package org.pac4j.oidc.redirect;

import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.exception.http.RedirectionActionHelper;
import org.pac4j.core.redirect.RedirectionActionBuilder;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/oidc/redirect/OidcRedirectionActionBuilder.class */
public class OidcRedirectionActionBuilder implements RedirectionActionBuilder {
    private static final Logger logger = LoggerFactory.getLogger(OidcRedirectionActionBuilder.class);
    protected OidcConfiguration configuration;
    protected OidcClient client;
    private Map<String, String> authParams;

    public OidcRedirectionActionBuilder(OidcConfiguration oidcConfiguration, OidcClient oidcClient) {
        CommonHelper.assertNotNull("configuration", oidcConfiguration);
        CommonHelper.assertNotNull("client", oidcClient);
        this.configuration = oidcConfiguration;
        this.client = oidcClient;
        this.authParams = new HashMap();
        String scope = oidcConfiguration.getScope();
        if (CommonHelper.isNotBlank(scope)) {
            this.authParams.put(OidcConfiguration.SCOPE, scope);
        } else {
            this.authParams.put(OidcConfiguration.SCOPE, "openid profile email");
        }
        this.authParams.put(OidcConfiguration.RESPONSE_TYPE, oidcConfiguration.getResponseType());
        String responseMode = oidcConfiguration.getResponseMode();
        if (CommonHelper.isNotBlank(responseMode)) {
            this.authParams.put(OidcConfiguration.RESPONSE_MODE, responseMode);
        }
        this.authParams.putAll(oidcConfiguration.getCustomParams());
        this.authParams.put(OidcConfiguration.CLIENT_ID, oidcConfiguration.getClientId());
    }

    public Optional<RedirectionAction> getRedirectionAction(WebContext webContext) {
        Map<String, String> buildParams = buildParams();
        buildParams.put(OidcConfiguration.REDIRECT_URI, this.client.computeFinalCallbackUrl(webContext));
        addStateAndNonceParameters(webContext, buildParams);
        if (this.configuration.getMaxAge() != null) {
            buildParams.put(OidcConfiguration.MAX_AGE, this.configuration.getMaxAge().toString());
        }
        String buildAuthenticationRequestUrl = buildAuthenticationRequestUrl(buildParams);
        logger.debug("Authentication request url: {}", buildAuthenticationRequestUrl);
        return Optional.of(RedirectionActionHelper.buildRedirectUrlAction(webContext, buildAuthenticationRequestUrl));
    }

    protected Map<String, String> buildParams() {
        return new HashMap(this.authParams);
    }

    protected void addStateAndNonceParameters(WebContext webContext, Map<String, String> map) {
        State state = this.configuration.isWithState() ? new State(this.configuration.getStateGenerator().generateState(webContext)) : new State();
        map.put(OidcConfiguration.STATE, state.getValue());
        webContext.getSessionStore().set(webContext, this.client.getStateSessionAttributeName(), state);
        if (this.configuration.isUseNonce()) {
            Nonce nonce = new Nonce();
            map.put("nonce", nonce.getValue());
            webContext.getSessionStore().set(webContext, this.client.getNonceSessionAttributeName(), nonce.getValue());
        }
    }

    protected String buildAuthenticationRequestUrl(Map<String, String> map) {
        try {
            return this.configuration.getProviderMetadata().getAuthorizationEndpointURI().toString() + "?" + AuthenticationRequest.parse((Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return Collections.singletonList((String) entry.getValue());
            }))).toQueryString();
        } catch (Exception e) {
            throw new TechnicalException(e);
        }
    }
}
