package org.gluu.oxauth.client;

import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.gluu.oxauth.model.ciba.BackchannelAuthenticationRequestParam;
import org.gluu.oxauth.model.common.AuthenticationMethod;
import org.gluu.oxauth.model.crypto.AbstractCryptoProvider;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.jwt.JwtType;
import org.gluu.oxauth.model.token.ClientAssertionType;
import org.gluu.oxauth.model.util.QueryBuilder;

/* loaded from: input_file:org/gluu/oxauth/client/ClientAuthnRequest.class */
public abstract class ClientAuthnRequest extends BaseRequest {
    private static final Logger LOG = Logger.getLogger(ClientAuthnRequest.class);
    private SignatureAlgorithm algorithm;
    private String sharedKey;
    private String audience;
    private AbstractCryptoProvider cryptoProvider;
    private String keyId;

    public AbstractCryptoProvider getCryptoProvider() {
        return this.cryptoProvider;
    }

    public void setCryptoProvider(AbstractCryptoProvider abstractCryptoProvider) {
        this.cryptoProvider = abstractCryptoProvider;
    }

    public String getKeyId() {
        return this.keyId;
    }

    public void setKeyId(String str) {
        this.keyId = str;
    }

    public SignatureAlgorithm getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        this.algorithm = signatureAlgorithm;
    }

    public String getSharedKey() {
        return this.sharedKey;
    }

    public void setSharedKey(String str) {
        this.sharedKey = str;
    }

    public String getAudience() {
        return this.audience;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public void appendClientAuthnToQuery(QueryBuilder queryBuilder) {
        if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_POST) {
            queryBuilder.append("client_id", getAuthUsername());
            queryBuilder.append(BackchannelAuthenticationRequestParam.CLIENT_SECRET, getAuthPassword());
        } else if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_JWT || getAuthenticationMethod() == AuthenticationMethod.PRIVATE_KEY_JWT) {
            queryBuilder.append(BackchannelAuthenticationRequestParam.CLIENT_ASSERTION_TYPE, ClientAssertionType.JWT_BEARER.toString());
            queryBuilder.append(BackchannelAuthenticationRequestParam.CLIENT_ASSERTION, getClientAssertion());
        }
    }

    public String getClientAssertion() {
        if (this.cryptoProvider == null) {
            LOG.error("Crypto provider is not specified");
            return null;
        }
        if (this.algorithm == null) {
            this.algorithm = SignatureAlgorithm.HS256;
        }
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        Date time = gregorianCalendar.getTime();
        gregorianCalendar.add(12, 5);
        Date time2 = gregorianCalendar.getTime();
        Jwt jwt = new Jwt();
        jwt.getHeader().setType(JwtType.JWT);
        jwt.getHeader().setAlgorithm(this.algorithm);
        if (StringUtils.isNotBlank(this.keyId)) {
            jwt.getHeader().setKeyId(this.keyId);
        }
        jwt.getClaims().setIssuer(getAuthUsername());
        jwt.getClaims().setSubjectIdentifier(getAuthUsername());
        jwt.getClaims().setAudience(this.audience);
        jwt.getClaims().setJwtId(UUID.randomUUID());
        jwt.getClaims().setExpirationTime(time2);
        jwt.getClaims().setIssuedAt(time);
        try {
            if (this.sharedKey == null) {
                this.sharedKey = getAuthPassword();
            }
            jwt.setEncodedSignature(this.cryptoProvider.sign(jwt.getSigningInput(), this.keyId, this.sharedKey, this.algorithm));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        return jwt.toString();
    }
}
