package io.jans.ca.server.op;

import com.google.inject.Injector;
import io.dropwizard.util.Strings;
import io.jans.as.model.authorize.AuthorizeRequestParam;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtType;
import io.jans.ca.common.Command;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.params.GetRequestObjectUriParams;
import io.jans.ca.common.response.GetRequestObjectUriResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.service.Rp;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/GetRequestObjectUriOperation.class */
public class GetRequestObjectUriOperation extends BaseOperation<GetRequestObjectUriParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetRequestObjectUriOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetRequestObjectUriOperation(Command command, Injector injector) {
        super(command, injector, GetRequestObjectUriParams.class);
    }

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetRequestObjectUriParams getRequestObjectUriParams) {
        try {
            validate(getRequestObjectUriParams);
            Rp rp = getRp();
            SignatureAlgorithm fromString = SignatureAlgorithm.fromString(getRequestObjectUriParams.getRequestObjectSigningAlg()) != null ? SignatureAlgorithm.fromString(getRequestObjectUriParams.getRequestObjectSigningAlg()) : SignatureAlgorithm.fromString(rp.getRequestObjectSigningAlg());
            if (fromString == null) {
                LOG.error("`request_object_signing_alg` is required parameter in request. Please set this parameter if it is not set during client registration.");
                throw new HttpException(ErrorResponseCode.INVALID_ALGORITHM);
            }
            Jwt sign = getKeyGeneratorService().sign(createRequestObject(fromString, rp, getRequestObjectUriParams), rp.getClientSecret(), fromString);
            String uuid = UUID.randomUUID().toString();
            getRequestObjectService().put(uuid, sign.toString());
            String str = baseRequestUri(getRequestObjectUriParams.getRpHostUrl()) + uuid;
            LOG.trace("RequestObject created successfully. request_uri : {} ", str);
            GetRequestObjectUriResponse getRequestObjectUriResponse = new GetRequestObjectUriResponse();
            getRequestObjectUriResponse.setRequestUri(str);
            return getRequestObjectUriResponse;
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Error in creating `request_uri` response ", (Throwable) e2);
            throw new HttpException(ErrorResponseCode.FAILED_TO_GET_REQUEST_URI);
        }
    }

    public Jwt createRequestObject(SignatureAlgorithm signatureAlgorithm, Rp rp, GetRequestObjectUriParams getRequestObjectUriParams) {
        Jwt jwt = new Jwt();
        jwt.getHeader().setType(JwtType.JWT);
        try {
            jwt.getHeader().setAlgorithm(signatureAlgorithm);
            String keyId = getKeyGeneratorService().getKeyId(Algorithm.fromString(signatureAlgorithm.getName()), Use.SIGNATURE);
            if (keyId != null) {
                jwt.getHeader().setKeyId(keyId);
            }
        } catch (Exception e) {
            LOG.error("Error in generating key Id.", (Throwable) e);
        }
        jwt.getClaims().setIssuer(rp.getClientId());
        jwt.getClaims().setAudience(rp.getOpHost());
        jwt.getClaims().setJwtId(UUID.randomUUID().toString());
        jwt.getClaims().setClaim("client_id", rp.getClientId());
        jwt.getClaims().setIssuedAt(new Date());
        jwt.getClaims().setExpirationTime(Utils.addTimeToDate(new Date(), getConfigurationService().getConfiguration().getRequestObjectExpirationInMinutes(), 12));
        jwt.getClaims().setClaim(AuthorizeRequestParam.RESPONSE_TYPE, rp.getResponseTypes());
        jwt.getClaims().setClaim("rp_id", rp.getRpId());
        if (getRequestObjectUriParams.getParams() != null && !getRequestObjectUriParams.getParams().isEmpty()) {
            getRequestObjectUriParams.getParams().forEach((str, obj) -> {
                if (obj instanceof Map) {
                    jwt.getClaims().setClaim(str, new JSONObject((Map<?, ?>) obj));
                } else {
                    jwt.getClaims().setClaimObject(str, obj, true);
                }
            });
        }
        return jwt;
    }

    private void validate(GetRequestObjectUriParams getRequestObjectUriParams) {
        if (Strings.isNullOrEmpty(getRequestObjectUriParams.getRpHostUrl())) {
            LOG.error("'rp_host_url' is empty or not specified.");
            throw new HttpException(ErrorResponseCode.BAD_REQUEST_NO_RP_HOST);
        }
    }

    private String baseRequestUri(String str) {
        if (!str.startsWith("http")) {
            str = "https://" + str;
        }
        if (str.endsWith("/")) {
            str = StringUtils.removeEnd(str, "/");
        }
        return str + "/get-request-object/";
    }
}
