package org.mitre.openid.connect.client.service.impl;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.net.URISyntaxException;
import java.util.Map;
import org.apache.http.client.utils.URIBuilder;
import org.gwtbootstrap3.client.ui.constants.ElementTags;
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;

/* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.3.0.jar:org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.class */
public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
    private JWKSetCacheService encrypterService;
    private JWEAlgorithm alg;
    private EncryptionMethod enc;

    @Override // org.mitre.openid.connect.client.service.AuthRequestUrlBuilder
    public String buildAuthRequestUrl(ServerConfiguration serverConfiguration, RegisteredClient registeredClient, String str, String str2, String str3, Map<String, String> map, String str4) {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.claim(OAuth2Utils.RESPONSE_TYPE, ElementTags.CODE);
        builder.claim("client_id", registeredClient.getClientId());
        builder.claim("scope", Joiner.on(" ").join(registeredClient.getScope()));
        builder.claim(OAuth2Utils.REDIRECT_URI, str);
        builder.claim("nonce", str2);
        builder.claim("state", str3);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            builder.claim(entry.getKey(), entry.getValue());
        }
        if (!Strings.isNullOrEmpty(str4)) {
            builder.claim("login_hint", str4);
        }
        EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(this.alg, this.enc), builder.build());
        this.encrypterService.getEncrypter(serverConfiguration.getJwksUri()).encryptJwt(encryptedJWT);
        try {
            URIBuilder uRIBuilder = new URIBuilder(serverConfiguration.getAuthorizationEndpointUri());
            uRIBuilder.addParameter("request", encryptedJWT.serialize());
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            throw new AuthenticationServiceException("Malformed Authorization Endpoint Uri", e);
        }
    }

    public JWKSetCacheService getEncrypterService() {
        return this.encrypterService;
    }

    public void setEncrypterService(JWKSetCacheService jWKSetCacheService) {
        this.encrypterService = jWKSetCacheService;
    }

    public JWEAlgorithm getAlg() {
        return this.alg;
    }

    public void setAlg(JWEAlgorithm jWEAlgorithm) {
        this.alg = jWEAlgorithm;
    }

    public EncryptionMethod getEnc() {
        return this.enc;
    }

    public void setEnc(EncryptionMethod encryptionMethod) {
        this.enc = encryptionMethod;
    }
}
