package org.keycloak.protocol.oidc.utils;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.keycloak.common.util.Encode;
import org.keycloak.common.util.HtmlUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.AuthorizationResponseToken;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.userprofile.DeclarativeUserProfileProvider;

/* loaded from: input_file:org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder.class */
public abstract class OIDCRedirectUriBuilder {
    protected final KeycloakUriBuilder uriBuilder;

    /* loaded from: input_file:org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder$FormPostRedirectUriBuilder.class */
    private static class FormPostRedirectUriBuilder extends OIDCRedirectUriBuilder {
        private Map<String, String> params;

        protected FormPostRedirectUriBuilder(KeycloakUriBuilder keycloakUriBuilder) {
            super(keycloakUriBuilder);
            this.params = new HashMap();
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public OIDCRedirectUriBuilder addParam(String str, String str2) {
            this.params.put(str, str2);
            return this;
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public Response build() {
            StringBuilder sb = new StringBuilder();
            URI build = this.uriBuilder.build(new Object[0]);
            sb.append("<HTML>");
            sb.append("  <HEAD>");
            sb.append("    <TITLE>OIDC Form_Post Response</TITLE>");
            sb.append("  </HEAD>");
            sb.append("  <BODY Onload=\"document.forms[0].submit()\">");
            sb.append("    <FORM METHOD=\"POST\" ACTION=\"" + build.toString() + "\">");
            for (Map.Entry<String, String> entry : this.params.entrySet()) {
                sb.append("  <INPUT TYPE=\"HIDDEN\" NAME=\"").append(entry.getKey()).append("\" VALUE=\"").append(HtmlUtils.escapeAttribute(entry.getValue())).append("\" />");
            }
            sb.append("      <NOSCRIPT>");
            sb.append("        <P>JavaScript is disabled. We strongly recommend to enable it. Click the button below to continue .</P>");
            sb.append("        <INPUT name=\"continue\" TYPE=\"SUBMIT\" VALUE=\"CONTINUE\" />");
            sb.append("      </NOSCRIPT>");
            sb.append("    </FORM>");
            sb.append("  </BODY>");
            sb.append("</HTML>");
            return Response.status(Response.Status.OK).type(MediaType.TEXT_HTML_TYPE).entity(sb.toString()).build();
        }
    }

    /* loaded from: input_file:org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder$FragmentRedirectUriBuilder.class */
    private static class FragmentRedirectUriBuilder extends OIDCRedirectUriBuilder {
        private StringBuilder fragment;

        protected FragmentRedirectUriBuilder(KeycloakUriBuilder keycloakUriBuilder) {
            super(keycloakUriBuilder);
            String fragment = keycloakUriBuilder.getFragment();
            if (fragment != null) {
                this.fragment = new StringBuilder(fragment);
            }
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public OIDCRedirectUriBuilder addParam(String str, String str2) {
            String str3 = str + "=" + Encode.encodeQueryParamAsIs(str2);
            if (this.fragment == null) {
                this.fragment = new StringBuilder(str3);
            } else {
                this.fragment.append("&").append(str3);
            }
            return this;
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public Response build() {
            if (this.fragment != null) {
                this.uriBuilder.encodedFragment(this.fragment.toString());
            }
            return Response.status(302).location(this.uriBuilder.build(new Object[0])).build();
        }
    }

    /* loaded from: input_file:org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder$JWTRedirectUriBuilder.class */
    private static class JWTRedirectUriBuilder extends OIDCRedirectUriBuilder {
        private final OIDCResponseMode responseMode;
        private final AuthorizationResponseToken responseJWT;
        private final KeycloakSession session;
        private final AuthenticatedClientSessionModel clientSession;

        public JWTRedirectUriBuilder(KeycloakUriBuilder keycloakUriBuilder, OIDCResponseMode oIDCResponseMode, KeycloakSession keycloakSession, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
            super(keycloakUriBuilder);
            this.responseMode = oIDCResponseMode;
            this.session = keycloakSession;
            this.clientSession = authenticatedClientSessionModel;
            this.responseJWT = new AuthorizationResponseToken();
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public OIDCRedirectUriBuilder addParam(String str, String str2) {
            this.responseJWT.getOtherClaims().put(str, str2);
            return this;
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public Response build() {
            KeycloakContext context = this.session.getContext();
            ClientModel client = context.getClient();
            this.responseJWT.issuer(Urls.realmIssuer(context.getUri().getBaseUri(), client.getRealm().getName()));
            this.responseJWT.audience(new String[]{client.getClientId()});
            this.responseJWT.exp(Long.valueOf(Time.currentTime() + r0.getAccessCodeLifespan()));
            if (this.clientSession != null) {
                this.responseJWT.issuer(this.clientSession.getNote(OIDCLoginProtocol.ISSUER));
                if (OIDCResponseType.TOKEN.equals(this.clientSession.getNote("response_type"))) {
                    this.responseJWT.setOtherClaims("scope", this.clientSession.getNote("scope"));
                }
            }
            switch (this.responseMode) {
                case QUERY_JWT:
                    return buildQueryResponse();
                case FRAGMENT_JWT:
                    return buildFragmentResponse();
                case FORM_POST_JWT:
                    return buildFormPostResponse();
                default:
                    throw new IllegalStateException("Not possible to end here");
            }
        }

        private Response buildQueryResponse() {
            this.uriBuilder.queryParam("response", new Object[]{this.session.tokens().encodeAndEncrypt(this.responseJWT)});
            return Response.status(302).location(this.uriBuilder.build(new Object[0])).build();
        }

        private Response buildFragmentResponse() {
            this.uriBuilder.encodedFragment("response=" + Encode.encodeQueryParamAsIs(this.session.tokens().encodeAndEncrypt(this.responseJWT)));
            return Response.status(302).location(this.uriBuilder.build(new Object[0])).build();
        }

        private Response buildFormPostResponse() {
            StringBuilder sb = new StringBuilder();
            URI build = this.uriBuilder.build(new Object[0]);
            sb.append("<HTML>");
            sb.append("  <HEAD>");
            sb.append("    <TITLE>OIDC Form_Post Response</TITLE>");
            sb.append("  </HEAD>");
            sb.append("  <BODY Onload=\"document.forms[0].submit()\">");
            sb.append("    <FORM METHOD=\"POST\" ACTION=\"" + build.toString() + "\">");
            sb.append("  <INPUT TYPE=\"HIDDEN\" NAME=\"response\" VALUE=\"").append(HtmlUtils.escapeAttribute(this.session.tokens().encodeAndEncrypt(this.responseJWT))).append("\" />");
            sb.append("      <NOSCRIPT>");
            sb.append("        <P>JavaScript is disabled. We strongly recommend to enable it. Click the button below to continue .</P>");
            sb.append("        <INPUT name=\"continue\" TYPE=\"SUBMIT\" VALUE=\"CONTINUE\" />");
            sb.append("      </NOSCRIPT>");
            sb.append("    </FORM>");
            sb.append("  </BODY>");
            sb.append("</HTML>");
            return Response.status(Response.Status.OK).type(MediaType.TEXT_HTML_TYPE).entity(sb.toString()).build();
        }
    }

    /* loaded from: input_file:org/keycloak/protocol/oidc/utils/OIDCRedirectUriBuilder$QueryRedirectUriBuilder.class */
    private static class QueryRedirectUriBuilder extends OIDCRedirectUriBuilder {
        protected QueryRedirectUriBuilder(KeycloakUriBuilder keycloakUriBuilder) {
            super(keycloakUriBuilder);
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public OIDCRedirectUriBuilder addParam(String str, String str2) {
            this.uriBuilder.queryParam(str, new Object[]{str2});
            return this;
        }

        @Override // org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder
        public Response build() {
            return Response.status(302).location(this.uriBuilder.build(new Object[0])).build();
        }
    }

    protected OIDCRedirectUriBuilder(KeycloakUriBuilder keycloakUriBuilder) {
        this.uriBuilder = keycloakUriBuilder;
    }

    public abstract OIDCRedirectUriBuilder addParam(String str, String str2);

    public abstract Response build();

    public static OIDCRedirectUriBuilder fromUri(String str, OIDCResponseMode oIDCResponseMode, KeycloakSession keycloakSession, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri(str);
        switch (AnonymousClass1.$SwitchMap$org$keycloak$protocol$oidc$utils$OIDCResponseMode[oIDCResponseMode.ordinal()]) {
            case DeclarativeUserProfileProvider.PROVIDER_PRIORITY /* 1 */:
                return new QueryRedirectUriBuilder(fromUri);
            case 2:
                return new FragmentRedirectUriBuilder(fromUri);
            case AuthenticationSessionManager.AUTH_SESSION_COOKIE_LIMIT /* 3 */:
                return new FormPostRedirectUriBuilder(fromUri);
            case 4:
            case 5:
            case 6:
                return new JWTRedirectUriBuilder(fromUri, oIDCResponseMode, keycloakSession, authenticatedClientSessionModel);
            default:
                throw new IllegalStateException("Not possible to end here");
        }
    }
}
