package com.predic8.membrane.core.interceptor.oauth2.flows;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.ClaimRenamer;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import com.predic8.membrane.core.interceptor.oauth2.tokengenerators.JwtGenerator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import org.codehaus.groovy.syntax.Types;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.2.jar:com/predic8/membrane/core/interceptor/oauth2/flows/IdTokenTokenFlow.class */
public class IdTokenTokenFlow extends OAuth2Flow {
    Client client;
    String username;
    String token;
    String idToken;
    TokenFlow tokenFlow;

    public IdTokenTokenFlow(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor, Exchange exchange, SessionManager.Session session) throws JoseException {
        super(oAuth2AuthorizationServerInterceptor, exchange, session);
        this.client = null;
        this.username = null;
        this.token = null;
        this.idToken = null;
        this.tokenFlow = null;
        synchronized (session) {
            this.client = oAuth2AuthorizationServerInterceptor.getClientList().getClient(this.session.getUserAttributes().get("client_id"));
            this.username = session.getUserName();
        }
        this.tokenFlow = new TokenFlow(oAuth2AuthorizationServerInterceptor, exchange, this.session);
        this.token = this.tokenFlow.generateAccessToken(this.client);
        this.idToken = createSignedIdToken();
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.flows.OAuth2Flow
    public Outcome getResponse() throws Exception {
        return respondWithTokensAndRedirect();
    }

    private Outcome respondWithTokensAndRedirect() throws IOException {
        this.tokenFlow.getResponse();
        addIdTokenToRedirect();
        return Outcome.RETURN;
    }

    private void addIdTokenToRedirect() {
        this.exc.getResponse().getHeader().setValue("Location", this.exc.getResponse().getHeader().getFirstValue("Location") + "&id_token=" + this.idToken);
    }

    private JwtGenerator.Claim[] getValidIdTokenClaims() {
        ClaimsParameter claimsParameter = new ClaimsParameter(this.authServer.getClaimList().getSupportedClaims(), this.session.getUserAttributes().get("claims"));
        ArrayList arrayList = new ArrayList();
        if (claimsParameter.hasClaims()) {
            Iterator<String> it = claimsParameter.getIdTokenClaims().iterator();
            while (it.hasNext()) {
                String next = it.next();
                arrayList.add(new JwtGenerator.Claim(next, this.session.getUserAttributes().get(ClaimRenamer.convert(next))));
            }
        }
        return (JwtGenerator.Claim[]) arrayList.toArray(new JwtGenerator.Claim[0]);
    }

    private String createSignedIdToken() throws JoseException {
        return getSignedIdToken(getValidIdTokenClaims());
    }

    private String getSignedIdToken(JwtGenerator.Claim... claimArr) throws JoseException {
        return this.authServer.getJwtGenerator().getSignedIdToken(this.authServer.getIssuer(), this.username, this.client.getClientId(), Types.KEYWORD_VOID, claimArr);
    }
}
