package net.trajano.ms.oidc.internal;

import java.net.URI;
import java.text.ParseException;
import javax.annotation.PostConstruct;
import javax.ws.rs.core.UriBuilder;
import net.trajano.ms.auth.spi.ClientValidator;
import net.trajano.ms.auth.token.GrantTypes;
import net.trajano.ms.auth.token.OAuthTokenResponse;
import net.trajano.ms.core.CryptoOps;
import net.trajano.ms.core.ErrorCodes;
import net.trajano.ms.oidc.spi.IssuerConfig;
import net.trajano.ms.oidc.spi.ServiceConfiguration;
import org.jose4j.jwt.JwtClaims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/ms-oidc-1.0.0.jar:net/trajano/ms/oidc/internal/AuthenticationUriBuilder.class */
public class AuthenticationUriBuilder {

    @Autowired
    private ClientValidator clientValidator;

    @Autowired
    private CacheManager cm;

    @Autowired
    private CryptoOps cryptoOps;
    private Cache nonceCache;

    @Value("${realmName:client_credentials}")
    private String realmName;

    @Autowired
    private ServiceConfiguration serviceConfiguration;

    public URI build(String str, String str2, String str3, JwtClaims jwtClaims) {
        if (str2 == null) {
            throw OAuthTokenResponse.badRequest(ErrorCodes.INVALID_REQUEST, "Missing issuer_id");
        }
        if (str == null) {
            throw OAuthTokenResponse.badRequest(ErrorCodes.INVALID_REQUEST, "Missing state");
        }
        IssuerConfig issuerConfig = this.serviceConfiguration.getIssuerConfig(str2);
        if (issuerConfig == null) {
            throw OAuthTokenResponse.badRequest(ErrorCodes.INVALID_REQUEST, "Invalid issuer_id");
        }
        try {
            if (!this.clientValidator.isValid(GrantTypes.OPENID, str3)) {
                throw OAuthTokenResponse.unauthorized(ErrorCodes.UNAUTHORIZED_CLIENT, "Unauthorized client", String.format("Basic realm=\"%s\", encoding=\"UTF-8\"", this.realmName));
            }
            URI build = UriBuilder.fromUri(this.serviceConfiguration.getRedirectUri()).path(str2).build(new Object[0]);
            String newToken = this.cryptoOps.newToken();
            ServerState serverState = new ServerState(str, jwtClaims, newToken, str3);
            String newToken2 = this.cryptoOps.newToken();
            this.nonceCache.putIfAbsent(newToken2, serverState);
            return issuerConfig.buildAuthenticationRequestUri(build, newToken2, newToken);
        } catch (ParseException e) {
            throw OAuthTokenResponse.unauthorized(ErrorCodes.UNAUTHORIZED_CLIENT, "Unable to parse client credentials", String.format("Basic realm=\"%s\", encoding=\"UTF-8\"", this.realmName));
        }
    }

    @PostConstruct
    public void init() {
        this.nonceCache = this.cm.getCache(HazelcastConfiguration.SERVER_STATE);
    }
}
