package com.auth0;

import com.auth0.client.auth.AuthAPI;
import com.auth0.client.auth.AuthorizeUrlBuilder;
import com.auth0.exception.Auth0Exception;
import com.auth0.json.auth.PushedAuthorizationResponse;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/auth0/AuthorizeUrl.class */
public class AuthorizeUrl {
    private static final String SCOPE_OPENID = "openid";
    private HttpServletResponse response;
    private HttpServletRequest request;
    private final String responseType;
    private String nonce;
    private String state;
    private final AuthAPI authAPI;
    private String cookiePath;
    private boolean used;
    private final String redirectUri;
    private boolean useLegacySameSiteCookie = true;
    private boolean setSecureCookie = false;
    private Map<String, String> params = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeUrl(AuthAPI authAPI, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.responseType = str2;
        this.authAPI = authAPI;
        this.redirectUri = str;
        this.params.put("scope", SCOPE_OPENID);
    }

    public AuthorizeUrl withOrganization(String str) {
        this.params.put("organization", str);
        return this;
    }

    public AuthorizeUrl withInvitation(String str) {
        this.params.put("invitation", str);
        return this;
    }

    public AuthorizeUrl withConnection(String str) {
        this.params.put("connection", str);
        return this;
    }

    public AuthorizeUrl withSecureCookie(boolean z) {
        this.setSecureCookie = z;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeUrl withLegacySameSiteCookie(boolean z) {
        this.useLegacySameSiteCookie = z;
        return this;
    }

    public AuthorizeUrl withAudience(String str) {
        this.params.put("audience", str);
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizeUrl withCookiePath(String str) {
        this.cookiePath = str;
        return this;
    }

    public AuthorizeUrl withState(String str) {
        this.state = str;
        this.params.put("state", str);
        return this;
    }

    public AuthorizeUrl withNonce(String str) {
        this.nonce = str;
        this.params.put("nonce", str);
        return this;
    }

    public AuthorizeUrl withScope(String str) {
        this.params.put("scope", str);
        return this;
    }

    public AuthorizeUrl withParameter(String str, String str2) {
        if ("state".equals(str) || "nonce".equals(str)) {
            throw new IllegalArgumentException("Please, use the dedicated methods for setting the 'nonce' and 'state' parameters.");
        }
        if ("response_type".equals(str)) {
            throw new IllegalArgumentException("Response type cannot be changed once set.");
        }
        if ("redirect_uri".equals(str)) {
            throw new IllegalArgumentException("Redirect URI cannot be changed once set.");
        }
        this.params.put(str, str2);
        return this;
    }

    public String build() throws IllegalStateException {
        storeTransient();
        AuthorizeUrlBuilder withResponseType = this.authAPI.authorizeUrl(this.redirectUri).withResponseType(this.responseType);
        Map<String, String> map = this.params;
        withResponseType.getClass();
        map.forEach(withResponseType::withParameter);
        return withResponseType.build();
    }

    public String fromPushedAuthorizationRequest() throws InvalidRequestException {
        storeTransient();
        try {
            PushedAuthorizationResponse pushedAuthorizationResponse = (PushedAuthorizationResponse) this.authAPI.pushedAuthorizationRequest(this.redirectUri, this.responseType, this.params).execute();
            String requestURI = pushedAuthorizationResponse.getRequestURI();
            if (requestURI == null || requestURI.isEmpty()) {
                throw new InvalidRequestException("a0.api_error", "The PAR request returned a missing or empty request_uri value");
            }
            if (pushedAuthorizationResponse.getExpiresIn() == null) {
                throw new InvalidRequestException("a0.api_error", "The PAR request returned a missing expires_in value");
            }
            return this.authAPI.authorizeUrlWithPAR(pushedAuthorizationResponse.getRequestURI());
        } catch (Auth0Exception e) {
            throw new InvalidRequestException("a0.api_error", e.getMessage(), e);
        }
    }

    private void storeTransient() {
        if (this.used) {
            throw new IllegalStateException("The AuthorizeUrl instance must not be reused.");
        }
        if (this.response != null) {
            SameSite sameSite = containsFormPost() ? SameSite.NONE : SameSite.LAX;
            TransientCookieStore.storeState(this.response, this.state, sameSite, this.useLegacySameSiteCookie, this.setSecureCookie, this.cookiePath);
            TransientCookieStore.storeNonce(this.response, this.nonce, sameSite, this.useLegacySameSiteCookie, this.setSecureCookie, this.cookiePath);
        }
        RandomStorage.setSessionState(this.request, this.state);
        RandomStorage.setSessionNonce(this.request, this.nonce);
        this.used = true;
    }

    private boolean containsFormPost() {
        return RequestProcessor.requiresFormPostResponseMode(Collections.unmodifiableList(Arrays.asList(this.responseType.trim().split("\\s+"))));
    }
}
