package net.shibboleth.idp.authn.duo.impl;

import com.duosecurity.duoweb.DuoWebException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.HttpClientSecuritySupport;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.0.0.jar:net/shibboleth/idp/authn/duo/impl/AbstractDuoAuthenticator.class */
public abstract class AbstractDuoAuthenticator extends AbstractInitializableComponent {

    @NonnullAfterInit
    private HttpClient httpClient;

    @Nullable
    private HttpClientSecurityParameters httpClientSecurityParameters;

    @NonnullAfterInit
    private ObjectMapper objectMapper;

    public void setHttpClient(@Nonnull HttpClient httpClient) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClient = (HttpClient) Constraint.isNotNull(httpClient, "HTTP client cannot be null");
    }

    public void setHttpClientSecurityParameters(@Nullable HttpClientSecurityParameters httpClientSecurityParameters) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.httpClientSecurityParameters = httpClientSecurityParameters;
    }

    public void setObjectMapper(@Nonnull ObjectMapper objectMapper) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        ComponentSupport.ifDestroyedThrowDestroyedComponentException(this);
        this.objectMapper = (ObjectMapper) Constraint.isNotNull(objectMapper, "Object mapper cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.httpClient == null) {
            throw new ComponentInitializationException("HttpClient cannot be null");
        }
        if (this.objectMapper == null) {
            throw new ComponentInitializationException("ObjectMapper cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T extends DuoResponseWrapper<?>> T doAPIRequest(@Nonnull HttpUriRequest httpUriRequest, @Nonnull TypeReference<T> typeReference) throws DuoWebException, ClientProtocolException, IOException {
        HttpClientContext create = HttpClientContext.create();
        HttpClientSecuritySupport.marshalSecurityParameters(create, this.httpClientSecurityParameters, true);
        HttpClientSecuritySupport.addDefaultTLSTrustEngineCriteria(create, httpUriRequest);
        HttpResponse execute = this.httpClient.execute(httpUriRequest, create);
        HttpClientSecuritySupport.checkTLSCredentialEvaluated(create, httpUriRequest.getURI().getScheme());
        int statusCode = execute.getStatusLine().getStatusCode();
        if (statusCode == 400) {
            DuoFailureResponse duoFailureResponse = (DuoFailureResponse) this.objectMapper.readValue(execute.getEntity().getContent(), DuoFailureResponse.class);
            throw new DuoWebException(duoFailureResponse.getMessage() != null ? duoFailureResponse.getMessage() : ("no message(" + duoFailureResponse.getMessageDetail()) != null ? duoFailureResponse.getMessageDetail() : "no detail)");
        }
        if (statusCode != 200) {
            throw new IOException("Non-ok status code (" + statusCode + ") returned from Duo: " + execute.getStatusLine().getReasonPhrase());
        }
        if (execute.getEntity() == null) {
            throw new IOException("No response body returned from Duo");
        }
        T t = (T) this.objectMapper.readValue(execute.getEntity().getContent(), typeReference);
        if (t == null) {
            throw new DuoWebException("Unable to parse JSON response");
        }
        if ("OK".equals(t.getStat())) {
            return t;
        }
        throw new DuoWebException("Unexpected status value in JSON response: " + t.getStat());
    }
}
