package org.apache.cxf.rs.security.oauth2.client;

import jakarta.ws.rs.core.MultivaluedMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.MessageDigestUtils;

/* loaded from: input_file:lib/cxf-shade-9.0.0-M8.jar:org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.class */
public class MemoryClientCodeStateManager implements ClientCodeStateManager {
    private Map<String, MultivaluedMap<String, String>> map = new ConcurrentHashMap();
    private boolean generateNonce;

    @Override // org.apache.cxf.rs.security.oauth2.client.ClientCodeStateManager
    public MultivaluedMap<String, String> toRedirectState(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap) {
        String generateRandomTokenKey = OAuthUtils.generateRandomTokenKey();
        MetadataMap metadataMap = new MetadataMap();
        if (this.generateNonce) {
            String generate = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(32));
            multivaluedMap.putSingle("nonce", generate);
            metadataMap.putSingle("nonce", generate);
        }
        this.map.put(generateRandomTokenKey, multivaluedMap);
        OAuthUtils.setSessionToken(messageContext, generateRandomTokenKey, OAuthConstants.STATE, 0);
        metadataMap.putSingle(OAuthConstants.STATE, generateRandomTokenKey);
        return metadataMap;
    }

    @Override // org.apache.cxf.rs.security.oauth2.client.ClientCodeStateManager
    public MultivaluedMap<String, String> fromRedirectState(MessageContext messageContext, MultivaluedMap<String, String> multivaluedMap) {
        String first = multivaluedMap.getFirst(OAuthConstants.STATE);
        String sessionToken = OAuthUtils.getSessionToken(messageContext, OAuthConstants.STATE);
        if (sessionToken == null || !sessionToken.equals(first)) {
            throw new OAuthServiceException("Invalid session token");
        }
        return this.map.remove(first);
    }

    public void setGenerateNonce(boolean z) {
        this.generateNonce = z;
    }
}
