package org.forgerock.openam.sts.token.provider;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.openam.sts.AMSTSConstants;
import org.forgerock.openam.sts.HttpURLConnectionWrapper;
import org.forgerock.openam.sts.HttpURLConnectionWrapperFactory;
import org.forgerock.openam.sts.TokenCancellationException;
import org.forgerock.openam.sts.TokenCreationException;
import org.forgerock.openam.sts.TokenType;
import org.forgerock.openam.sts.TokenValidationException;
import org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState;
import org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState;
import org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState;
import org.forgerock.openam.sts.token.SAML2SubjectConfirmation;
import org.forgerock.openam.sts.token.UrlConstituentCatenator;
import org.forgerock.openam.sts.user.invocation.ProofTokenState;

/* loaded from: input_file:org/forgerock/openam/sts/token/provider/TokenServiceConsumerImpl.class */
public class TokenServiceConsumerImpl implements TokenServiceConsumer {
    private static final String COOKIE = "Cookie";
    private static final ProofTokenState NULL_PROOF_TOKEN_STATE = null;
    private static final String DELETE = "DELETE";
    private final AMSTSConstants.STSType stsType;
    private final String tokenServiceEndpoint;
    private final String crestVersionTokenGenService;
    private final HttpURLConnectionWrapperFactory httpURLConnectionWrapperFactory;
    private final String amSessionCookieName;
    private final UrlConstituentCatenator urlConstituentCatenator;
    static Method createInstance;

    @Inject
    TokenServiceConsumerImpl(AMSTSConstants.STSType sTSType, UrlConstituentCatenator urlConstituentCatenator, @Named("am_deployment_url") String str, @Named("am_rest_token_gen_service") String str2, @Named("crest_version_token_gen_service") String str3, HttpURLConnectionWrapperFactory httpURLConnectionWrapperFactory, @Named("am_session_cookie_name") String str4) {
        this.stsType = sTSType;
        this.urlConstituentCatenator = urlConstituentCatenator;
        this.tokenServiceEndpoint = urlConstituentCatenator.catenateUrlConstituents(new String[]{str, str2});
        this.crestVersionTokenGenService = str3;
        this.httpURLConnectionWrapperFactory = httpURLConnectionWrapperFactory;
        this.amSessionCookieName = str4;
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public String getSAML2BearerAssertion(String str, String str2, String str3, String str4, String str5) throws TokenCreationException {
        TokenGenerationServiceInvocationState.TokenGenerationServiceInvocationStateBuilder buildCommonTokenGenerationInvocationState = buildCommonTokenGenerationInvocationState(TokenType.SAML2, str2, str3, str);
        buildCommonTokenGenerationInvocationState.saml2GenerationState(buildSaml2TokenGenerationState(str4, SAML2SubjectConfirmation.BEARER, NULL_PROOF_TOKEN_STATE));
        return invokeTokenCreation(buildCommonTokenGenerationInvocationState.build().toJson().toString(), str5);
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public String getSAML2SenderVouchesAssertion(String str, String str2, String str3, String str4, String str5) throws TokenCreationException {
        TokenGenerationServiceInvocationState.TokenGenerationServiceInvocationStateBuilder buildCommonTokenGenerationInvocationState = buildCommonTokenGenerationInvocationState(TokenType.SAML2, str2, str3, str);
        buildCommonTokenGenerationInvocationState.saml2GenerationState(buildSaml2TokenGenerationState(str4, SAML2SubjectConfirmation.SENDER_VOUCHES, NULL_PROOF_TOKEN_STATE));
        return invokeTokenCreation(buildCommonTokenGenerationInvocationState.build().toJson().toString(), str5);
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public String getSAML2HolderOfKeyAssertion(String str, String str2, String str3, String str4, ProofTokenState proofTokenState, String str5) throws TokenCreationException {
        TokenGenerationServiceInvocationState.TokenGenerationServiceInvocationStateBuilder buildCommonTokenGenerationInvocationState = buildCommonTokenGenerationInvocationState(TokenType.SAML2, str2, str3, str);
        buildCommonTokenGenerationInvocationState.saml2GenerationState(buildSaml2TokenGenerationState(str4, SAML2SubjectConfirmation.HOLDER_OF_KEY, proofTokenState));
        return invokeTokenCreation(buildCommonTokenGenerationInvocationState.build().toJson().toString(), str5);
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public String getOpenIdConnectToken(String str, String str2, String str3, String str4, Set<String> set, long j, String str5, String str6) throws TokenCreationException {
        TokenGenerationServiceInvocationState.TokenGenerationServiceInvocationStateBuilder buildCommonTokenGenerationInvocationState = buildCommonTokenGenerationInvocationState(TokenType.OPENIDCONNECT, str2, str3, str);
        buildCommonTokenGenerationInvocationState.openIdConnectTokenGenerationState(buildOpenIdConectTokenGenerationState(str4, set, j, str5));
        return invokeTokenCreation(buildCommonTokenGenerationInvocationState.build().toJson().toString(), str6);
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public boolean validateToken(String str, String str2) throws TokenValidationException {
        return isTokenPresent(str, str2);
    }

    @Override // org.forgerock.openam.sts.token.provider.TokenServiceConsumer
    public void cancelToken(String str, String str2) throws TokenCancellationException {
        invokeTokenCancellation(str, str2);
    }

    private TokenGenerationServiceInvocationState.TokenGenerationServiceInvocationStateBuilder buildCommonTokenGenerationInvocationState(TokenType tokenType, String str, String str2, String str3) {
        return TokenGenerationServiceInvocationState.builder().tokenType(tokenType).stsType(this.stsType).stsInstanceId(str).realm(str2).ssoTokenString(str3);
    }

    private SAML2TokenGenerationState buildSaml2TokenGenerationState(String str, SAML2SubjectConfirmation sAML2SubjectConfirmation, ProofTokenState proofTokenState) {
        return SAML2TokenGenerationState.builder().authenticationContextClassReference(str).proofTokenState(proofTokenState).subjectConfirmation(sAML2SubjectConfirmation).build();
    }

    private OpenIdConnectTokenGenerationState buildOpenIdConectTokenGenerationState(String str, Set<String> set, long j, String str2) {
        return OpenIdConnectTokenGenerationState.builder().authenticationMethodReferences(set).authenticationContextClassReference(str).authenticationTimeInSeconds(j).nonce(str2).build();
    }

    private boolean isTokenPresent(String str, String str2) throws TokenValidationException {
        try {
            HttpURLConnectionWrapper.ConnectionResult makeInvocation = this.httpURLConnectionWrapperFactory.httpURLConnectionWrapper(new URL(this.urlConstituentCatenator.catenateUrlConstituents(new String[]{this.tokenServiceEndpoint, str}))).setRequestHeaders(makeCommonHeaders(str2)).setRequestMethod("GET").makeInvocation();
            int statusCode = makeInvocation.getStatusCode();
            if (statusCode == 200) {
                return true;
            }
            if (statusCode == 404) {
                return false;
            }
            throw new TokenValidationException(statusCode, makeInvocation.getResult());
        } catch (IOException e) {
            throw new TokenValidationException(500, "Exception caught invoking TokenService to verify token: " + e);
        }
    }

    private void invokeTokenCancellation(String str, String str2) throws TokenCancellationException {
        try {
            HttpURLConnectionWrapper.ConnectionResult makeInvocation = this.httpURLConnectionWrapperFactory.httpURLConnectionWrapper(new URL(this.urlConstituentCatenator.catenateUrlConstituents(new String[]{this.tokenServiceEndpoint, str}))).setRequestHeaders(makeCommonHeaders(str2)).setRequestMethod(DELETE).makeInvocation();
            int statusCode = makeInvocation.getStatusCode();
            if (statusCode != 200) {
                throw new TokenCancellationException(statusCode, makeInvocation.getResult());
            }
        } catch (IOException e) {
            throw new TokenCancellationException(500, "Exception caught invoking TokenService to cancel a token: " + e);
        }
    }

    private String invokeTokenCreation(String str, String str2) throws TokenCreationException {
        if (createInstance == null) {
            throw new TokenCreationException(500, "org.forgerock.openam.sts.tokengeneration.service.TokenGenerationService create error");
        }
        try {
            return (String) createInstance.invoke(null, str);
        } catch (IllegalAccessException e) {
            throw new TokenCreationException(500, "org.forgerock.openam.sts.tokengeneration.service.TokenGenerationService", e);
        } catch (InvocationTargetException e2) {
            throw ((TokenCreationException) e2.getTargetException());
        }
    }

    private Map<String, String> makeCommonHeaders(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/json");
        hashMap.put("Accept-API-Version", this.crestVersionTokenGenService);
        hashMap.put(COOKIE, createAMSessionCookie(str));
        return hashMap;
    }

    private String createAMSessionCookie(String str) {
        return this.amSessionCookieName + "=" + str;
    }

    static {
        createInstance = null;
        try {
            createInstance = Class.forName("org.forgerock.openam.sts.tokengeneration.service.TokenGenerationService").getMethod("createInstance", String.class);
        } catch (Exception e) {
        }
    }
}
