package fish.payara.security.openid.controller;

import com.nimbusds.jose.util.Base64URL;
import fish.payara.security.openid.OpenIdUtil;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import fish.payara.security.openid.domain.OpenIdNonce;
import fish.payara.security.openid.http.HttpStorageController;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.enterprise.context.ApplicationScoped;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.glassfish.common.util.StringHelper;

@ApplicationScoped
/* loaded from: input_file:fish/payara/security/openid/controller/NonceController.class */
public class NonceController {
    private static final String NONCE_KEY = "oidc.nonce";

    public void store(OpenIdNonce openIdNonce, OpenIdConfiguration openIdConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (openIdConfiguration.isUseNonce()) {
            HttpStorageController.getInstance(openIdConfiguration, httpServletRequest, httpServletResponse).store(NONCE_KEY, openIdNonce.getValue(), null);
        }
    }

    public OpenIdNonce get(OpenIdConfiguration openIdConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return (OpenIdNonce) HttpStorageController.getInstance(openIdConfiguration, httpServletRequest, httpServletResponse).getAsString(NONCE_KEY).filter(OpenIdUtil.not(StringHelper::isEmpty)).map(OpenIdNonce::new).orElse(null);
    }

    public void remove(OpenIdConfiguration openIdConfiguration, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpStorageController.getInstance(openIdConfiguration, httpServletRequest, httpServletResponse).remove(NONCE_KEY);
    }

    public String getNonceHash(OpenIdNonce openIdNonce) {
        Objects.requireNonNull(openIdNonce, "OpenId nonce value must not be null");
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(openIdNonce.getValue().getBytes(StandardCharsets.US_ASCII));
            return Base64URL.encode(messageDigest.digest()).toString();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No MessageDigest instance found with the specified algorithm for nonce hash", e);
        }
    }
}
