package org.apache.sling.auth.oauth_client.impl;

import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.Cookie;
import org.apache.sling.commons.crypto.CryptoService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/RedirectHelper.class */
class RedirectHelper {
    static final String PARAMETER_NAME_REDIRECT = "redirect";
    private static final int COOKIE_MAX_AGE_SECONDS = 300;
    private static final Logger logger = LoggerFactory.getLogger(RedirectHelper.class);

    private RedirectHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static RedirectTarget buildRedirectTarget(@NotNull String[] strArr, @NotNull URI uri, @NotNull ResolvedConnection resolvedConnection, @NotNull OAuthCookieValue oAuthCookieValue, @NotNull CryptoService cryptoService) {
        Cookie buildCookie = buildCookie(findLongestPathMatching(strArr, uri.getPath()), OAuthCookieValue.COOKIE_NAME_REQUEST_KEY, cryptoService.encrypt(oAuthCookieValue.getValue()));
        AuthenticationRequest.Builder state = new AuthenticationRequest.Builder(ResponseType.CODE, new Scope((String[]) resolvedConnection.scopes().toArray(new String[0])), new ClientID(resolvedConnection.clientId()), uri).endpointURI(URI.create(resolvedConnection.authorizationEndpoint())).state(oAuthCookieValue.getState());
        if (oAuthCookieValue.nonce() != null) {
            state.nonce(oAuthCookieValue.nonce());
        }
        if (oAuthCookieValue.codeVerifier() != null) {
            state.codeChallenge(oAuthCookieValue.codeVerifier(), CodeChallengeMethod.S256);
        }
        for (String[] strArr2 : (List) resolvedConnection.additionalAuthorizationParameters().stream().map(str -> {
            return str.split("=");
        }).filter(strArr3 -> {
            return strArr3.length == 2;
        }).collect(Collectors.toList())) {
            state.customParameter(strArr2[0], new String[]{strArr2[1]});
        }
        return new RedirectTarget(state.build().toURI(), buildCookie);
    }

    @NotNull
    private static Cookie buildCookie(@Nullable String str, @NotNull String str2, @NotNull String str3) {
        Cookie cookie = new Cookie(str2, str3);
        cookie.setHttpOnly(true);
        cookie.setSecure(true);
        cookie.setMaxAge(COOKIE_MAX_AGE_SECONDS);
        if (str != null) {
            cookie.setPath(str);
        }
        return cookie;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public static String findLongestPathMatching(@NotNull String[] strArr, @Nullable String str) {
        if (str == null || str.isEmpty() || strArr.length == 0) {
            return null;
        }
        try {
            String path = new URI(str).getPath();
            if (path == null || path.isEmpty()) {
                return null;
            }
            String str2 = null;
            for (String str3 : strArr) {
                if (isDescendantOrEqual(str3, path) && (str2 == null || str3.length() > str2.length())) {
                    str2 = str3;
                }
            }
            return str2;
        } catch (URISyntaxException e) {
            logger.debug("findLongestPathMatching: Invalid URL {}", str, e);
            return null;
        }
    }

    private static boolean isDescendantOrEqual(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        return str2.startsWith(str.endsWith("/") ? str : str + "/");
    }
}
