package com.nimbusds.openid.connect.sdk.op;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.proc.JWTProcessor;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import java.io.IOException;
import java.net.MalformedURLException;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:BOOT-INF/lib/oauth2-oidc-sdk-8.22.jar:com/nimbusds/openid/connect/sdk/op/AuthenticationRequestResolver.class */
public class AuthenticationRequestResolver<C extends SecurityContext> {
    private final JWTProcessor<C> jwtProcessor;
    private final ResourceRetriever jwtRetriever;

    public AuthenticationRequestResolver() {
        this.jwtProcessor = null;
        this.jwtRetriever = null;
    }

    public AuthenticationRequestResolver(JWTProcessor<C> jWTProcessor) {
        if (jWTProcessor == null) {
            throw new IllegalArgumentException("The JWT processor must not be null");
        }
        this.jwtProcessor = jWTProcessor;
        this.jwtRetriever = null;
    }

    public AuthenticationRequestResolver(JWTProcessor<C> jWTProcessor, ResourceRetriever resourceRetriever) {
        if (jWTProcessor == null) {
            throw new IllegalArgumentException("The JWT processor must not be null");
        }
        this.jwtProcessor = jWTProcessor;
        if (resourceRetriever == null) {
            throw new IllegalArgumentException("The JWT retriever must not be null");
        }
        this.jwtRetriever = resourceRetriever;
    }

    public JWTProcessor<C> getJWTProcessor() {
        return this.jwtProcessor;
    }

    public ResourceRetriever getJWTRetriever() {
        return this.jwtRetriever;
    }

    public static Map<String, List<String>> reformatClaims(JWTClaimsSet jWTClaimsSet) {
        Map<String, Object> claims = jWTClaimsSet.getClaims();
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : claims.entrySet()) {
            if (entry.getValue() != null) {
                hashMap.put(entry.getKey(), Collections.singletonList(entry.getValue().toString()));
            }
        }
        return Collections.unmodifiableMap(hashMap);
    }

    public AuthenticationRequest resolve(AuthenticationRequest authenticationRequest, C c) throws ResolveException, JOSEException {
        JWT requestObject;
        if (!authenticationRequest.specifiesRequestObject()) {
            return authenticationRequest;
        }
        if (authenticationRequest.getRequestURI() != null) {
            if (this.jwtRetriever == null || this.jwtProcessor == null) {
                throw new ResolveException(OAuth2Error.REQUEST_URI_NOT_SUPPORTED, authenticationRequest);
            }
            try {
                requestObject = JWTParser.parse(this.jwtRetriever.retrieveResource(authenticationRequest.getRequestURI().toURL()).getContent());
            } catch (MalformedURLException e) {
                throw new ResolveException(OAuth2Error.INVALID_REQUEST_URI.setDescription("Malformed URL"), authenticationRequest);
            } catch (IOException e2) {
                throw new ResolveException("Couldn't retrieve request_uri: " + e2.getMessage(), "Network error, check the request_uri", authenticationRequest, e2);
            } catch (ParseException e3) {
                throw new ResolveException(OAuth2Error.INVALID_REQUEST_URI.setDescription("Invalid JWT"), authenticationRequest);
            }
        } else {
            if (this.jwtProcessor == null) {
                throw new ResolveException(OAuth2Error.REQUEST_NOT_SUPPORTED, authenticationRequest);
            }
            requestObject = authenticationRequest.getRequestObject();
        }
        try {
            JWTClaimsSet process = this.jwtProcessor.process(requestObject, (JWT) c);
            HashMap hashMap = new HashMap();
            hashMap.putAll(authenticationRequest.toParameters());
            hashMap.putAll(reformatClaims(process));
            hashMap.remove("request");
            hashMap.remove("request_uri");
            try {
                return AuthenticationRequest.parse(authenticationRequest.getEndpointURI(), (Map<String, List<String>>) hashMap);
            } catch (com.nimbusds.oauth2.sdk.ParseException e4) {
                throw new ResolveException("Couldn't create final OpenID authentication request: " + e4.getMessage(), "Invalid request object parameter(s): " + e4.getMessage(), authenticationRequest, e4);
            }
        } catch (BadJOSEException e5) {
            throw new ResolveException("Invalid request object: " + e5.getMessage(), "Bad JWT / signature / HMAC / encryption", authenticationRequest, e5);
        }
    }
}
