isUserIdTokenRevoked = mslContext.getTokenFactory().isUserIdTokenRevoked(mslContext, masterToken, userIdToken2);
            if (isUserIdTokenRevoked != null) {
                throw new MslUserAuthException(isUserIdTokenRevoked, "User ID token used to authenticate was revoked.").setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
            }
            if (userIdToken != null) {
                MslUser user2 = userIdToken.getUser();
                if (!user.equals(user2)) {
                    throw new MslUserAuthException(MslError.USERIDTOKEN_USERAUTH_DATA_MISMATCH, "uad user " + user + "; uit user " + user2).setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
                }
            }
            return user;
        } catch (MslException e) {
            throw new MslUserAuthException(MslError.USERAUTH_USERIDTOKEN_REVOKE_CHECK_ERROR, "Error while checking user ID token for revocation.", e).setUserAuthenticationData((UserAuthenticationData) userIdTokenAuthenticationData);
        }
    }
}
