package net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl;

import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.StandardCharset;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.authn.oidc.rp.impl.AuthorizationController;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/encoding/impl/DefaultAuthCodeTokenRequestEncoder.class */
public class DefaultAuthCodeTokenRequestEncoder extends AbstractRequestEncoderFunction {

    @NotEmpty
    @Nonnull
    private static final String HTTPS = "https";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(DefaultAuthCodeTokenRequestEncoder.class);

    @Override // net.shibboleth.idp.plugin.authn.oidc.rp.encoding.impl.AbstractRequestEncoderFunction
    @Nullable
    public HttpUriRequest doApply(@Nonnull ProfileRequestContext profileRequestContext) {
        try {
            if (getClientAuthenticationContext() == null || getClientAuthenticationContext().getClientAuthentication() == null) {
                this.log.warn("No client authentication context to base token request off");
                return null;
            }
            RequestBuilder charset = RequestBuilder.post().setUri(new URIBuilder().setScheme(HTTPS).setPort(getProviderMetadataContext().getProviderInformation().getTokenEndpointURI().getPort()).setHost(getProviderMetadataContext().getProviderInformation().getTokenEndpointURI().getHost()).setPath(getProviderMetadataContext().getProviderInformation().getTokenEndpointURI().getPath()).build()).setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.getMimeType()).setCharset(StandardCharset.UTF_8);
            addRequiredFields(charset);
            addRequiredOnConditionFields(charset);
            buildSecretBasicAuthentication(charset);
            HttpUriRequest build = charset.build();
            this.log.debug("Token URL '{}'", build);
            return build;
        } catch (Exception e) {
            this.log.warn("Unable to encode token request", e);
            return null;
        }
    }

    private void addRequiredFields(@Nonnull RequestBuilder requestBuilder) {
        requestBuilder.addParameter("grant_type", "authorization_code").addParameter(AuthorizationController.CODE_PARAMETER, getAuthenticationResponse().getAuthorizationCode().getValue());
    }

    private void addRequiredOnConditionFields(@Nonnull RequestBuilder requestBuilder) {
        if (getAuthenticationRequest().getRedirectURI() != null) {
            requestBuilder.addParameter("redirect_uri", getAuthenticationRequest().getRedirectURI().toString());
        }
    }

    private void buildSecretBasicAuthentication(RequestBuilder requestBuilder) {
        requestBuilder.addHeader("Authorization", "Basic " + Base64.encode((URLEncoder.encode(getClientAuthenticationContext().getClientAuthentication().getClientID().getValue(), StandardCharsets.UTF_8) + ':' + URLEncoder.encode(getClientAuthenticationContext().getClientAuthentication().getMethod().getValue(), StandardCharsets.UTF_8)).getBytes(StandardCharsets.UTF_8)));
    }
}
