package net.trajano.openidconnect.jaspic.internal;

import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.json.JsonObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import net.trajano.openidconnect.core.OpenIdConnectKey;
import net.trajano.openidconnect.core.OpenIdProviderConfiguration;
import net.trajano.openidconnect.crypto.Encoding;
import net.trajano.openidconnect.crypto.JsonWebTokenProcessor;
import net.trajano.openidconnect.internal.CharSets;
import net.trajano.openidconnect.jaspic.OpenIdConnectAuthModule;

/* loaded from: input_file:openid-connect-jaspic-sample-1.0.1.war:WEB-INF/lib/openid-connect-jaspic-module-1.0.1.jar:net/trajano/openidconnect/jaspic/internal/ValidateContext.class */
public class ValidateContext {
    private static final String[] AUTH_COOKIE_NAMES = {OpenIdConnectAuthModule.NET_TRAJANO_AUTH_ID, OpenIdConnectAuthModule.NET_TRAJANO_AUTH_AGE, OpenIdConnectAuthModule.NET_TRAJANO_AUTH_NONCE};
    private final Client client;
    private final Subject clientSubject;
    private final String cookieContext;
    private final CallbackHandler handler;
    private final boolean mandatory;
    private OpenIdProviderConfiguration oidConfig;
    private final Map<String, String> options;
    private final HttpServletRequest req;
    private final HttpServletResponse resp;
    private SecretKey secret;
    private final TokenCookie tokenCookie;

    public ValidateContext(Client client, Subject subject, boolean z, Map<String, String> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TokenCookie tokenCookie, String str, CallbackHandler callbackHandler) {
        this.client = client;
        this.clientSubject = subject;
        this.mandatory = z;
        this.options = map;
        this.req = httpServletRequest;
        this.resp = httpServletResponse;
        this.tokenCookie = tokenCookie;
        this.handler = callbackHandler;
        if (Utils.isNullOrEmpty(str)) {
            this.cookieContext = httpServletRequest.getContextPath();
        } else {
            this.cookieContext = str;
        }
    }

    public void deleteAuthCookies() {
        for (String str : AUTH_COOKIE_NAMES) {
            Cookie cookie = new Cookie(str, "");
            cookie.setMaxAge(0);
            cookie.setSecure(true);
            cookie.setPath(this.cookieContext);
            this.resp.addCookie(cookie);
        }
    }

    public void deleteCookie(String str) {
        Cookie cookie = new Cookie(str, "");
        cookie.setMaxAge(0);
        cookie.setSecure(true);
        cookie.setPath(this.cookieContext);
        this.resp.addCookie(cookie);
    }

    public Client getClient() {
        return this.client;
    }

    public Subject getClientSubject() {
        return this.clientSubject;
    }

    public String getCookie(String str) {
        Cookie[] cookies = this.req.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    public CallbackHandler getHandler() {
        return this.handler;
    }

    public JsonObject getIdToken() throws IOException, GeneralSecurityException {
        return new JsonWebTokenProcessor(this.tokenCookie.getIdTokenJwt()).signatureCheck(false).getJsonPayload();
    }

    public synchronized OpenIdProviderConfiguration getOpenIDProviderConfig() {
        if (this.oidConfig == null) {
            String str = this.options.get(OpenIdConnectAuthModule.ISSUER_URI_KEY);
            if (str == null) {
            }
            this.oidConfig = (OpenIdProviderConfiguration) this.client.target(URI.create(str).resolve("/.well-known/openid-configuration")).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(OpenIdProviderConfiguration.class);
        }
        return this.oidConfig;
    }

    public String getOption(String str) {
        return this.options.get(str);
    }

    public Map<String, String> getOptions() {
        return this.options;
    }

    public HttpServletRequest getReq() {
        return this.req;
    }

    public HttpServletResponse getResp() {
        return this.resp;
    }

    public synchronized SecretKey getSecret() throws GeneralSecurityException {
        if (this.secret == null) {
            this.secret = CipherUtil.buildSecretKey(this.options.get("client_id"), this.options.get(OpenIdConnectKey.CLIENT_SECRET));
        }
        return this.secret;
    }

    public TokenCookie getTokenCookie() {
        return this.tokenCookie;
    }

    public URI getUri(String str) {
        return URI.create(this.req.getRequestURL().toString()).resolve(this.options.get(str));
    }

    public boolean hasOption(String str) {
        return this.options.get(str) != null;
    }

    public boolean hasTokenCookie() {
        return this.tokenCookie != null;
    }

    public boolean isGetRequest() {
        return "GET".equals(this.req.getMethod());
    }

    public boolean isMandatory() {
        return this.mandatory;
    }

    public boolean isRequestUri(String str) {
        return this.req.getRequestURI().equals(this.options.get(str));
    }

    public boolean isSecure() {
        return this.req.isSecure();
    }

    public void redirectToState() throws IOException {
        String str = this.req.getContextPath() + Encoding.base64urlDecodeToString(this.req.getParameter(OpenIdConnectKey.STATE));
        if (!str.equals(this.options.get(OpenIdConnectAuthModule.LOGOUT_URI_KEY))) {
            this.resp.sendRedirect(this.resp.encodeRedirectURL(str));
        } else {
            Log.fine("state was the Logout URI, redirecting to context root", new Object[0]);
            this.resp.sendRedirect(this.resp.encodeRedirectURL(this.req.getContextPath()));
        }
    }

    public void saveAgeCookie() throws GeneralSecurityException, IOException {
        Cookie cookie = new Cookie(OpenIdConnectAuthModule.NET_TRAJANO_AUTH_AGE, Encoding.base64urlEncode(CipherUtil.encrypt(this.req.getRemoteAddr().getBytes(CharSets.US_ASCII), this.secret)));
        if (Utils.isNullOrEmpty(this.req.getParameter("expires_in"))) {
            cookie.setMaxAge(3600);
        } else {
            cookie.setMaxAge(Integer.parseInt(this.req.getParameter("expires_in")));
        }
        cookie.setPath(this.cookieContext);
        cookie.setSecure(true);
        cookie.setHttpOnly(true);
        this.resp.addCookie(cookie);
    }

    public void saveIdTokenCookie(TokenCookie tokenCookie) throws GeneralSecurityException {
        Cookie cookie = new Cookie(OpenIdConnectAuthModule.NET_TRAJANO_AUTH_ID, tokenCookie.toCookieValue(getSecret()));
        cookie.setMaxAge(-1);
        cookie.setSecure(true);
        cookie.setHttpOnly(true);
        cookie.setPath(this.cookieContext);
        this.resp.addCookie(cookie);
    }

    public void setContentType(String str) {
        this.resp.setContentType(str);
    }

    public WebTarget target(URI uri) {
        return this.client.target(uri);
    }
}
