package org.apache.cxf.rs.security.oidc.utils;

import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oidc.common.AbstractUserInfo;
import org.apache.cxf.rt.security.crypto.MessageDigestUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/utils/OidcUtils.class */
public final class OidcUtils {
    public static final String ID_TOKEN = "id_token";
    public static final String OPENID_SCOPE = "openid";
    public static final String OIDC_SCOPE = "oidc";
    public static final String PROFILE_SCOPE = "profile";
    public static final String EMAIL_SCOPE = "email";
    public static final String ADDRESS_SCOPE = "address";
    public static final String PHONE_SCOPE = "phone";
    public static final List<String> PROFILE_CLAIMS = Arrays.asList(AbstractUserInfo.NAME_CLAIM, "profile");
    public static final List<String> EMAIL_CLAIMS = Arrays.asList("email", AbstractUserInfo.EMAIL_VERIFIED_CLAIM);
    public static final List<String> ADDRESS_CLAIMS = Arrays.asList("address");
    public static final List<String> PHONE_CLAIMS = Arrays.asList(AbstractUserInfo.PHONE_CLAIM);
    private static final Map<String, List<String>> SCOPES_MAP = new HashMap();

    private OidcUtils() {
    }

    public static String getOidcScope() {
        return OIDC_SCOPE;
    }

    public static String getProfileScope() {
        return getScope(OIDC_SCOPE, "profile");
    }

    public static String getEmailScope() {
        return getScope(OIDC_SCOPE, "email");
    }

    public static String getAddressScope() {
        return getScope(OIDC_SCOPE, "address");
    }

    public static String getPhoneScope() {
        return getScope(OIDC_SCOPE, PHONE_SCOPE);
    }

    public static String getAllScopes() {
        return getScope(OIDC_SCOPE, "profile", "email", "address", PHONE_SCOPE);
    }

    public static List<String> getScopeProperties(String str) {
        return SCOPES_MAP.get(str);
    }

    private static String getScope(String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (sb.length() > 0) {
                sb.append(" ");
            }
            sb.append(str);
        }
        return sb.toString();
    }

    public static void validateAccessTokenHash(ClientAccessToken clientAccessToken, JwtToken jwtToken) {
        validateAccessTokenHash(clientAccessToken, jwtToken, true);
    }

    public static void validateAccessTokenHash(ClientAccessToken clientAccessToken, JwtToken jwtToken, boolean z) {
        if (z) {
            validateHash(clientAccessToken.getTokenKey(), (String) jwtToken.getClaims().getClaim("at_hash"), jwtToken.getJwsHeaders().getAlgorithm());
        }
    }

    public static void validateCodeHash(String str, JwtToken jwtToken) {
        validateCodeHash(str, jwtToken, true);
    }

    public static void validateCodeHash(String str, JwtToken jwtToken, boolean z) {
        if (z) {
            validateHash(str, (String) jwtToken.getClaims().getClaim("c_hash"), jwtToken.getJwsHeaders().getAlgorithm());
        }
    }

    private static void validateHash(String str, String str2, String str3) {
        if (!calculateHash(str, str3).equals(str2)) {
            throw new SecurityException("Invalid hash");
        }
    }

    public static String calculateHash(String str, String str2) {
        try {
            return Base64UrlUtility.encodeChunk(MessageDigestUtils.createDigest(StringUtils.toBytesASCII(str), "SHA-256"), 0, 16);
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        }
    }

    static {
        SCOPES_MAP.put(PHONE_SCOPE, PHONE_CLAIMS);
        SCOPES_MAP.put("email", EMAIL_CLAIMS);
        SCOPES_MAP.put("address", ADDRESS_CLAIMS);
        SCOPES_MAP.put("profile", PROFILE_CLAIMS);
    }
}
