package org.xdi.oxauth.client;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.SignatureException;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.xdi.oxauth.model.authorize.AuthorizeRequestParam;
import org.xdi.oxauth.model.authorize.AuthorizeResponseParam;
import org.xdi.oxauth.model.common.AuthenticationMethod;
import org.xdi.oxauth.model.common.GrantType;
import org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.RSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.jws.ECDSASigner;
import org.xdi.oxauth.model.jws.HMACSigner;
import org.xdi.oxauth.model.jws.RSASigner;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtType;
import org.xdi.oxauth.model.token.ClientAssertionType;
import org.xdi.oxauth.model.uma.UmaScopeType;

/* loaded from: input_file:org/xdi/oxauth/client/TokenRequest.class */
public class TokenRequest extends BaseRequest {
    private GrantType grantType;
    private String code;
    private String redirectUri;
    private String username;
    private String password;
    private String scope;
    private String assertion;
    private String refreshToken;
    private String oxAuthExchangeToken;
    private String audience;
    private String codeVerifier;
    private SignatureAlgorithm algorithm;
    private String sharedKey;
    private RSAPrivateKey rsaPrivateKey;
    private ECDSAPrivateKey ecPrivateKey;
    private String keyId;

    /* loaded from: input_file:org/xdi/oxauth/client/TokenRequest$Builder.class */
    public static class Builder {
        private GrantType grantType;
        private String scope;

        public Builder grantType(GrantType grantType) {
            this.grantType = grantType;
            return this;
        }

        public Builder scope(String str) {
            this.scope = str;
            return this;
        }

        public Builder pat(String... strArr) {
            String value = UmaScopeType.PROTECTION.getValue();
            if (strArr != null && strArr.length > 0) {
                for (String str : strArr) {
                    value = value + " " + str;
                }
            }
            return scope(value);
        }

        public Builder aat(String... strArr) {
            String value = UmaScopeType.AUTHORIZATION.getValue();
            if (strArr != null && strArr.length > 0) {
                for (String str : strArr) {
                    value = value + " " + str;
                }
            }
            return scope(value);
        }

        public TokenRequest build() {
            TokenRequest tokenRequest = new TokenRequest(this.grantType);
            tokenRequest.setScope(this.scope);
            return tokenRequest;
        }
    }

    public TokenRequest(GrantType grantType) {
        this.grantType = grantType;
        setContentType("application/x-www-form-urlencoded");
        setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Builder umaBuilder() {
        return new Builder().grantType(GrantType.CLIENT_CREDENTIALS);
    }

    public GrantType getGrantType() {
        return this.grantType;
    }

    public void setGrantType(GrantType grantType) {
        this.grantType = grantType;
    }

    public String getCode() {
        return this.code;
    }

    public void setCode(String str) {
        this.code = str;
    }

    public String getCodeVerifier() {
        return this.codeVerifier;
    }

    public void setCodeVerifier(String str) {
        this.codeVerifier = str;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public String getAssertion() {
        return this.assertion;
    }

    public void setAssertion(String str) {
        this.assertion = str;
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    public String getOxAuthExchangeToken() {
        return this.oxAuthExchangeToken;
    }

    public void setOxAuthExchangeToken(String str) {
        this.oxAuthExchangeToken = str;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public void setAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        this.algorithm = signatureAlgorithm;
    }

    public void setSharedKey(String str) {
        this.sharedKey = str;
    }

    public void setRsaPrivateKey(RSAPrivateKey rSAPrivateKey) {
        this.rsaPrivateKey = rSAPrivateKey;
    }

    public void setEcPrivateKey(ECDSAPrivateKey eCDSAPrivateKey) {
        this.ecPrivateKey = eCDSAPrivateKey;
    }

    public String getKeyId() {
        return this.keyId;
    }

    public void setKeyId(String str) {
        this.keyId = str;
    }

    public String getClientAssertion() {
        Jwt jwt = new Jwt();
        if (this.algorithm == null) {
            this.algorithm = SignatureAlgorithm.HS256;
        }
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        Date time = gregorianCalendar.getTime();
        gregorianCalendar.add(12, 5);
        Date time2 = gregorianCalendar.getTime();
        jwt.getHeader().setType(JwtType.JWT);
        jwt.getHeader().setAlgorithm(this.algorithm);
        if (StringUtils.isNotBlank(this.keyId)) {
            jwt.getHeader().setKeyId(this.keyId);
        }
        jwt.getClaims().setIssuer(getAuthUsername());
        jwt.getClaims().setSubjectIdentifier(getAuthUsername());
        jwt.getClaims().setAudience(this.audience);
        jwt.getClaims().setJwtId(UUID.randomUUID());
        jwt.getClaims().setExpirationTime(time2);
        jwt.getClaims().setIssuedAt(time);
        try {
            if (this.algorithm == SignatureAlgorithm.HS256 || this.algorithm == SignatureAlgorithm.HS384 || this.algorithm == SignatureAlgorithm.HS512) {
                if (this.sharedKey == null) {
                    this.sharedKey = getAuthPassword();
                }
                jwt = new HMACSigner(this.algorithm, this.sharedKey).sign(jwt);
            } else if (this.algorithm == SignatureAlgorithm.RS256 || this.algorithm == SignatureAlgorithm.RS384 || this.algorithm == SignatureAlgorithm.RS512) {
                jwt = new RSASigner(this.algorithm, this.rsaPrivateKey).sign(jwt);
            } else if (this.algorithm == SignatureAlgorithm.ES256 || this.algorithm == SignatureAlgorithm.ES384 || this.algorithm == SignatureAlgorithm.ES512) {
                jwt = new ECDSASigner(this.algorithm, this.ecPrivateKey).sign(jwt);
            }
            return jwt.toString();
        } catch (SignatureException e) {
            return null;
        } catch (InvalidJwtException e2) {
            return null;
        }
    }

    @Override // org.xdi.oxauth.client.BaseRequest
    public String getQueryString() {
        StringBuilder sb = new StringBuilder();
        try {
            if (this.grantType != null) {
                sb.append("grant_type=").append(this.grantType.toString());
            }
            if (this.code != null && !this.code.isEmpty()) {
                sb.append("&");
                sb.append("code=").append(this.code);
            }
            if (this.redirectUri != null && !this.redirectUri.isEmpty()) {
                sb.append("&");
                sb.append("redirect_uri=").append(URLEncoder.encode(this.redirectUri, "UTF-8"));
            }
            if (this.scope != null && !this.scope.isEmpty()) {
                sb.append("&");
                sb.append("scope=").append(URLEncoder.encode(this.scope, "UTF-8"));
            }
            if (this.username != null && !this.username.isEmpty()) {
                sb.append("&");
                sb.append("username=").append(this.username);
            }
            if (this.password != null && !this.password.isEmpty()) {
                sb.append("&");
                sb.append("password=").append(this.password);
            }
            if (this.assertion != null && !this.assertion.isEmpty()) {
                sb.append("&");
                sb.append("assertion=").append(this.assertion);
            }
            if (this.refreshToken != null && !this.refreshToken.isEmpty()) {
                sb.append("&");
                sb.append("refresh_token=").append(this.refreshToken);
            }
            if (this.oxAuthExchangeToken != null && !this.oxAuthExchangeToken.isEmpty()) {
                sb.append("&");
                sb.append("oxauth_exchange_token=").append(this.oxAuthExchangeToken);
            }
            if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_POST) {
                if (getAuthUsername() != null && !getAuthUsername().isEmpty()) {
                    sb.append("&");
                    sb.append("client_id=").append(URLEncoder.encode(getAuthUsername(), "UTF-8"));
                }
                if (getAuthPassword() != null && !getAuthPassword().isEmpty()) {
                    sb.append("&");
                    sb.append("client_secret=").append(URLEncoder.encode(getAuthPassword(), "UTF-8"));
                }
            } else if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_JWT || getAuthenticationMethod() == AuthenticationMethod.PRIVATE_KEY_JWT) {
                sb.append("&client_assertion_type=").append(URLEncoder.encode(ClientAssertionType.JWT_BEARER.toString(), "UTF-8"));
                sb.append("&");
                sb.append("client_assertion=").append(getClientAssertion());
            }
            for (String str : getCustomParameters().keySet()) {
                sb.append("&");
                sb.append(str).append("=").append(getCustomParameters().get(str));
            }
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return sb.toString();
    }

    @Override // org.xdi.oxauth.client.BaseRequest
    public Map<String, String> getParameters() {
        HashMap hashMap = new HashMap();
        if (this.grantType != null) {
            hashMap.put("grant_type", this.grantType.toString());
        }
        if (this.code != null && !this.code.isEmpty()) {
            hashMap.put(AuthorizeResponseParam.CODE, this.code);
        }
        if (this.redirectUri != null && !this.redirectUri.isEmpty()) {
            hashMap.put(AuthorizeRequestParam.REDIRECT_URI, this.redirectUri);
        }
        if (this.username != null && !this.username.isEmpty()) {
            hashMap.put("username", this.username);
        }
        if (this.password != null && !this.password.isEmpty()) {
            hashMap.put("password", this.password);
        }
        if (this.scope != null && !this.scope.isEmpty()) {
            hashMap.put("scope", this.scope);
        }
        if (this.assertion != null && !this.assertion.isEmpty()) {
            hashMap.put("assertion", this.assertion);
        }
        if (this.refreshToken != null && !this.refreshToken.isEmpty()) {
            hashMap.put("refresh_token", this.refreshToken);
        }
        if (this.oxAuthExchangeToken != null && !this.oxAuthExchangeToken.isEmpty()) {
            hashMap.put("oxauth_exchange_token", this.oxAuthExchangeToken);
        }
        if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_POST) {
            if (getAuthUsername() != null && !getAuthUsername().isEmpty()) {
                hashMap.put(AuthorizeRequestParam.CLIENT_ID, getAuthUsername());
            }
            if (getAuthPassword() != null && !getAuthPassword().isEmpty()) {
                hashMap.put("client_secret", getAuthPassword());
            }
        } else if (getAuthenticationMethod() == AuthenticationMethod.CLIENT_SECRET_JWT || getAuthenticationMethod() == AuthenticationMethod.PRIVATE_KEY_JWT) {
            hashMap.put("client_assertion_type", ClientAssertionType.JWT_BEARER.toString());
            hashMap.put("client_assertion", getClientAssertion());
        }
        for (String str : getCustomParameters().keySet()) {
            hashMap.put(str, getCustomParameters().get(str));
        }
        return hashMap;
    }
}
