package com.okta.oidc.net.request.web;

import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import com.google.firebase.inappmessaging.display.R$id;
import com.google.gson.Gson;
import com.okta.oidc.AuthenticationPayload;
import com.okta.oidc.OIDCConfig;
import com.okta.oidc.net.request.ProviderConfiguration;
import com.okta.oidc.util.AuthorizationException;
import com.okta.oidc.util.CodeVerifierUtil;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public class AuthorizeRequest extends WebRequest {
    public Parameters mParameters;

    /* loaded from: classes.dex */
    public static final class Builder {
        public Map<String, String> mMap;
        public Parameters mParameters;

        public Builder() {
            String str;
            Parameters parameters = new Parameters();
            this.mParameters = parameters;
            Map<String, String> map = parameters.queryParams;
            this.mMap = map;
            map.put("response_type", "code");
            this.mMap.put("nonce", CodeVerifierUtil.generateRandomState());
            this.mMap.put("state", CodeVerifierUtil.generateRandomState());
            Pattern pattern = CodeVerifierUtil.REGEX_CODE_VERIFIER;
            SecureRandom secureRandom = new SecureRandom();
            R$id.checkNotNull(secureRandom, "entropySource cannot be null");
            R$id.checkArgument(true, "entropyBytes is less than the minimum permitted");
            R$id.checkArgument(true, "entropyBytes is greater than the maximum permitted");
            byte[] bArr = new byte[64];
            secureRandom.nextBytes(bArr);
            String encodeToString = Base64.encodeToString(bArr, 11);
            R$id.checkArgument(43 <= encodeToString.length(), "codeVerifier length is shorter than allowed by the PKCE specification");
            R$id.checkArgument(encodeToString.length() <= 128, "codeVerifier length is longer than allowed by the PKCE specification");
            R$id.checkArgument(CodeVerifierUtil.REGEX_CODE_VERIFIER.matcher(encodeToString).matches(), "codeVerifier string contains illegal characters");
            this.mMap.put("code_verifier", encodeToString);
            String str2 = null;
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(encodeToString.getBytes("ISO_8859_1"));
                str = Base64.encodeToString(messageDigest.digest(), 11);
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("ISO-8859-1 encoding not supported", e);
            } catch (NoSuchAlgorithmException unused) {
                str = null;
            }
            if (str != null) {
                this.mMap.put("code_challenge", str);
            }
            try {
                MessageDigest.getInstance("SHA-256");
                str2 = "S256";
            } catch (NoSuchAlgorithmException unused2) {
            }
            if (str2 != null) {
                this.mMap.put("code_challenge_method", str2);
            }
        }

        public Builder authenticationPayload(AuthenticationPayload authenticationPayload) {
            if (authenticationPayload != null) {
                this.mParameters.mPayloadParams = authenticationPayload.mAdditionalParameters;
            }
            return this;
        }

        public Builder config(OIDCConfig oIDCConfig) {
            this.mMap.put("client_id", oIDCConfig.mAccount.mClientId);
            String iterableToString = R$id.iterableToString(Arrays.asList(oIDCConfig.mAccount.mScopes));
            if (iterableToString != null) {
                this.mMap.put("scope", iterableToString);
            }
            this.mMap.put("redirect_uri", oIDCConfig.getRedirectUri().toString());
            return this;
        }

        public AuthorizeRequest create() throws AuthorizationException {
            Map<String, String> map = this.mParameters.mPayloadParams;
            if (map != null) {
                this.mMap.putAll(map);
            }
            if (TextUtils.isEmpty(this.mMap.get("authorize_endpoint"))) {
                throw new AuthorizationException("authorize_endpoint missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("code_challenge"))) {
                throw new AuthorizationException("code_challenge missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("code_challenge_method"))) {
                throw new AuthorizationException("code_challenge_method missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("nonce"))) {
                throw new AuthorizationException("nonce missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("redirect_uri"))) {
                throw new AuthorizationException("redirect_uri missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("response_type"))) {
                throw new AuthorizationException("response_type missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("scope"))) {
                throw new AuthorizationException("scope missing", new RuntimeException());
            }
            if (TextUtils.isEmpty(this.mMap.get("state"))) {
                throw new AuthorizationException("state missing", new RuntimeException());
            }
            return new AuthorizeRequest(this.mParameters);
        }

        public Builder providerConfiguration(ProviderConfiguration providerConfiguration) {
            this.mMap.put("authorize_endpoint", null);
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class Parameters {
        public Map<String, String> mPayloadParams;
        public Map<String, String> queryParams = new HashMap();
    }

    public AuthorizeRequest(Parameters parameters) {
        this.mParameters = parameters;
    }

    @Override // com.okta.oidc.storage.Persistable
    public String getKey() {
        return "WebRequest";
    }

    @Override // com.okta.oidc.net.request.web.WebRequest
    public String getState() {
        return this.mParameters.queryParams.get("state");
    }

    @Override // com.okta.oidc.storage.Persistable
    public String persist() {
        Objects.requireNonNull(this.mParameters);
        return new Gson().toJson(this.mParameters);
    }

    @Override // com.okta.oidc.net.request.web.WebRequest
    public Uri toUri() {
        Parameters parameters = this.mParameters;
        Uri.Builder buildUpon = Uri.parse(parameters.queryParams.get("authorize_endpoint")).buildUpon();
        parameters.queryParams.remove("authorize_endpoint");
        for (Map.Entry<String, String> entry : parameters.queryParams.entrySet()) {
            if (!entry.getKey().equals("code_verifier")) {
                buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
            }
        }
        return buildUpon.build();
    }
}
