package com.predic8.membrane.core.interceptor.oauth2.request;

import com.bornium.security.oauth2openid.Constants;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.8.1.jar:com/predic8/membrane/core/interceptor/oauth2/request/AuthWithoutSessionRequest.class */
public class AuthWithoutSessionRequest extends ParameterizedRequest {
    public AuthWithoutSessionRequest(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor, Exchange exchange) throws Exception {
        super(oAuth2AuthorizationServerInterceptor, exchange);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response checkForMissingParameters() throws Exception {
        return (getClientId() == null || getRedirectUri() == null) ? OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_REQUEST) : (getResponseType() == null || getScope() == null) ? createParameterizedFormUrlencodedRedirect(this.exc, getState(), getRedirectUri() + "?error=invalid_request") : new NoResponse();
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response processWithParameters() throws Exception {
        try {
            Client client = this.authServer.getClientList().getClient(getClientId());
            if (!OAuth2Util.isAbsoluteUri(getRedirectUri()) || !getRedirectUri().equals(client.getCallbackUrl())) {
                return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_REQUEST);
            }
            if (promptEqualsNone()) {
                return createParameterizedFormUrlencodedRedirect(this.exc, getState(), client.getCallbackUrl() + "?error=login_required");
            }
            if (!this.authServer.getSupportedAuthorizationGrants().contains(getResponseType())) {
                return createParameterizedFormUrlencodedRedirect(this.exc, getState(), client.getCallbackUrl() + "?error=unsupported_response_type");
            }
            String verifyScopes = verifyScopes(getScope());
            if (verifyScopes.isEmpty()) {
                return createParameterizedFormUrlencodedRedirect(this.exc, getState(), client.getCallbackUrl() + "?error=invalid_scope");
            }
            if (!OAuth2Util.isOpenIdScope(verifyScopes)) {
                removeClaimsWhenNotOpenidScope();
            } else {
                if (!isCodeRequest()) {
                    return createParameterizedFormUrlencodedRedirect(this.exc, getState(), client.getCallbackUrl() + "?error=invalid_request");
                }
                addValidClaimsToParams();
            }
            setScope(verifyScopes);
            String hasGivenInvalidScopes = hasGivenInvalidScopes(getScope(), verifyScopes);
            if (!hasGivenInvalidScopes.isEmpty()) {
                setScopeInvalid(hasGivenInvalidScopes);
            }
            addParams(this.authServer.getSessionManager().getOrCreateSession(this.exc), this.params);
            return new NoResponse();
        } catch (Exception e) {
            return OAuth2Util.createParameterizedJsonErrorResponse(this.exc, this.jsonGen, Constants.PARAMETER_ERROR, "unauthorized_client");
        }
    }

    private void removeClaimsWhenNotOpenidScope() {
        this.params.remove("claims");
    }

    private void addValidClaimsToParams() throws IOException {
        if (getClaims() != null) {
            ClaimsParameter claimsParameter = new ClaimsParameter(this.authServer.getClaimList().getSupportedClaims(), getClaims());
            if (claimsParameter.hasClaims()) {
                this.params.put("claims", claimsParameter.toJson());
            }
        }
    }

    private boolean isCodeRequest() {
        return getResponseType().equals("code");
    }

    private boolean promptEqualsNone() {
        return getPrompt() != null && getPrompt().equals("none");
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response getResponse() throws Exception {
        return redirectToLogin();
    }

    protected String verifyScopes(String str) {
        String[] split = str.split(" ");
        StringBuilder sb = new StringBuilder();
        for (String str2 : split) {
            if (this.authServer.getClaimList().scopeExists(str2)) {
                sb.append(str2).append(" ");
            }
        }
        return sb.toString().trim();
    }

    protected String hasGivenInvalidScopes(String str, String str2) {
        HashSet hashSet = new HashSet(Arrays.asList(str2.split(" ")));
        StringBuilder sb = new StringBuilder();
        Iterator it = new HashSet(Arrays.asList(str.split(" "))).iterator();
        while (it.hasNext()) {
            String str3 = (String) it.next();
            if (!hashSet.contains(str3)) {
                sb.append(str3).append(" ");
            }
        }
        return sb.toString().trim();
    }

    protected Response redirectToLogin() throws MalformedURLException, UnsupportedEncodingException {
        return Response.redirect(this.authServer.getBasePath() + this.authServer.getPath(), false).dontCache().body("").build();
    }
}
