package net.shibboleth.idp.authn.duo.impl;

import com.duosecurity.duoweb.DuoWebException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.escape.Escaper;
import com.google.common.net.UrlEscapers;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Map;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.duo.DuoAuthAPI;
import net.shibboleth.idp.authn.duo.DuoIntegration;
import net.shibboleth.idp.authn.duo.context.DuoAuthenticationContext;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.URIBuilder;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:WEB-INF/lib/idp-authn-impl-4.1.6.jar:net/shibboleth/idp/authn/duo/impl/DuoAuthAuthenticator.class */
public class DuoAuthAuthenticator extends AbstractDuoAuthenticator {

    @Nonnull
    private final TypeReference<DuoResponseWrapper<DuoAuthResponse>> wrapperTypeRef = new TypeReference<DuoResponseWrapper<DuoAuthResponse>>() { // from class: net.shibboleth.idp.authn.duo.impl.DuoAuthAuthenticator.1
    };

    @Nonnull
    private final Escaper paramEscaper = UrlEscapers.urlFormParameterEscaper();

    public DuoAuthResponse authenticate(@Nonnull DuoAuthenticationContext duoAuthenticationContext, @Nonnull DuoIntegration duoIntegration) throws DuoWebException {
        try {
            RequestBuilder addParameter = RequestBuilder.post().setUri(new URIBuilder().setScheme("https").setHost(duoIntegration.getAPIHost()).setPath("/auth/v2/auth").build()).addParameter(DuoAuthAPI.DUO_USERNAME, duoAuthenticationContext.getUsername());
            if (duoAuthenticationContext.getClientAddress() != null) {
                addParameter.addParameter(DuoAuthAPI.DUO_IPADDR, duoAuthenticationContext.getClientAddress());
            }
            if (duoAuthenticationContext.getFactor() != null) {
                addParameter.addParameter(DuoAuthAPI.DUO_FACTOR, duoAuthenticationContext.getFactor());
            }
            if (duoAuthenticationContext.getDeviceID() != null) {
                addParameter.addParameter(DuoAuthAPI.DUO_DEVICE, duoAuthenticationContext.getDeviceID());
            }
            if (duoAuthenticationContext.getPasscode() != null) {
                addParameter.addParameter("passcode", duoAuthenticationContext.getPasscode());
            }
            if (!duoAuthenticationContext.getPushInfo().isEmpty()) {
                ArrayList arrayList = new ArrayList(duoAuthenticationContext.getPushInfo().size());
                for (Map.Entry<String, String> entry : duoAuthenticationContext.getPushInfo().entrySet()) {
                    arrayList.add(this.paramEscaper.escape(entry.getKey()) + "=" + this.paramEscaper.escape(entry.getValue()));
                }
                addParameter.addParameter(DuoAuthAPI.DUO_PUSHINFO, StringSupport.listToStringValue(arrayList, BeanFactory.FACTORY_BEAN_PREFIX));
            }
            DuoSupport.signRequest(addParameter, duoIntegration);
            return (DuoAuthResponse) doAPIRequest(addParameter.build(), this.wrapperTypeRef).getResponse();
        } catch (IOException | URISyntaxException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new DuoWebException("Duo AuthAPI auth request failed: " + e.getMessage());
        }
    }
}
