package org.gluu.oxauth.ciba;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.BooleanUtils;
import org.apache.logging.log4j.util.Strings;
import org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType;
import org.gluu.oxauth.model.common.BackchannelTokenDeliveryMode;
import org.gluu.oxauth.model.config.Constants;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.error.DefaultErrorResponse;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/ciba/CIBAAuthorizeParamsValidatorService.class */
public class CIBAAuthorizeParamsValidatorService {

    @Inject
    private AppConfiguration appConfiguration;

    public DefaultErrorResponse validateParams(List<String> list, String str, BackchannelTokenDeliveryMode backchannelTokenDeliveryMode, String str2, String str3, String str4, String str5, Boolean bool, String str6, String str7, Integer num) {
        if (backchannelTokenDeliveryMode == null) {
            DefaultErrorResponse defaultErrorResponse = new DefaultErrorResponse();
            defaultErrorResponse.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
            defaultErrorResponse.setType(BackchannelAuthenticationErrorResponseType.UNAUTHORIZED_CLIENT);
            defaultErrorResponse.setReason("Clients registering to use CIBA must indicate a token delivery mode.");
            return defaultErrorResponse;
        }
        if (list == null || !list.contains(Constants.OX_AUTH_SCOPE_TYPE_OPENID)) {
            DefaultErrorResponse defaultErrorResponse2 = new DefaultErrorResponse();
            defaultErrorResponse2.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
            defaultErrorResponse2.setType(BackchannelAuthenticationErrorResponseType.INVALID_SCOPE);
            defaultErrorResponse2.setReason("CIBA authentication requests must contain the openid scope value.");
            return defaultErrorResponse2;
        }
        if (!validateOneParamNotBlank(str2, str3, str4)) {
            DefaultErrorResponse defaultErrorResponse3 = new DefaultErrorResponse();
            defaultErrorResponse3.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
            defaultErrorResponse3.setType(BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
            defaultErrorResponse3.setReason("It is required that the Client provides one (and only one) of the hints in the authentication request, that is login_hint_token, id_token_hint or login_hint.");
            return defaultErrorResponse3;
        }
        if ((backchannelTokenDeliveryMode == BackchannelTokenDeliveryMode.PING || backchannelTokenDeliveryMode == BackchannelTokenDeliveryMode.PUSH) && Strings.isBlank(str)) {
            DefaultErrorResponse defaultErrorResponse4 = new DefaultErrorResponse();
            defaultErrorResponse4.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
            defaultErrorResponse4.setType(BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
            defaultErrorResponse4.setReason("The client notification token is required if the Client is registered to use Ping or Push modes.");
            return defaultErrorResponse4;
        }
        if (Strings.isNotBlank(str5)) {
            Pattern compile = Pattern.compile(this.appConfiguration.getBackchannelBindingMessagePattern());
            if (!compile.matcher(str5).matches()) {
                DefaultErrorResponse defaultErrorResponse5 = new DefaultErrorResponse();
                defaultErrorResponse5.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                defaultErrorResponse5.setType(BackchannelAuthenticationErrorResponseType.INVALID_BINDING_MESSAGE);
                defaultErrorResponse5.setReason("The provided binding message is unacceptable. It must match the pattern: " + compile.pattern());
                return defaultErrorResponse5;
            }
        }
        if (BooleanUtils.isTrue(bool)) {
            if (Strings.isBlank(str6)) {
                DefaultErrorResponse defaultErrorResponse6 = new DefaultErrorResponse();
                defaultErrorResponse6.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                defaultErrorResponse6.setType(BackchannelAuthenticationErrorResponseType.INVALID_USER_CODE);
                defaultErrorResponse6.setReason("The user code is required.");
                return defaultErrorResponse6;
            }
            if (Strings.isBlank(str7)) {
                DefaultErrorResponse defaultErrorResponse7 = new DefaultErrorResponse();
                defaultErrorResponse7.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                defaultErrorResponse7.setType(BackchannelAuthenticationErrorResponseType.INVALID_USER_CODE);
                defaultErrorResponse7.setReason("The user code is not set.");
                return defaultErrorResponse7;
            }
            if (!str7.equals(str6)) {
                DefaultErrorResponse defaultErrorResponse8 = new DefaultErrorResponse();
                defaultErrorResponse8.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
                defaultErrorResponse8.setType(BackchannelAuthenticationErrorResponseType.INVALID_USER_CODE);
                defaultErrorResponse8.setReason("The user code is not valid.");
                return defaultErrorResponse8;
            }
        }
        if (num == null) {
            return null;
        }
        if (num.intValue() >= 1 && num.intValue() <= this.appConfiguration.getCibaMaxExpirationTimeAllowedSec()) {
            return null;
        }
        DefaultErrorResponse defaultErrorResponse9 = new DefaultErrorResponse();
        defaultErrorResponse9.setStatus(Response.Status.BAD_REQUEST.getStatusCode());
        defaultErrorResponse9.setType(BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
        defaultErrorResponse9.setReason("Requested expirity is not allowed.");
        return defaultErrorResponse9;
    }

    private boolean validateOneParamNotBlank(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (Strings.isNotBlank(str)) {
                arrayList.add(str);
            }
        }
        return arrayList.size() == 1;
    }
}
