package com.vmware.vapi.cis.authn.json;

import com.vmware.vapi.cis.authn.SamlTokenAuthnHandler;
import com.vmware.vapi.cis.util.RefreshableCache;
import com.vmware.vapi.dsig.json.SignatureException;
import com.vmware.vapi.dsig.json.StsTrustChain;
import com.vmware.vapi.protocol.RequestProcessor;
import com.vmware.vapi.saml.exception.InvalidTokenException;
import java.security.cert.X509Certificate;
import java.util.Map;

/* loaded from: input_file:com/vmware/vapi/cis/authn/json/RetryJsonSignatureVerificationProcessor.class */
public class RetryJsonSignatureVerificationProcessor implements RequestProcessor {
    private final RefreshableCache<X509Certificate[]> certsCache;
    private RequestProcessor decoratedProcessor;

    /* loaded from: input_file:com/vmware/vapi/cis/authn/json/RetryJsonSignatureVerificationProcessor$CacheStsTrustChain.class */
    class CacheStsTrustChain implements StsTrustChain {
        CacheStsTrustChain() {
        }

        @Override // com.vmware.vapi.dsig.json.StsTrustChain
        public X509Certificate[] getStsTrustChain() {
            return (X509Certificate[]) RetryJsonSignatureVerificationProcessor.this.certsCache.get();
        }
    }

    public RetryJsonSignatureVerificationProcessor(StsTrustChain stsTrustChain, long j) {
        this(stsTrustChain, j, 600L);
    }

    public RetryJsonSignatureVerificationProcessor(StsTrustChain stsTrustChain, long j, long j2) {
        this.certsCache = new RefreshableCache<>(() -> {
            return stsTrustChain.getStsTrustChain();
        }, j);
        this.decoratedProcessor = new JsonSignatureVerificationProcessor(new CacheStsTrustChain(), j2);
    }

    public RetryJsonSignatureVerificationProcessor(RefreshableCache<X509Certificate[]> refreshableCache) {
        this.certsCache = refreshableCache;
        this.decoratedProcessor = new JsonSignatureVerificationProcessor(new CacheStsTrustChain());
    }

    @Override // com.vmware.vapi.protocol.RequestProcessor
    public byte[] process(byte[] bArr, Map<String, Object> map, RequestProcessor.Request request) {
        byte[] process = this.decoratedProcessor.process(bArr, map, request);
        if (isInvalidTokenExceptionPresent(map)) {
            process = retry(bArr, map, request);
        }
        return process;
    }

    private byte[] retry(byte[] bArr, Map<String, Object> map, RequestProcessor.Request request) {
        this.certsCache.refresh();
        clearError(map);
        return this.decoratedProcessor.process(bArr, map, request);
    }

    private void clearError(Map<String, Object> map) {
        Map<String, Object> securityMetadata = getSecurityMetadata(map);
        if (securityMetadata != null) {
            securityMetadata.remove(SamlTokenAuthnHandler.ERROR_KEY);
        }
    }

    static boolean isInvalidTokenExceptionPresent(Map<String, Object> map) {
        Map<String, Object> securityMetadata = getSecurityMetadata(map);
        if (securityMetadata == null) {
            return false;
        }
        Exception exc = (Exception) securityMetadata.get(SamlTokenAuthnHandler.ERROR_KEY);
        return (exc instanceof SignatureException) && (exc.getCause() instanceof InvalidTokenException);
    }

    private static Map<String, Object> getSecurityMetadata(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        return (Map) map.get(RequestProcessor.SECURITY_PROC_METADATA_KEY);
    }

    void setDecoratedProcessor(RequestProcessor requestProcessor) {
        this.decoratedProcessor = requestProcessor;
    }

    RequestProcessor getDecoratedProcessor() {
        return this.decoratedProcessor;
    }
}
