package net.bluemind.authentication.service.internal;

import io.vertx.core.json.JsonObject;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import net.bluemind.authentication.api.AccessTokenInfo;
import net.bluemind.authentication.service.OpenIdContext;
import net.bluemind.authentication.service.OpenIdContextCache;
import net.bluemind.core.rest.BmContext;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomains;
import net.bluemind.system.api.ExternalSystem;

/* loaded from: input_file:net/bluemind/authentication/service/internal/OpenIdPkceFlow.class */
public class OpenIdPkceFlow extends OpenIdFlow implements IOpenIdAuthFlow {
    /* JADX INFO: Access modifiers changed from: protected */
    public OpenIdPkceFlow(BmContext bmContext) {
        super(bmContext);
    }

    @Override // net.bluemind.authentication.service.internal.IOpenIdAuthFlow
    public AccessTokenInfo initalizeOpenIdAuthentication(ExternalSystem externalSystem, String str) {
        String str2 = externalSystem.identifier + "_endpoint";
        String str3 = externalSystem.identifier + "_appid";
        String str4 = externalSystem.identifier + "_secret";
        String str5 = externalSystem.identifier + "_tokenendpoint";
        Map map = ((Domain) ((IDomains) this.context.su().provider().instance(IDomains.class, new String[0])).get(this.context.getSecurityContext().getContainerUid()).value).properties;
        String uuid = UUID.randomUUID().toString();
        String generateCodeVerifier = generateCodeVerifier();
        String str6 = (String) map.get(str2);
        String str7 = (String) map.get(str3);
        String str8 = str + "/bm-openid/auth/" + externalSystem.identifier;
        String hash = hash(generateCodeVerifier);
        String str9 = (String) map.get(str4);
        String str10 = (String) map.get(str5);
        String str11 = externalSystem.properties.containsKey("scope") ? (String) externalSystem.properties.get("scope") : "openid";
        OpenIdContextCache.get(this.context).put(uuid, new OpenIdContext(uuid, hash, "S256", this.context.getSecurityContext().getContainerUid(), this.context.getSecurityContext().getSubject(), externalSystem.identifier, str10, str8, str7, str9, generateCodeVerifier, ExternalSystem.AuthKind.OPEN_ID_PKCE));
        return AccessTokenInfo.tokenNotValid(str6, str8, str7, uuid, hash, "S256", "code", String.format("%s?response_type=code&scope=%s&client_id=%s&state=%s&redirect_uri=%s&code_challenge=%s&code_challenge_method=S256", str6, URLEncoder.encode(str11, StandardCharsets.UTF_8), str7, uuid, URLEncoder.encode(str8, StandardCharsets.UTF_8), hash));
    }

    @Override // net.bluemind.authentication.service.internal.IOpenIdAuthFlow
    public JsonObject getAccessTokenByCode(String str, OpenIdContext openIdContext) throws OpenIdException {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("redirect_uri", openIdContext.internalRedirectUrl);
        hashMap.put("client_id", openIdContext.applicationId);
        hashMap.put("client_secret", openIdContext.clientSecret);
        hashMap.put("code_verifier", openIdContext.codeVerifier);
        hashMap.put("code", str);
        return postCall(openIdContext.tokenEndpoint, hashMap);
    }

    private String generateCodeVerifier() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private String hash(String str) {
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException unused) {
        }
        return org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(messageDigest.digest(str.getBytes()));
    }
}
