package org.apereo.cas.mfa.accepto;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorProperties;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoWebflowUtils;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.HttpUtils;
import org.apereo.cas.web.support.CookieUtils;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/mfa/accepto/AccepttoApiUtils.class */
public final class AccepttoApiUtils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AccepttoApiUtils.class);
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();

    public static String getUserEmailAttribute(Authentication authentication, AccepttoMultifactorProperties accepttoMultifactorProperties) {
        Map attributes = authentication.getPrincipal().getAttributes();
        LOGGER.debug("Current principal attributes are [{}]", attributes);
        return (String) CollectionUtils.firstElement(attributes.get(accepttoMultifactorProperties.getEmailAttribute())).map((v0) -> {
            return v0.toString();
        }).orElseThrow(null);
    }

    public static Map isUserValid(Authentication authentication, AccepttoMultifactorProperties accepttoMultifactorProperties) {
        String str = StringUtils.appendIfMissing(accepttoMultifactorProperties.getApiUrl(), "/", new CharSequence[0]) + "is_user_valid";
        String userEmailAttribute = getUserEmailAttribute(authentication, accepttoMultifactorProperties);
        if (StringUtils.isBlank(userEmailAttribute)) {
            LOGGER.error("Unable to determine email address under attribute [{}]", accepttoMultifactorProperties.getEmailAttribute());
            return new HashMap();
        }
        LOGGER.debug("Principal email address determined from attribute [{}] is [{}]", accepttoMultifactorProperties.getEmailAttribute(), userEmailAttribute);
        HttpResponse httpResponse = null;
        try {
            try {
                httpResponse = HttpUtils.executePost(str, CollectionUtils.wrap("uid", accepttoMultifactorProperties.getApplicationId(), "secret", accepttoMultifactorProperties.getSecret(), "email", userEmailAttribute), new HashMap(0));
                if (httpResponse != null) {
                    int statusCode = httpResponse.getStatusLine().getStatusCode();
                    LOGGER.debug("Response status code is [{}]", Integer.valueOf(statusCode));
                    if (statusCode == 200) {
                        Map map = (Map) MAPPER.readValue(httpResponse.getEntity().getContent(), Map.class);
                        LOGGER.debug("Received API response as [{}]", map);
                        HttpUtils.close(httpResponse);
                        return map;
                    }
                }
                HttpUtils.close(httpResponse);
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), e);
                HttpUtils.close(httpResponse);
            }
            return new HashMap();
        } catch (Throwable th) {
            HttpUtils.close(httpResponse);
            throw th;
        }
    }

    public static Map authenticate(Authentication authentication, AccepttoMultifactorProperties accepttoMultifactorProperties, RequestContext requestContext, PublicKey publicKey) {
        String registrationApiUrl = accepttoMultifactorProperties.getRegistrationApiUrl();
        String userEmailAttribute = getUserEmailAttribute(authentication, accepttoMultifactorProperties);
        String uuid = UUID.randomUUID().toString();
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        LOGGER.debug("Principal email address determined from attribute [{}] is [{}]", accepttoMultifactorProperties.getEmailAttribute(), userEmailAttribute);
        Map wrap = CollectionUtils.wrap("application_uid", accepttoMultifactorProperties.getApplicationId(), "type", "Login", "ip_address", ClientInfoHolder.getClientInfo().getClientIpAddress(), "remote_ip_address", httpServletRequestFromExternalWebflowContext.getRemoteAddr(), "message", accepttoMultifactorProperties.getMessage(), "session_id", uuid, "timeout", Long.valueOf(accepttoMultifactorProperties.getTimeout()), "email", userEmailAttribute);
        CookieUtils.getCookieFromRequest("jwt", httpServletRequestFromExternalWebflowContext).ifPresent(cookie -> {
            wrap.put("jwt", cookie.getValue());
        });
        AccepttoWebflowUtils.getEGuardianUserId(requestContext).ifPresent(str -> {
            wrap.put("eguardian_user_id", str);
        });
        if (WebUtils.getCredential(requestContext) instanceof AccepttoEmailCredential) {
            wrap.put("auth_type", 1);
        }
        LOGGER.debug("Authentication API parameters are assembled as [{}]", wrap);
        try {
            try {
                HttpResponse executePost = HttpUtils.executePost(registrationApiUrl, wrap, CollectionUtils.wrap("Authorization", "Bearer " + buildAuthorizationHeaderPayloadForAuthentication(accepttoMultifactorProperties)));
                if (executePost != null) {
                    LOGGER.debug("Authentication response status code is [{}]", Integer.valueOf(executePost.getStatusLine().getStatusCode()));
                    Map map = (Map) MAPPER.readValue(executePost.getEntity().getContent(), Map.class);
                    LOGGER.trace("Received API response as [{}]", map);
                    if (!map.containsKey("content")) {
                        throw new IllegalArgumentException("Unable to locate content in API response");
                    }
                    String obj = map.get("content").toString();
                    LOGGER.trace("Loading public key from [{}] to validate response", accepttoMultifactorProperties.getRegistrationApiPublicKey().getLocation());
                    LOGGER.trace("Validating response signature for [{}]", obj);
                    byte[] verifyJwsSignature = EncodingUtils.verifyJwsSignature(publicKey, obj);
                    if (verifyJwsSignature != null) {
                        String str2 = new String(verifyJwsSignature, StandardCharsets.UTF_8);
                        LOGGER.debug("Received final API response as [{}]", str2);
                        Map map2 = (Map) MAPPER.readValue(str2, Map.class);
                        HttpUtils.close(executePost);
                        return map2;
                    }
                }
                HttpUtils.close(executePost);
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), e);
                HttpUtils.close((HttpResponse) null);
            }
            return new HashMap();
        } catch (Throwable th) {
            HttpUtils.close((HttpResponse) null);
            throw th;
        }
    }

    private static String buildAuthorizationHeaderPayloadForAuthentication(AccepttoMultifactorProperties accepttoMultifactorProperties) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim("uid", accepttoMultifactorProperties.getOrganizationId());
        jwtClaims.setExpirationTimeMinutesInTheFuture(1.0f);
        String json = jwtClaims.toJson();
        LOGGER.trace("Authorization payload is [{}]", json);
        AesKey aesKey = new AesKey(accepttoMultifactorProperties.getOrganizationSecret().getBytes(StandardCharsets.UTF_8));
        LOGGER.trace("Signing authorization payload...");
        String str = new String(EncodingUtils.signJwsHMACSha256(aesKey, json.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
        LOGGER.trace("Signed authorization payload is [{}]", str);
        return str;
    }

    public static boolean isUserDevicePaired(Authentication authentication, AccepttoMultifactorProperties accepttoMultifactorProperties) {
        Map isUserValid = isUserValid(authentication, accepttoMultifactorProperties);
        if (isUserValid == null || !isUserValid.containsKey("device_paired")) {
            return false;
        }
        return BooleanUtils.toBoolean(isUserValid.get("device_paired").toString());
    }

    public static String generateQRCodeHash(Authentication authentication, AccepttoMultifactorProperties accepttoMultifactorProperties, String str) throws Exception {
        return EncodingUtils.encodeBase64(MAPPER.writeValueAsString(CollectionUtils.wrap("invitation_token", str, "email_address", getUserEmailAttribute(authentication, accepttoMultifactorProperties))));
    }

    public static String decodeInvitationToken(String str) throws Exception {
        return ((Map) MAPPER.readValue(EncodingUtils.decodeBase64(str), Map.class)).get("invitation_token").toString();
    }

    @Generated
    private AccepttoApiUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
