package io.jenkins.plugins.tuleap_oauth.helper;

import com.google.inject.Inject;
import io.jenkins.plugins.tuleap_oauth.TuleapAuthenticationErrorAction;
import io.jenkins.plugins.tuleap_oauth.TuleapSecurityRealm;
import io.jenkins.plugins.tuleap_oauth.pkce.PKCECodeBuilder;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Logger;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:io/jenkins/plugins/tuleap_oauth/helper/TuleapAuthorizationCodeUrlBuilderImpl.class */
public class TuleapAuthorizationCodeUrlBuilderImpl implements TuleapAuthorizationCodeUrlBuilder {
    private static final Logger LOGGER = Logger.getLogger(TuleapAuthorizationCodeUrlBuilder.class.getName());
    private final PluginHelper pluginHelper;
    private final PKCECodeBuilder codeBuilder;

    @Inject
    public TuleapAuthorizationCodeUrlBuilderImpl(PluginHelper pluginHelper, PKCECodeBuilder pKCECodeBuilder) {
        this.pluginHelper = pluginHelper;
        this.codeBuilder = pKCECodeBuilder;
    }

    @Override // io.jenkins.plugins.tuleap_oauth.helper.TuleapAuthorizationCodeUrlBuilder
    public String buildRedirectUrlAndStoreSessionAttribute(StaplerRequest staplerRequest, String str, String str2) throws UnsupportedEncodingException, NoSuchAlgorithmException {
        if (!this.pluginHelper.isHttpsUrl(str)) {
            LOGGER.warning("The provided Tuleap URL is not in HTTPS");
            return this.pluginHelper.getJenkinsInstance().getRootUrl() + TuleapAuthenticationErrorAction.REDIRECT_ON_AUTHENTICATION_ERROR;
        }
        String buildRandomBase64EncodedURLSafeString = this.pluginHelper.buildRandomBase64EncodedURLSafeString();
        staplerRequest.getSession().setAttribute(TuleapSecurityRealm.STATE_SESSION_ATTRIBUTE, buildRandomBase64EncodedURLSafeString);
        String encode = URLEncoder.encode(this.pluginHelper.getJenkinsInstance().getRootUrl() + TuleapSecurityRealm.REDIRECT_URI, StandardCharsets.UTF_8.name());
        String buildCodeVerifier = this.codeBuilder.buildCodeVerifier();
        String buildCodeChallenge = this.codeBuilder.buildCodeChallenge(buildCodeVerifier);
        staplerRequest.getSession().setAttribute(TuleapSecurityRealm.CODE_VERIFIER_SESSION_ATTRIBUTE, buildCodeVerifier);
        String buildRandomBase64EncodedURLSafeString2 = this.pluginHelper.buildRandomBase64EncodedURLSafeString();
        staplerRequest.getSession().setAttribute(TuleapSecurityRealm.NONCE_ATTRIBUTE, buildRandomBase64EncodedURLSafeString2);
        staplerRequest.getSession().setAttribute(TuleapSecurityRealm.JENKINS_REDIRECT_URI_ATTRIBUTE, this.pluginHelper.getJenkinsInstance().getRootUrl() + TuleapSecurityRealm.REDIRECT_URI);
        return str + TuleapSecurityRealm.AUTHORIZATION_ENDPOINT + "response_type=code&prompt=consent&client_id=" + URLEncoder.encode(str2, StandardCharsets.UTF_8.name()) + "&redirect_uri=" + encode + "&scope=" + URLEncoder.encode(TuleapSecurityRealm.SCOPES, StandardCharsets.UTF_8.name()) + "&state=" + buildRandomBase64EncodedURLSafeString + "&code_challenge=" + buildCodeChallenge + "&code_challenge_method=" + URLEncoder.encode(TuleapSecurityRealm.CODE_CHALLENGE_METHOD, StandardCharsets.UTF_8.name()) + "&nonce=" + buildRandomBase64EncodedURLSafeString2;
    }
}
