package org.pac4j.oidc.redirect;

import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.oauth2.sdk.pkce.CodeChallenge;
import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
import com.nimbusds.oauth2.sdk.pkce.CodeVerifier;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.redirect.RedirectionActionBuilder;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.HttpActionHelper;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.config.OidcConfigurationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/oidc/redirect/OidcRedirectionActionBuilder.class */
public class OidcRedirectionActionBuilder implements RedirectionActionBuilder {
    private static final Logger logger = LoggerFactory.getLogger(OidcRedirectionActionBuilder.class);
    protected OidcClient client;

    public OidcRedirectionActionBuilder(OidcClient oidcClient) {
        CommonHelper.assertNotNull("client", oidcClient);
        this.client = oidcClient;
    }

    public Optional<RedirectionAction> getRedirectionAction(WebContext webContext, SessionStore sessionStore) {
        OidcConfigurationContext oidcConfigurationContext = new OidcConfigurationContext(webContext, this.client.getConfiguration());
        Map<String, String> buildParams = buildParams(webContext);
        buildParams.put(OidcConfiguration.REDIRECT_URI, this.client.computeFinalCallbackUrl(webContext));
        addStateAndNonceParameters(webContext, sessionStore, buildParams);
        Integer maxAge = oidcConfigurationContext.getMaxAge();
        if (maxAge != null) {
            buildParams.put(OidcConfiguration.MAX_AGE, maxAge.toString());
        }
        if (oidcConfigurationContext.isForceAuthn().booleanValue()) {
            buildParams.put(OidcConfiguration.PROMPT, "login");
            buildParams.put(OidcConfiguration.MAX_AGE, "0");
        }
        if (oidcConfigurationContext.isPassive().booleanValue()) {
            buildParams.put(OidcConfiguration.PROMPT, "none");
        }
        String buildAuthenticationRequestUrl = buildAuthenticationRequestUrl(buildParams);
        logger.debug("Authentication request url: {}", buildAuthenticationRequestUrl);
        return Optional.of(HttpActionHelper.buildRedirectUrlAction(webContext, buildAuthenticationRequestUrl));
    }

    protected Map<String, String> buildParams(WebContext webContext) {
        OidcConfigurationContext oidcConfigurationContext = new OidcConfigurationContext(webContext, this.client.getConfiguration());
        HashMap hashMap = new HashMap();
        hashMap.put(OidcConfiguration.SCOPE, oidcConfigurationContext.getScope());
        hashMap.put(OidcConfiguration.RESPONSE_TYPE, oidcConfigurationContext.getResponseType());
        hashMap.put(OidcConfiguration.RESPONSE_MODE, oidcConfigurationContext.getResponseMode());
        hashMap.putAll(oidcConfigurationContext.getCustomParams());
        hashMap.put(OidcConfiguration.CLIENT_ID, oidcConfigurationContext.getConfiguration().getClientId());
        return new HashMap(hashMap);
    }

    protected void addStateAndNonceParameters(WebContext webContext, SessionStore sessionStore, Map<String, String> map) {
        if (this.client.getConfiguration().isWithState()) {
            State state = new State(this.client.getConfiguration().getStateGenerator().generateValue(webContext, sessionStore));
            map.put(OidcConfiguration.STATE, state.getValue());
            sessionStore.set(webContext, this.client.getStateSessionAttributeName(), state);
        }
        if (this.client.getConfiguration().isUseNonce()) {
            Nonce nonce = new Nonce();
            map.put("nonce", nonce.getValue());
            sessionStore.set(webContext, this.client.getNonceSessionAttributeName(), nonce.getValue());
        }
        CodeChallengeMethod findPkceMethod = this.client.getConfiguration().findPkceMethod();
        if (findPkceMethod != null) {
            CodeVerifier codeVerifier = new CodeVerifier(this.client.getConfiguration().getCodeVerifierGenerator().generateValue(webContext, sessionStore));
            sessionStore.set(webContext, this.client.getCodeVerifierSessionAttributeName(), codeVerifier);
            map.put(OidcConfiguration.CODE_CHALLENGE, CodeChallenge.compute(findPkceMethod, codeVerifier).getValue());
            map.put(OidcConfiguration.CODE_CHALLENGE_METHOD, findPkceMethod.getValue());
        }
    }

    protected String buildAuthenticationRequestUrl(Map<String, String> map) {
        try {
            return this.client.getConfiguration().getProviderMetadata().getAuthorizationEndpointURI().toString() + "?" + AuthenticationRequest.parse((Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return Collections.singletonList((String) entry.getValue());
            }))).toQueryString();
        } catch (Exception e) {
            throw new TechnicalException(e);
        }
    }
}
