package org.forgerock.openam.sts.rest.token.provider.saml;

import java.util.Map;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.sts.TokenCreationException;
import org.forgerock.openam.sts.rest.token.provider.RestTokenProviderBase;
import org.forgerock.openam.sts.rest.token.provider.RestTokenProviderParameters;
import org.forgerock.openam.sts.token.SAML2SubjectConfirmation;
import org.forgerock.openam.sts.token.ThreadLocalAMTokenCache;
import org.forgerock.openam.sts.token.provider.AMSessionInvalidator;
import org.forgerock.openam.sts.token.provider.TokenServiceConsumer;
import org.forgerock.openam.sts.token.validator.ValidationInvocationContext;
import org.forgerock.openam.sts.user.invocation.ProofTokenState;
import org.slf4j.Logger;

/* loaded from: input_file:org/forgerock/openam/sts/rest/token/provider/saml/RestSamlTokenProvider.class */
public class RestSamlTokenProvider extends RestTokenProviderBase<Saml2TokenCreationState> {
    private final Saml2JsonTokenAuthnContextMapper authnContextMapper;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.forgerock.openam.sts.rest.token.provider.saml.RestSamlTokenProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/forgerock/openam/sts/rest/token/provider/saml/RestSamlTokenProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$openam$sts$token$SAML2SubjectConfirmation = new int[SAML2SubjectConfirmation.values().length];

        static {
            try {
                $SwitchMap$org$forgerock$openam$sts$token$SAML2SubjectConfirmation[SAML2SubjectConfirmation.BEARER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$forgerock$openam$sts$token$SAML2SubjectConfirmation[SAML2SubjectConfirmation.SENDER_VOUCHES.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$forgerock$openam$sts$token$SAML2SubjectConfirmation[SAML2SubjectConfirmation.HOLDER_OF_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public RestSamlTokenProvider(TokenServiceConsumer tokenServiceConsumer, AMSessionInvalidator aMSessionInvalidator, ThreadLocalAMTokenCache threadLocalAMTokenCache, String str, String str2, Saml2JsonTokenAuthnContextMapper saml2JsonTokenAuthnContextMapper, ValidationInvocationContext validationInvocationContext, Logger logger) {
        super(tokenServiceConsumer, aMSessionInvalidator, threadLocalAMTokenCache, str, str2, validationInvocationContext, logger);
        this.authnContextMapper = saml2JsonTokenAuthnContextMapper;
    }

    @Override // org.forgerock.openam.sts.rest.token.provider.RestTokenProvider
    public JsonValue createToken(RestTokenProviderParameters<Saml2TokenCreationState> restTokenProviderParameters) throws TokenCreationException {
        try {
            Saml2TokenCreationState tokenCreationState = restTokenProviderParameters.getTokenCreationState();
            return JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("issued_token", getAssertion(this.authnContextMapper.getAuthnContext(restTokenProviderParameters.getInputTokenType(), restTokenProviderParameters.getInputToken()), tokenCreationState.getSubjectConfirmation(), tokenCreationState.getProofTokenState()))}));
        } finally {
            try {
                this.amSessionInvalidator.invalidateAMSessions(this.threadLocalAMTokenCache.getToBeInvalidatedAMSessionIds());
            } catch (Exception e) {
                this.logger.warn("Exception caught invalidating interim AMSession following creation of a SAML2 assertion: " + e, e);
            }
        }
    }

    private String getAssertion(String str, SAML2SubjectConfirmation sAML2SubjectConfirmation, ProofTokenState proofTokenState) throws TokenCreationException {
        switch (AnonymousClass1.$SwitchMap$org$forgerock$openam$sts$token$SAML2SubjectConfirmation[sAML2SubjectConfirmation.ordinal()]) {
            case 1:
                return this.tokenServiceConsumer.getSAML2BearerAssertion(this.threadLocalAMTokenCache.getSessionIdForContext(this.validationInvocationContext), this.stsInstanceId, this.realm, str, getAdminToken());
            case 2:
                return this.tokenServiceConsumer.getSAML2SenderVouchesAssertion(this.threadLocalAMTokenCache.getSessionIdForContext(this.validationInvocationContext), this.stsInstanceId, this.realm, str, getAdminToken());
            case 3:
                return this.tokenServiceConsumer.getSAML2HolderOfKeyAssertion(this.threadLocalAMTokenCache.getSessionIdForContext(this.validationInvocationContext), this.stsInstanceId, this.realm, str, proofTokenState, getAdminToken());
            default:
                throw new TokenCreationException(500, "Unexpected SAML2SubjectConfirmation in AMSAMLTokenProvider: " + sAML2SubjectConfirmation);
        }
    }
}
