package com.bornium.security.oauth2openid.responsegenerators;

import com.bornium.http.Exchange;
import com.bornium.security.oauth2openid.Constants;
import com.bornium.security.oauth2openid.Util;
import com.bornium.security.oauth2openid.permissions.ClaimsParameter;
import com.bornium.security.oauth2openid.providers.TimingProvider;
import com.bornium.security.oauth2openid.server.ServerServices;
import com.bornium.security.oauth2openid.server.TimingContext;
import com.bornium.security.oauth2openid.token.Token;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/oauth2-openid-1.2.0.jar:com/bornium/security/oauth2openid/responsegenerators/TokenResponseGenerator.class */
public class TokenResponseGenerator extends ResponseGenerator {
    private TimingProvider timingProvider;

    public TokenResponseGenerator(ServerServices serverServices, Exchange exchange) {
        super(serverServices, exchange, "token", "id_token");
        this.timingProvider = serverServices.getProvidedServices().getTimingProvider();
    }

    @Override // com.bornium.security.oauth2openid.responsegenerators.ResponseGenerator
    public Map<String, String> invokeResponse() throws Exception {
        String value = getSession().getValue("username");
        String value2 = getSession().getValue("client_id");
        String value3 = getSession().getValue("scope");
        String value4 = getSession().getValue("claims");
        String value5 = getSession().getValue("authorization_code");
        String value6 = getSession().getValue("grant_type");
        String value7 = getSession().getValue("refresh_token");
        String value8 = getSession().getValue("state");
        String value9 = getSession().getValue("redirect_uri");
        String value10 = getSession().getValue("nonce");
        HashSet hashSet = new HashSet(Arrays.asList(getSession().getValue("response_type").split(Pattern.quote(" "))));
        Token orCreateParentToken = getOrCreateParentToken(value, value2, value3, value4, value5, value7, value9, value10);
        if (value == null && orCreateParentToken.getUsername() != null) {
            value = orCreateParentToken.getUsername();
        }
        if (value4 == null && orCreateParentToken.getClaims() != null) {
            value4 = orCreateParentToken.getClaims();
        }
        HashMap hashMap = new HashMap();
        createIdTokenIfNeeded(value, value2, value3, value4, value5, hashSet, orCreateParentToken, hashMap, createAccessTokenIfNeeded(value6, hashSet, orCreateParentToken, hashMap));
        hashMap.put("state", value8);
        orCreateParentToken.incrementUsage();
        return hashMap;
    }

    private void createIdTokenIfNeeded(String str, String str2, String str3, String str4, String str5, Set<String> set, Token token, Map<String, String> map, String str6) throws Exception {
        if (set.contains("id_token") && isOpenIdScope()) {
            String value = getSession().getValue("auth_time");
            String nonce = token.getNonce();
            Set<String> allIdTokenClaimNames = new ClaimsParameter(str4).getAllIdTokenClaimNames();
            allIdTokenClaimNames.addAll(getServerServices().getSupportedScopes().getClaimsForScope(str3));
            Map<String, Object> claims = getServerServices().getProvidedServices().getUserDataProvider().getClaims(str, getServerServices().getSupportedClaims().getValidClaims(allIdTokenClaimNames));
            claims.put(Constants.CLAIM_AT_HASH, Util.halfHashFromValue("SHA-256", str6));
            claims.put(Constants.CLAIM_C_HASH, Util.halfHashFromValue("SHA-256", str5));
            claims.put("nonce", nonce);
            claims.put("auth_time", value);
            map.put("id_token", getTokenManager().addTokenToManager(getTokenManager().getIdTokens(), getServerServices().getTokenManager().createChildIdToken(getIssuer(), getSubClaim(str), str2, this.timingProvider.getShortTokenValidFor(new TimingContext(str2)), value, nonce, claims, token)).getValue());
        }
    }

    private String createAccessTokenIfNeeded(String str, Set<String> set, Token token, Map<String, String> map) {
        String str2 = null;
        if (set.contains("token")) {
            Token addTokenToManager = getTokenManager().addTokenToManager(getTokenManager().getAccessTokens(), getTokenManager().createChildBearerTokenWithDefaultDuration(token));
            Token addTokenToManager2 = getTokenManager().addTokenToManager(getTokenManager().getRefreshTokens(), getTokenManager().createChildBearerToken(this.timingProvider.getRefreshTokenValidFor(new TimingContext(token.getClientId())), token));
            map.put("access_token", addTokenToManager.getValue());
            map.put(Constants.PARAMETER_TOKEN_TYPE, Constants.PARAMETER_VALUE_BEARER);
            map.put(Constants.PARAMETER_EXPIRES_IN, String.valueOf(addTokenToManager.getValidFor().getSeconds()));
            if (str != null && !str.equals("token") && !str.equals(Constants.PARAMETER_VALUE_CLIENT_CREDENTIALS)) {
                map.put("refresh_token", addTokenToManager2.getValue());
            }
            str2 = addTokenToManager.getValue();
        }
        return str2;
    }

    private Token getOrCreateParentToken(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws Exception {
        Token token;
        if (str6 != null) {
            token = getTokenManager().getRefreshTokens().getToken(str6);
            getSession().removeValue("refresh_token");
        } else if (invokingEndpointIsAuthorizationEndpoint() || str5 == null) {
            Token createBearerTokenWithDefaultDuration = getTokenManager().createBearerTokenWithDefaultDuration(str, str2, str4, str3, str7, str8);
            getTokenManager().getAuthorizationCodes().addToken(createBearerTokenWithDefaultDuration);
            token = getTokenManager().getAuthorizationCodes().getToken(createBearerTokenWithDefaultDuration.getValue());
        } else {
            token = getTokenManager().getAuthorizationCodes().getToken(str5);
            getSession().removeValue("authorization_code");
        }
        return token;
    }

    private boolean invokingEndpointIsAuthorizationEndpoint() throws Exception {
        return getSession().getValue(Constants.SESSION_ENDPOINT).equals(Constants.ENDPOINT_AUTHORIZATION);
    }

    private String getSubClaim(String str) {
        return getServerServices().getProvidedServices().getUserDataProvider().getSubClaim(str);
    }

    private String getIssuer() {
        return getServerServices().getProvidedServices().getIssuer();
    }

    private boolean isOpenIdScope() throws Exception {
        String value = getSession().getValue("scope");
        return value != null && value.contains(Constants.SCOPE_OPENID);
    }
}
