package net.shibboleth.idp.plugin.authn.duo.nimbus.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWTClaimsSet;
import java.security.SecureRandom;
import java.text.ParseException;
import java.time.Duration;
import java.util.Date;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.idp.plugin.authn.duo.DuoClientException;
import net.shibboleth.oidc.security.JWSAssemblyUtils;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.logic.Constraint;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/nimbus/impl/NimbusClientSupport.class */
public final class NimbusClientSupport {
    private NimbusClientSupport() {
    }

    @Nonnull
    static String generateJWTId(@Nonnull Integer num) {
        Constraint.isNotNull(num, "JWT length can not be null");
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        while (sb.length() < num.intValue()) {
            sb.append(Integer.toHexString(secureRandom.nextInt()));
        }
        return sb.toString().substring(0, num.intValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static String createJWSRequestObject(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @NotEmpty @Nonnull String str3, @NotEmpty @Nonnull String str4, @NotEmpty @Nonnull String str5) throws DuoClientException {
        Constraint.isNotEmpty(str, "ClientID can not be null or empty");
        Constraint.isNotEmpty(str2, "RedirectURI can not be null or empty");
        Constraint.isNotEmpty(str4, "State can not be null or empty");
        Constraint.isNotEmpty(str5, "username can not be null or empty");
        Date date = new Date();
        date.setTime(date.getTime() + Duration.ofHours(1L).toMillis());
        try {
            return JWSAssemblyUtils.assembleMacJwsAsString(JWSAlgorithm.HS512, new JWTClaimsSet.Builder().expirationTime(date).claim("scope", "openid").claim("client_id", str).claim("redirect_uri", str2).claim("state", str4).claim("duo_uname", str5).claim("response_type", "code").build(), JWSAssemblyUtils.getSecretBytes(str3));
        } catch (JOSEException | EncodingException | ParseException e) {
            throw new DuoClientException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static String createJWS(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) throws DuoClientException {
        Constraint.isNotNull(str2, "Duo clientId can not be null");
        Constraint.isNotNull(str3, "Duo secret can not be null");
        Constraint.isNotNull(str, "Audience can not be null");
        Date date = new Date();
        date.setTime(date.getTime() + Duration.ofHours(1L).toMillis());
        try {
            return JWSAssemblyUtils.assembleMacJwsAsString(JWSAlgorithm.HS512, new JWTClaimsSet.Builder().expirationTime(date).issuer(str2).subject(str2).audience(str).jwtID(generateJWTId(32)).build(), JWSAssemblyUtils.getSecretBytes(str3));
        } catch (EncodingException | JOSEException | ParseException e) {
            throw new DuoClientException(e);
        }
    }
}
