package com.stormpath.sdk.impl.saml;

import com.stormpath.sdk.api.ApiKey;
import com.stormpath.sdk.impl.ds.InternalDataStore;
import com.stormpath.sdk.impl.http.QueryString;
import com.stormpath.sdk.impl.idsite.IdSiteClaims;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.saml.SamlIdpUrlBuilder;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.UUID;

/* loaded from: input_file:lib/stormpath-sdk-impl-1.0.RC9.2.jar:com/stormpath/sdk/impl/saml/DefaultSamlIdpUrlBuilder.class */
public class DefaultSamlIdpUrlBuilder implements SamlIdpUrlBuilder {
    public static String SSO_LOGOUT_SUFFIX = "/logout";
    public final String ssoEndpoint;
    private final InternalDataStore internalDataStore;
    private final String applicationHref;
    private final IdSiteClaims claims;
    private boolean logout = false;

    public DefaultSamlIdpUrlBuilder(InternalDataStore internalDataStore, String str, String str2) {
        Assert.notNull(internalDataStore, "internalDataStore cannot be null.");
        Assert.hasText(str2, "samlProviderEndpoint cannot be null or empty");
        this.ssoEndpoint = str2;
        this.internalDataStore = internalDataStore;
        this.applicationHref = str;
        this.claims = new IdSiteClaims();
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder setCallbackUri(String str) {
        this.claims.setCallbackUri(str);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder setState(String str) {
        this.claims.setState(str);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder setPath(String str) {
        this.claims.setPath(str);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder setOrganizationNameKey(String str) {
        this.claims.setOrganizationNameKey(str);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder setSpToken(String str) {
        this.claims.setSpToken(str);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public SamlIdpUrlBuilder addProperty(String str, Object obj) {
        this.claims.put(str, obj);
        return this;
    }

    @Override // com.stormpath.sdk.saml.SamlIdpUrlBuilder
    public String build() {
        Assert.state(Strings.hasText(this.claims.getCallbackUri()), "callbackUri cannot be null or empty.");
        String uuid = UUID.randomUUID().toString();
        Date date = new Date();
        ApiKey apiKey = this.internalDataStore.getApiKey();
        JwtBuilder subject = Jwts.builder().setClaims((Claims) this.claims).setId(uuid).setIssuedAt(date).setIssuer(apiKey.getId()).setSubject(this.applicationHref);
        String compact = subject.setHeaderParam("typ", Header.JWT_TYPE).setHeaderParam("kid", apiKey.getId()).signWith(SignatureAlgorithm.HS256, apiKey.getSecret().getBytes(Strings.UTF_8)).compact();
        QueryString queryString = new QueryString();
        queryString.put(IdSiteClaims.ACCESS_TOKEN, compact);
        StringBuilder sb = new StringBuilder(this.ssoEndpoint);
        if (this.logout) {
            sb.append(SSO_LOGOUT_SUFFIX);
        }
        return sb.append('?').append(queryString.toString()).toString();
    }
}
