package no.nav.brukerdialog.security.jaspic;

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.SecureRandom;

/* loaded from: input_file:no/nav/brukerdialog/security/jaspic/AuthorizationRequestBuilder.class */
public class AuthorizationRequestBuilder {
    private static final SecureRandom random = new SecureRandom();
    private final String scope = "openid";
    private final String issoHostUrl;
    private final String clientId;
    private final String redirectUrl;
    private boolean useKerberos;
    private String stateIndex;

    public AuthorizationRequestBuilder() {
        this(AuthorizationRequestBuilderConfig.resolveFromSystemProperties());
    }

    public AuthorizationRequestBuilder(AuthorizationRequestBuilderConfig authorizationRequestBuilderConfig) {
        this.scope = "openid";
        this.useKerberos = true;
        this.issoHostUrl = authorizationRequestBuilderConfig.getIssoHostUrl();
        this.clientId = authorizationRequestBuilderConfig.getClientId();
        this.redirectUrl = authorizationRequestBuilderConfig.getRedirectUrl();
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        this.stateIndex = "state_" + new BigInteger(1, bArr).toString(16);
    }

    public AuthorizationRequestBuilder ikkeBrukKerberos() {
        this.useKerberos = false;
        return this;
    }

    public String getStateIndex() {
        return this.stateIndex;
    }

    public String buildRedirectString() throws UnsupportedEncodingException {
        return String.format("%s/authorize?" + (this.useKerberos ? "session=winssochain&authIndexType=service&authIndexValue=winssochain&" : "") + "response_type=code&scope=%s&client_id=%s&state=%s&redirect_uri=%s", this.issoHostUrl, "openid", URLEncoder.encode(this.clientId, "UTF-8"), this.stateIndex, URLEncoder.encode(this.redirectUrl, "UTF-8"));
    }
}
