package net.trajano.openidconnect.auth;

import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.UriBuilder;
import javax.xml.bind.annotation.XmlTransient;
import net.trajano.openidconnect.core.ErrorCode;
import net.trajano.openidconnect.core.ErrorResponse;
import net.trajano.openidconnect.core.OpenIdConnectKey;
import net.trajano.openidconnect.core.RedirectedOpenIdProviderException;
import net.trajano.openidconnect.core.Scope;
import net.trajano.openidconnect.crypto.JsonWebKeySet;
import net.trajano.openidconnect.crypto.JsonWebToken;
import net.trajano.openidconnect.crypto.JsonWebTokenProcessor;
import net.trajano.openidconnect.internal.Util;

/* loaded from: input_file:WEB-INF/lib/openid-connect-core-1.0.1.jar:net/trajano/openidconnect/auth/AuthenticationRequest.class */
public class AuthenticationRequest {
    private static final String[] REQUEST_KEYS = {OpenIdConnectKey.ACR_VALUES, "client_id", OpenIdConnectKey.CLAIMS, OpenIdConnectKey.DISPLAY, OpenIdConnectKey.ID_TOKEN_HINT, OpenIdConnectKey.LOGIN_HINT, OpenIdConnectKey.MAX_AGE, OpenIdConnectKey.NONCE, OpenIdConnectKey.PROMPT, "redirect_uri", OpenIdConnectKey.RESPONSE_MODE, OpenIdConnectKey.RESPONSE_TYPE, OpenIdConnectKey.SCOPE, OpenIdConnectKey.STATE, OpenIdConnectKey.UI_LOCALES};
    private final List<String> acrValues;
    private final JsonObject claims;
    private final String clientId;

    @XmlTransient
    private final boolean codeOnlyResponseType;
    private final Display display;
    private final String idTokenHint;
    private final String loginHint;
    private final Integer maxAge;
    private final String nonce;
    private final Set<Prompt> prompts;
    private final URI redirectUri;
    private final Map<String, String> requestMap;
    private final ResponseMode responseMode;
    private final Set<ResponseType> responseTypes;
    private final Set<Scope> scopes;
    private final String state;
    private final List<Locale> uiLocales;

    /* loaded from: input_file:WEB-INF/lib/openid-connect-core-1.0.1.jar:net/trajano/openidconnect/auth/AuthenticationRequest$Builder.class */
    public static class Builder {
        private final Map<String, String> requestMap = new HashMap();

        public AuthenticationRequest build() throws IOException, GeneralSecurityException {
            return new AuthenticationRequest(this.requestMap);
        }

        public Builder clientId(String str) {
            this.requestMap.put("client_id", str);
            return this;
        }

        public Builder nonce(String str) {
            this.requestMap.put(OpenIdConnectKey.NONCE, str);
            return this;
        }

        public Builder redirectUri(URI uri) {
            this.requestMap.put("redirect_uri", uri.toASCIIString());
            return this;
        }

        public Builder responseMode(ResponseMode responseMode) {
            if (responseMode != ResponseMode.query) {
                this.requestMap.put(OpenIdConnectKey.RESPONSE_MODE, responseMode.name());
            }
            return this;
        }

        public Builder responseType(@NotNull ResponseType responseType, ResponseType... responseTypeArr) {
            StringBuilder sb = new StringBuilder(responseType.name());
            for (ResponseType responseType2 : responseTypeArr) {
                sb.append(' ');
                sb.append(responseType2.name());
            }
            this.requestMap.put(OpenIdConnectKey.RESPONSE_TYPE, sb.toString());
            return this;
        }

        public Builder scope(String str) {
            this.requestMap.put(OpenIdConnectKey.SCOPE, str);
            return this;
        }

        public Builder state(String str) {
            this.requestMap.put(OpenIdConnectKey.STATE, str);
            return this;
        }

        public Builder uiLocale(Enumeration<Locale> enumeration) {
            if (enumeration != null) {
                StringBuilder sb = new StringBuilder(enumeration.nextElement().toLanguageTag());
                while (enumeration.hasMoreElements()) {
                    sb.append(' ');
                    sb.append(enumeration.nextElement().toLanguageTag());
                }
                this.requestMap.put(OpenIdConnectKey.UI_LOCALES, sb.toString());
            }
            return this;
        }
    }

    private static Map<String, String> buildRequestMap(HttpServletRequest httpServletRequest, JsonWebKeySet jsonWebKeySet) throws IOException, GeneralSecurityException {
        JsonObject jsonObject;
        HashMap hashMap = new HashMap();
        if (httpServletRequest.getParameter(OpenIdConnectKey.REQUEST) == null || jsonWebKeySet == null) {
            jsonObject = null;
        } else {
            JsonWebTokenProcessor jwks = new JsonWebTokenProcessor(new JsonWebToken(httpServletRequest.getParameter(OpenIdConnectKey.REQUEST))).jwks(jsonWebKeySet);
            if (!jwks.isJwkAvailable()) {
                throw new GeneralSecurityException("jwk not available for kid");
            }
            jsonObject = jwks.getJsonPayload();
        }
        for (String str : REQUEST_KEYS) {
            processValueFromMapOrObject(hashMap, str, httpServletRequest, jsonObject);
        }
        return hashMap;
    }

    private static Map<String, String> buildRequestMap(String str, JsonWebKeySet jsonWebKeySet) throws IOException, GeneralSecurityException {
        HashMap hashMap = new HashMap();
        JsonObject jsonPayload = (str == null || jsonWebKeySet == null) ? null : new JsonWebTokenProcessor(new JsonWebToken(str)).jwks(jsonWebKeySet).getJsonPayload();
        for (String str2 : REQUEST_KEYS) {
            processValueFromMapOrObject(hashMap, str2, null, jsonPayload);
        }
        return hashMap;
    }

    private static void processValueFromMapOrObject(Map<String, String> map, String str, HttpServletRequest httpServletRequest, JsonObject jsonObject) {
        String parameter = (httpServletRequest == null || httpServletRequest.getParameter(str) == null) ? null : httpServletRequest.getParameter(str);
        String string = (jsonObject == null || !jsonObject.containsKey(str)) ? null : jsonObject.get(str).getValueType() == JsonValue.ValueType.STRING ? jsonObject.getString(str) : jsonObject.get(str).getValueType() == JsonValue.ValueType.NUMBER ? jsonObject.getJsonNumber(str).bigIntegerValueExact().toString() : jsonObject.get(str).getValueType() == JsonValue.ValueType.OBJECT ? jsonObject.getJsonObject(str).toString() : null;
        if ("client_id".equals(str) && parameter != null && string != null && !parameter.equals(string)) {
            throw new BadRequestException("client_id does not match.");
        }
        if ("redirect_uri".equals(str) && parameter != null && string != null && !parameter.equals(string)) {
            throw new BadRequestException("redirect_uri does not match.");
        }
        if (Util.isNotNullOrEmpty(string)) {
            map.put(str, string);
        } else if (Util.isNotNullOrEmpty(parameter)) {
            map.put(str, parameter);
        }
    }

    public AuthenticationRequest(HttpServletRequest httpServletRequest, JsonWebKeySet jsonWebKeySet) throws IOException, GeneralSecurityException {
        this(buildRequestMap(httpServletRequest, jsonWebKeySet));
    }

    private AuthenticationRequest(Map<String, String> map) throws IOException, GeneralSecurityException {
        this.requestMap = map;
        if (map.containsKey(OpenIdConnectKey.ACR_VALUES)) {
            this.acrValues = Util.splitToList(map.get(OpenIdConnectKey.ACR_VALUES));
        } else {
            this.acrValues = null;
        }
        if (map.containsKey("client_id")) {
            this.clientId = map.get("client_id");
        } else {
            this.clientId = null;
        }
        if (map.containsKey(OpenIdConnectKey.CLAIMS)) {
            this.claims = Json.createReader(new StringReader(map.get(OpenIdConnectKey.CLAIMS))).readObject();
        } else {
            this.claims = Json.createObjectBuilder().build();
        }
        if (map.containsKey(OpenIdConnectKey.DISPLAY)) {
            this.display = (Display) Util.valueOf(Display.class, map.get(OpenIdConnectKey.DISPLAY));
        } else {
            this.display = null;
        }
        if (map.containsKey(OpenIdConnectKey.ID_TOKEN_HINT)) {
            this.idTokenHint = map.get(OpenIdConnectKey.ID_TOKEN_HINT);
        } else {
            this.idTokenHint = null;
        }
        if (map.containsKey(OpenIdConnectKey.LOGIN_HINT)) {
            this.loginHint = map.get(OpenIdConnectKey.LOGIN_HINT);
        } else {
            this.loginHint = null;
        }
        if (map.containsKey(OpenIdConnectKey.MAX_AGE)) {
            this.maxAge = Integer.valueOf(map.get(OpenIdConnectKey.MAX_AGE));
        } else {
            this.maxAge = null;
        }
        if (map.containsKey(OpenIdConnectKey.NONCE)) {
            this.nonce = map.get(OpenIdConnectKey.NONCE);
        } else {
            this.nonce = null;
        }
        if (map.containsKey(OpenIdConnectKey.PROMPT)) {
            this.prompts = Util.splitToSet(Prompt.class, map.get(OpenIdConnectKey.PROMPT));
        } else {
            this.prompts = Collections.emptySet();
        }
        if (map.containsKey("redirect_uri")) {
            this.redirectUri = URI.create(map.get("redirect_uri"));
        } else {
            this.redirectUri = null;
        }
        if (map.containsKey(OpenIdConnectKey.RESPONSE_TYPE)) {
            this.responseTypes = Util.splitToSet(ResponseType.class, map.get(OpenIdConnectKey.RESPONSE_TYPE));
        } else {
            this.responseTypes = Collections.emptySet();
        }
        this.codeOnlyResponseType = this.responseTypes.equals(Collections.singleton(ResponseType.code));
        if (map.containsKey(OpenIdConnectKey.RESPONSE_MODE)) {
            this.responseMode = (ResponseMode) Util.valueOf(ResponseMode.class, map.get(OpenIdConnectKey.RESPONSE_MODE));
        } else {
            this.responseMode = getDefaultResponseMode();
        }
        if (map.containsKey(OpenIdConnectKey.SCOPE)) {
            this.scopes = Util.splitToSet(Scope.class, map.get(OpenIdConnectKey.SCOPE));
        } else {
            this.scopes = null;
        }
        if (map.containsKey(OpenIdConnectKey.STATE)) {
            this.state = map.get(OpenIdConnectKey.STATE);
        } else {
            this.state = null;
        }
        if (map.containsKey(OpenIdConnectKey.UI_LOCALES)) {
            this.uiLocales = Util.splitToLocaleList(map.get(OpenIdConnectKey.UI_LOCALES));
        } else {
            this.uiLocales = null;
        }
        validate();
    }

    public AuthenticationRequest(String str, JsonWebKeySet jsonWebKeySet) throws IOException, GeneralSecurityException {
        this(buildRequestMap(str, jsonWebKeySet));
    }

    public void addQueryParams(UriBuilder uriBuilder) {
        for (Map.Entry<String, String> entry : this.requestMap.entrySet()) {
            uriBuilder.queryParam(entry.getKey(), new Object[]{entry.getValue()});
        }
    }

    public boolean containsResponseType(ResponseType responseType) {
        return this.responseTypes.contains(responseType);
    }

    public List<String> getAcrValues() {
        return this.acrValues;
    }

    public JsonObject getClaims() {
        return this.claims;
    }

    public String getClientId() {
        return this.clientId;
    }

    private ResponseMode getDefaultResponseMode() {
        return this.codeOnlyResponseType ? ResponseMode.query : ResponseMode.fragment;
    }

    public Display getDisplay() {
        return this.display;
    }

    public String getIdTokenHint() {
        return this.idTokenHint;
    }

    public String getLoginHint() {
        return this.loginHint;
    }

    public Integer getMaxAge() {
        return this.maxAge;
    }

    public String getNonce() {
        return this.nonce;
    }

    public Set<Prompt> getPrompts() {
        return this.prompts;
    }

    public URI getRedirectUri() {
        return this.redirectUri;
    }

    public ResponseMode getResponseMode() {
        return this.responseMode;
    }

    public String getResponseType() {
        StringBuilder sb = new StringBuilder();
        Iterator<ResponseType> it = this.responseTypes.iterator();
        sb.append(it.next());
        while (it.hasNext()) {
            sb.append(' ');
            sb.append(it.next());
        }
        return sb.toString();
    }

    public Set<ResponseType> getResponseTypes() {
        return this.responseTypes;
    }

    public String getScope() {
        StringBuilder sb = new StringBuilder();
        Iterator<Scope> it = this.scopes.iterator();
        sb.append(it.next());
        while (it.hasNext()) {
            sb.append(' ');
            sb.append(it.next());
        }
        return sb.toString();
    }

    public Set<Scope> getScopes() {
        return this.scopes;
    }

    public String getState() {
        return this.state;
    }

    public List<Locale> getUiLocales() {
        return this.uiLocales;
    }

    public boolean isAuthorizationCodeFlow() {
        return this.codeOnlyResponseType;
    }

    public boolean isDefaultResponseMode() {
        return this.codeOnlyResponseType ? ResponseMode.query == this.responseMode : ResponseMode.fragment == this.responseMode;
    }

    public boolean isImplicitFlow() {
        return !this.responseTypes.contains(ResponseType.code);
    }

    public JsonObject toJsonObject() {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        createObjectBuilder.add("client_id", this.clientId);
        createObjectBuilder.add("redirect_uri", this.redirectUri.toASCIIString());
        if (this.display != null) {
            createObjectBuilder.add(OpenIdConnectKey.DISPLAY, Util.toString(this.display));
        }
        if (this.idTokenHint != null) {
            createObjectBuilder.add(OpenIdConnectKey.ID_TOKEN_HINT, this.idTokenHint);
        }
        if (this.loginHint != null) {
            createObjectBuilder.add(OpenIdConnectKey.LOGIN_HINT, this.loginHint);
        }
        if (this.maxAge != null) {
            createObjectBuilder.add(OpenIdConnectKey.MAX_AGE, this.maxAge.intValue());
        }
        if (this.claims != null) {
            createObjectBuilder.add(OpenIdConnectKey.CLAIMS, this.claims);
        }
        if (this.nonce != null) {
            createObjectBuilder.add(OpenIdConnectKey.NONCE, this.nonce);
        }
        if (this.responseMode != null) {
            createObjectBuilder.add(OpenIdConnectKey.RESPONSE_MODE, Util.toString(this.responseMode));
        }
        if (this.responseTypes != null) {
            createObjectBuilder.add(OpenIdConnectKey.RESPONSE_TYPE, Util.toString(this.responseTypes));
        }
        if (this.scopes != null) {
            createObjectBuilder.add(OpenIdConnectKey.SCOPE, Util.toString(this.scopes));
        }
        if (this.state != null) {
            createObjectBuilder.add(OpenIdConnectKey.STATE, this.state);
        }
        if (this.acrValues != null) {
            createObjectBuilder.add(OpenIdConnectKey.ACR_VALUES, Util.join(this.acrValues));
        }
        if (this.uiLocales != null) {
            createObjectBuilder.add(OpenIdConnectKey.UI_LOCALES, Util.toLocaleString(this.uiLocales));
        }
        return createObjectBuilder.build();
    }

    private void validate() {
        if (this.redirectUri == null) {
            throw new BadRequestException("the request must contain the 'redirect_uri'");
        }
        if (this.clientId == null) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "the request must contain the 'client_id'"));
        }
        if (!this.scopes.contains(Scope.openid)) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "the request must contain the 'openid' scope value"));
        }
        if (this.prompts.contains(Prompt.none) && this.prompts.size() != 1) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "Cannot have 'none' with any other value for 'prompt'"));
        }
        if (this.responseTypes.isEmpty()) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "the request must contain the 'response_type'"));
        }
        if (this.responseTypes.contains(ResponseType.none) && this.responseTypes.size() != 1) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "Cannot have 'none' with any other value for 'response_type'"));
        }
        if (this.responseMode == ResponseMode.query && !this.codeOnlyResponseType) {
            throw new RedirectedOpenIdProviderException(this, new ErrorResponse(ErrorCode.invalid_request, "Invalid response mode for the response type requested."));
        }
    }
}
