package io.jans.as.common.util;

import io.jans.as.model.common.ResponseMode;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm;
import io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.exception.InvalidJweException;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.model.jwe.Jwe;
import io.jans.as.model.jwe.JweEncrypterImpl;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtType;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.PublicKey;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONObject;

/* loaded from: input_file:io/jans/as/common/util/RedirectUri.class */
public class RedirectUri {
    private String baseRedirectUri;
    private List<ResponseType> responseTypes;
    private ResponseMode responseMode;
    private final Map<String, String> responseParameters;
    private String issuer;
    private String audience;
    private int authorizationCodeLifetime;
    private SignatureAlgorithm signatureAlgorithm;
    private KeyEncryptionAlgorithm keyEncryptionAlgorithm;
    private BlockEncryptionAlgorithm blockEncryptionAlgorithm;
    private String keyId;
    private String nestedKeyId;
    private String sharedSecret;
    private JSONObject jsonWebKeys;
    private byte[] sharedSymmetricKey;
    private String nestedSharedSecret;
    private JSONObject nestedJsonWebKeys;
    private AbstractCryptoProvider cryptoProvider;

    public RedirectUri(String str) {
        this.baseRedirectUri = str;
        this.responseMode = ResponseMode.QUERY;
        this.responseParameters = new HashMap();
    }

    public RedirectUri(String str, List<ResponseType> list, ResponseMode responseMode) {
        this(str);
        this.responseTypes = list;
        this.responseMode = responseMode;
    }

    public String getBaseRedirectUri() {
        return this.baseRedirectUri;
    }

    public void setBaseRedirectUri(String str) {
        this.baseRedirectUri = str;
    }

    public ResponseMode getResponseMode() {
        return this.responseMode;
    }

    public void setResponseMode(ResponseMode responseMode) {
        this.responseMode = responseMode;
    }

    public void addResponseParameter(String str, String str2) {
        if (StringUtils.isNotBlank(str)) {
            this.responseParameters.put(str, str2);
        }
    }

    public void addResponseParameterIfNotBlank(String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            addResponseParameter(str, str2);
        }
    }

    @Nullable
    public String getResponseParameter(@NotNull String str) {
        return this.responseParameters.get(str);
    }

    public int getResponseParamentersSize() {
        if (this.responseParameters != null) {
            return this.responseParameters.size();
        }
        return 0;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public String getAudience() {
        return this.audience;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public int getAuthorizationCodeLifetime() {
        return this.authorizationCodeLifetime;
    }

    public void setAuthorizationCodeLifetime(int i) {
        this.authorizationCodeLifetime = i;
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        this.signatureAlgorithm = signatureAlgorithm;
    }

    public KeyEncryptionAlgorithm getKeyEncryptionAlgorithm() {
        return this.keyEncryptionAlgorithm;
    }

    public void setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
        this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
    }

    public BlockEncryptionAlgorithm getBlockEncryptionAlgorithm() {
        return this.blockEncryptionAlgorithm;
    }

    public void setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm blockEncryptionAlgorithm) {
        this.blockEncryptionAlgorithm = blockEncryptionAlgorithm;
    }

    public String getKeyId() {
        return this.keyId;
    }

    public void setKeyId(String str) {
        this.keyId = str;
    }

    public String getNestedKeyId() {
        return this.nestedKeyId;
    }

    public void setNestedKeyId(String str) {
        this.nestedKeyId = str;
    }

    public String getSharedSecret() {
        return this.sharedSecret;
    }

    public void setSharedSecret(String str) {
        this.sharedSecret = str;
    }

    public JSONObject getJsonWebKeys() {
        return this.jsonWebKeys;
    }

    public void setJsonWebKeys(JSONObject jSONObject) {
        this.jsonWebKeys = jSONObject;
    }

    public byte[] getSharedSymmetricKey() {
        return this.sharedSymmetricKey;
    }

    public void setSharedSymmetricKey(byte[] bArr) {
        this.sharedSymmetricKey = bArr;
    }

    public String getNestedSharedSecret() {
        return this.nestedSharedSecret;
    }

    public void setNestedSharedSecret(String str) {
        this.nestedSharedSecret = str;
    }

    public JSONObject getNestedJsonWebKeys() {
        return this.nestedJsonWebKeys;
    }

    public void setNestedJsonWebKeys(JSONObject jSONObject) {
        this.nestedJsonWebKeys = jSONObject;
    }

    public AbstractCryptoProvider getCryptoProvider() {
        return this.cryptoProvider;
    }

    public void setCryptoProvider(AbstractCryptoProvider abstractCryptoProvider) {
        this.cryptoProvider = abstractCryptoProvider;
    }

    public void parseQueryString(String str) {
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "&", false);
            while (stringTokenizer.hasMoreElements()) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextElement().toString(), "=", false);
                if (stringTokenizer2.countTokens() == 1) {
                    this.responseParameters.put(stringTokenizer2.nextElement().toString(), null);
                } else if (stringTokenizer2.countTokens() == 2) {
                    try {
                        this.responseParameters.put(stringTokenizer2.nextElement().toString(), URLDecoder.decode(stringTokenizer2.nextElement().toString(), "UTF-8"));
                    } catch (UnsupportedEncodingException e) {
                        e.printStackTrace();
                    }
                }
            }
        }
    }

    public String getQueryString() {
        StringBuilder sb = new StringBuilder();
        try {
            if (this.responseMode == ResponseMode.JWT || this.responseMode == ResponseMode.QUERY_JWT || this.responseMode == ResponseMode.FRAGMENT_JWT) {
                String jarmResponse = getJarmResponse();
                sb.append(URLEncoder.encode("response", "UTF-8"));
                sb.append('=').append(URLEncoder.encode(jarmResponse, "UTF-8"));
            } else if (this.responseMode == ResponseMode.FORM_POST_JWT) {
                sb.append(getJarmResponse());
            } else {
                for (Map.Entry<String, String> entry : this.responseParameters.entrySet()) {
                    if (StringUtils.isNotBlank(entry.getKey()) && StringUtils.isNotBlank(entry.getValue())) {
                        if (sb.length() > 0) {
                            sb.append('&');
                        }
                        sb.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
                        sb.append('=').append(URLEncoder.encode(entry.getValue(), "UTF-8"));
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return sb.toString();
    }

    private String getJarmResponse() throws InvalidJweException, InvalidJwtException, CryptoProviderException {
        if (this.keyEncryptionAlgorithm != null && this.blockEncryptionAlgorithm != null) {
            return this.signatureAlgorithm != null ? getJweResponse(getJwsResponse(true)) : getJweResponse(null);
        }
        if (this.signatureAlgorithm == null) {
            this.signatureAlgorithm = SignatureAlgorithm.RS256;
        }
        return getJwsResponse(false);
    }

    private String getJwsResponse(boolean z) throws InvalidJwtException, CryptoProviderException {
        Jwt jwt = new Jwt();
        jwt.getHeader().setType(JwtType.JWT);
        jwt.getHeader().setAlgorithm(this.signatureAlgorithm);
        if (z) {
            if (this.nestedKeyId != null) {
                jwt.getHeader().setKeyId(this.nestedKeyId);
            }
        } else if (this.keyId != null) {
            jwt.getHeader().setKeyId(this.keyId);
        }
        jwt.getClaims().setClaim("iss", this.issuer);
        jwt.getClaims().setClaim("aud", this.audience);
        if (this.responseParameters.containsKey("expires_in")) {
            jwt.getClaims().setClaim("exp", this.responseParameters.get("expires_in"));
        } else {
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, this.authorizationCodeLifetime);
            jwt.getClaims().setClaim("exp", calendar.getTime());
        }
        for (Map.Entry<String, String> entry : this.responseParameters.entrySet()) {
            jwt.getClaims().setClaim(entry.getKey(), entry.getValue());
        }
        jwt.setEncodedSignature(this.cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), z ? this.nestedSharedSecret : this.sharedSecret, this.signatureAlgorithm));
        return jwt.toString();
    }

    private String getJweResponse(String str) throws InvalidJweException, InvalidJwtException, CryptoProviderException {
        Jwe jwe = new Jwe();
        jwe.getHeader().setType(JwtType.JWT);
        jwe.getHeader().setAlgorithm(this.keyEncryptionAlgorithm);
        jwe.getHeader().setEncryptionMethod(this.blockEncryptionAlgorithm);
        if (str == null) {
            jwe.getClaims().setClaim("iss", this.issuer);
            jwe.getClaims().setClaim("aud", this.audience);
            if (this.responseParameters.containsKey("expires_in")) {
                jwe.getClaims().setClaim("exp", this.responseParameters.get("expires_in"));
            } else {
                Calendar calendar = Calendar.getInstance();
                calendar.add(13, this.authorizationCodeLifetime);
                jwe.getClaims().setClaim("exp", calendar.getTime());
            }
            for (Map.Entry<String, String> entry : this.responseParameters.entrySet()) {
                jwe.getClaims().setClaim(entry.getKey(), entry.getValue());
            }
        } else {
            jwe.setSignedJWTPayload(Jwt.parse(str));
        }
        if (this.keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || this.keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
            PublicKey publicKey = this.cryptoProvider.getPublicKey(this.keyId, this.jsonWebKeys, (Algorithm) null);
            if (publicKey == null) {
                throw new InvalidJweException("The public key is not valid");
            }
            jwe = new JweEncrypterImpl(this.keyEncryptionAlgorithm, this.blockEncryptionAlgorithm, publicKey).encrypt(jwe);
        } else if (this.keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || this.keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
            jwe = new JweEncrypterImpl(this.keyEncryptionAlgorithm, this.blockEncryptionAlgorithm, this.sharedSymmetricKey).encrypt(jwe);
        }
        return jwe.toString();
    }

    private void appendQuerySymbol(StringBuilder sb) {
        if (sb.toString().contains("?")) {
            sb.append("&");
        } else {
            sb.append("?");
        }
    }

    private void appendFragmentSymbol(StringBuilder sb) {
        if (sb.toString().contains("#")) {
            sb.append("&");
        } else {
            sb.append("#");
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(this.baseRedirectUri);
        if (this.responseParameters.isEmpty()) {
            return sb.toString();
        }
        if (this.responseMode == ResponseMode.FORM_POST) {
            sb = new StringBuilder();
            sb.append("<html>");
            sb.append("<head><title>Submit This Form</title></head>");
            sb.append("<body onload=\"javascript:document.forms[0].submit()\">");
            sb.append("<form method=\"post\" action=\"").append(this.baseRedirectUri).append("\">");
            for (Map.Entry<String, String> entry : this.responseParameters.entrySet()) {
                String escapeHtml4 = StringEscapeUtils.escapeHtml4(entry.getKey());
                sb.append("<input type=\"hidden\" name=\"").append(escapeHtml4).append("\" value=\"").append(StringEscapeUtils.escapeHtml4(entry.getValue())).append("\"/>");
            }
            sb.append("</form>");
            sb.append("</body>");
            sb.append("</html>");
        } else if (this.responseMode == ResponseMode.FORM_POST_JWT) {
            sb = new StringBuilder();
            sb.append("<html>");
            sb.append("<head><title>Submit This Form</title></head>");
            sb.append("<body onload=\"javascript:document.forms[0].submit()\">");
            sb.append("<form method=\"post\" action=\"").append(this.baseRedirectUri).append("\">");
            sb.append("<input type=\"hidden\" name=\"response\"").append(" value=\"").append(getQueryString()).append("\"/>");
            sb.append("</form>");
            sb.append("</body>");
            sb.append("</html>");
        } else if (this.responseMode == ResponseMode.QUERY || this.responseMode == ResponseMode.QUERY_JWT) {
            appendQuerySymbol(sb);
            sb.append(getQueryString());
        } else if (this.responseMode == ResponseMode.FRAGMENT || this.responseMode == ResponseMode.FRAGMENT_JWT) {
            appendFragmentSymbol(sb);
            sb.append(getQueryString());
        } else if (this.responseTypes == null || this.responseMode != ResponseMode.JWT) {
            appendDefaultToString(sb);
        } else {
            if (this.responseTypes.contains(ResponseType.TOKEN)) {
                appendFragmentSymbol(sb);
            } else if (this.responseTypes.contains(ResponseType.CODE)) {
                appendQuerySymbol(sb);
            }
            sb.append(getQueryString());
        }
        return sb.toString();
    }

    private void appendDefaultToString(StringBuilder sb) {
        if (this.responseMode == null) {
            if (this.responseTypes == null || !(this.responseTypes.contains(ResponseType.TOKEN) || this.responseTypes.contains(ResponseType.ID_TOKEN))) {
                appendQuerySymbol(sb);
            } else {
                appendFragmentSymbol(sb);
            }
        }
        sb.append(getQueryString());
    }
}
