package org.cattleframework.oauth.authorization.portal.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateFormatUtils;
import org.cattleframework.form.authorization.authentication.LoginedAuthenticationToken;
import org.cattleframework.form.authorization.service.UserService;
import org.cattleframework.oauth.authorization.AuthorizeServerConstants;
import org.cattleframework.oauth.authorization.client.RegisteredClientRepositoryEnhance;
import org.cattleframework.oauth.authorization.client.SupportedDeviceType;
import org.cattleframework.utils.auxiliary.HttpUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/cattleframework/oauth/authorization/portal/web/authentication/DetermineRegisteredClientUtils.class */
class DetermineRegisteredClientUtils {
    private static final Logger logger = LoggerFactory.getLogger(DetermineRegisteredClientUtils.class);
    static final String WINDOWS_TAG = "windows";
    static final String LINUX_TAG = "linux";
    static final String MAC_TAG = "macintosh";
    static final String ANDROID_TAG = "android";
    static final String TABLET_TAG = "tablet";
    static final String IPHONE_TAG = "iphone";
    static final String IPAD_TAG = "ipad";
    static final String SLASH = "/";

    DetermineRegisteredClientUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String determineTargetUri(HttpServletRequest httpServletRequest, UserService userService, RegisteredClientRepositoryEnhance registeredClientRepositoryEnhance, LoginedAuthenticationToken loginedAuthenticationToken, String str, String str2) {
        RegisteredClient orElse;
        SupportedDeviceType determineDeviceType = determineDeviceType(httpServletRequest);
        HashSet hashSet = new HashSet();
        loginedAuthenticationToken.getAuthorities().forEach(grantedAuthority -> {
            hashSet.add(grantedAuthority.getAuthority());
        });
        if (!userService.isSsoModule((String[]) hashSet.toArray(i -> {
            return new String[i];
        })) || (orElse = registeredClientRepositoryEnhance.getRegisteredClients(loginedAuthenticationToken.getUserId()).stream().filter(registeredClient -> {
            return registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.AUTHORIZATION_CODE) && registeredClient.getRedirectUris().size() == 1 && ((List) registeredClient.getClientSettings().getSetting(AuthorizeServerConstants.CLIENT_SUPPORTED_DEVICE_TYPE)).contains(determineDeviceType);
        }).findFirst().orElse(null)) == null) {
            return null;
        }
        return buildUri(httpServletRequest, orElse, str, str2);
    }

    private static String buildUri(HttpServletRequest httpServletRequest, RegisteredClient registeredClient, String str, String str2) {
        String substring;
        String str3 = (String) registeredClient.getRedirectUris().stream().findFirst().get();
        if (StringUtils.isNotBlank(str)) {
            substring = str.endsWith(SLASH) ? str.substring(0, str.length() - 1) : str;
        } else {
            HttpUtils.HostInfo hostInfo = HttpUtils.getHostInfo(httpServletRequest);
            substring = hostInfo.hostUrl().endsWith(SLASH) ? hostInfo.hostUrl().substring(0, hostInfo.hostUrl().length() - 1) : hostInfo.hostUrl();
        }
        UriComponentsBuilder queryParam = UriComponentsBuilder.fromUriString(substring + str2).queryParam("response_type", new Object[]{OAuth2AuthorizationResponseType.CODE.getValue()}).queryParam("client_id", new Object[]{registeredClient.getClientId()}).queryParam("redirect_uri", new Object[]{str3});
        if (CollectionUtils.isNotEmpty(registeredClient.getScopes())) {
            StringBuilder sb = new StringBuilder();
            registeredClient.getScopes().forEach(str4 -> {
                if (!sb.isEmpty()) {
                    sb.append(" ");
                }
                sb.append(str4);
            });
            queryParam.queryParam("scope", new Object[]{sb.toString()});
        }
        queryParam.queryParam("state", new Object[]{org.cattleframework.utils.auxiliary.StringUtils.getHashName(registeredClient.getClientId() + "_" + DateFormatUtils.ISO_8601_EXTENDED_DATE_FORMAT.format(new Date()))});
        return queryParam.build().toUriString();
    }

    private static SupportedDeviceType determineDeviceType(HttpServletRequest httpServletRequest) {
        String lowerCase = HttpUtils.getHeaderValue(httpServletRequest, "User-Agent").toLowerCase();
        if (lowerCase.contains(ANDROID_TAG)) {
            return lowerCase.contains(TABLET_TAG) ? SupportedDeviceType.AndroidTablet : SupportedDeviceType.Android;
        }
        if (lowerCase.contains(IPHONE_TAG)) {
            return SupportedDeviceType.iPhone;
        }
        if (lowerCase.contains(IPAD_TAG)) {
            return SupportedDeviceType.iPad;
        }
        if (lowerCase.contains(WINDOWS_TAG) || lowerCase.contains(MAC_TAG) || lowerCase.contains(LINUX_TAG)) {
            return SupportedDeviceType.Pc;
        }
        logger.debug("userAgent:{}", lowerCase);
        return null;
    }
}
