package com.evolveum.midpoint.authentication.impl.module.configuration;

import com.duosecurity.Client;
import com.duosecurity.exception.DuoException;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.DuoAuthenticationModuleType;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.8.7-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/module/configuration/DuoModuleWebSecurityConfiguration.class */
public class DuoModuleWebSecurityConfiguration extends RemoteModuleWebSecurityConfiguration {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) DuoModuleWebSecurityConfiguration.class);
    private Client duoClient;

    private DuoModuleWebSecurityConfiguration() {
    }

    public static DuoModuleWebSecurityConfiguration build(DuoAuthenticationModuleType duoAuthenticationModuleType, String str, String str2, ServletRequest servletRequest) {
        DuoModuleWebSecurityConfiguration buildInternal = buildInternal(duoAuthenticationModuleType, str, str2, servletRequest);
        buildInternal.validate();
        return buildInternal;
    }

    private static DuoModuleWebSecurityConfiguration buildInternal(DuoAuthenticationModuleType duoAuthenticationModuleType, String str, String str2, ServletRequest servletRequest) {
        DuoModuleWebSecurityConfiguration duoModuleWebSecurityConfiguration = new DuoModuleWebSecurityConfiguration();
        build(duoModuleWebSecurityConfiguration, duoAuthenticationModuleType, str);
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(StringUtils.isNotBlank(str2) ? str2 : AuthSequenceUtil.getBasePath((HttpServletRequest) servletRequest));
        fromUriString.pathSegment("auth", AuthUtil.stripSlashes(str), AuthUtil.stripSlashes(getAuthenticationModuleIdentifier(duoAuthenticationModuleType)), AuthUtil.stripSlashes(RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX));
        try {
            Client.Builder builder = new Client.Builder(duoAuthenticationModuleType.getClientId(), protector.decryptString(duoAuthenticationModuleType.getClientSecret()), duoAuthenticationModuleType.getApiHostname(), fromUriString.toUriString());
            List<String> cACerts = duoAuthenticationModuleType.getCACerts();
            if (!cACerts.isEmpty()) {
                builder.setCACerts((String[]) cACerts.toArray(new String[0]));
            }
            duoModuleWebSecurityConfiguration.duoClient = builder.build();
        } catch (DuoException e) {
            LOGGER.error("Couldn't build duo client", (Throwable) e);
        } catch (EncryptionException e2) {
            LOGGER.error("Couldn't obtain clear string for client secret", (Throwable) e2);
        }
        return duoModuleWebSecurityConfiguration;
    }

    public Client getDuoClient() {
        return this.duoClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configuration.ModuleWebSecurityConfigurationImpl
    public void validate() {
        super.validate();
        if (this.duoClient == null) {
            throw new IllegalArgumentException("Duo client is null");
        }
    }

    public String getPrefixOfSequence() {
        return "/auth/" + AuthUtil.stripSlashes(getSequenceSuffix());
    }
}
