package com.atlassian.plugins.authentication.sso.web.oidc;

import com.atlassian.plugins.authentication.api.config.JustInTimeConfig;
import com.atlassian.plugins.authentication.api.config.oidc.OidcConfig;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.State;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.Nonce;
import com.nimbusds.openid.connect.sdk.Prompt;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/web/oidc/OidcAuthenticationRequestFactory.class */
public class OidcAuthenticationRequestFactory {
    private static final Logger log = LoggerFactory.getLogger(OidcAuthenticationRequestFactory.class);
    private static final String OPENID_CONNECT_DEFAULT_SCOPE = "openid";

    public OidcAuthenticationRequest prepareOidcAuthenticationRequest(String str, String str2, boolean z, OidcConfig oidcConfig) {
        AuthenticationRequest prepareAuthenticationRequest = prepareAuthenticationRequest(str, str2, z, oidcConfig);
        log.debug("Prepared OpenID Authentication request: {}", prepareAuthenticationRequest.toQueryString());
        return new OidcAuthenticationRequest(prepareAuthenticationRequest.getState().getValue(), prepareAuthenticationRequest.getNonce().getValue(), UUID.randomUUID().toString(), prepareAuthenticationRequest.toURI().toString());
    }

    public AuthenticationRequest prepareAuthenticationRequest(String str, String str2, boolean z, OidcConfig oidcConfig) {
        ArrayList newArrayList = Lists.newArrayList(oidcConfig.getAdditionalScopes());
        JustInTimeConfig justInTimeConfig = oidcConfig.getJustInTimeConfig();
        if (justInTimeConfig.isEnabled().orElse(false).booleanValue()) {
            newArrayList.addAll(justInTimeConfig.getAdditionalJitScopes());
        }
        List list = (List) Stream.concat(Stream.of(OPENID_CONNECT_DEFAULT_SCOPE), newArrayList.stream()).filter(str3 -> {
            return !Strings.isNullOrEmpty(str3);
        }).distinct().collect(Collectors.toList());
        log.trace("Effective OIDC scopes for auth request to IdP [{}] are: [{}]", oidcConfig.getId(), list);
        return new AuthenticationRequest.Builder(new ResponseType(ResponseType.Value.CODE), Scope.parse(list), new ClientID(oidcConfig.getClientId()), URI.create(str)).state(new State()).nonce(new Nonce()).endpointURI(URI.create(oidcConfig.getAuthorizationEndpoint())).prompt(z ? new Prompt(Prompt.Type.LOGIN) : null).loginHint(str2).build();
    }
}
