package org.gluu.oxd.server.op;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.inject.Injector;
import com.sun.faces.context.UrlBuilder;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.model.util.Util;
import org.gluu.oxd.common.Command;
import org.gluu.oxd.common.ErrorResponseCode;
import org.gluu.oxd.common.params.GetAuthorizationUrlParams;
import org.gluu.oxd.common.response.GetAuthorizationUrlResponse;
import org.gluu.oxd.common.response.IOpResponse;
import org.gluu.oxd.server.HttpException;
import org.gluu.oxd.server.Utils;
import org.gluu.oxd.server.service.Rp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxd/server/op/GetAuthorizationUrlOperation.class */
public class GetAuthorizationUrlOperation extends BaseOperation<GetAuthorizationUrlParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetAuthorizationUrlOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetAuthorizationUrlOperation(Command command, Injector injector) {
        super(command, injector, GetAuthorizationUrlParams.class);
    }

    @Override // org.gluu.oxd.server.op.IOperation
    public IOpResponse execute(GetAuthorizationUrlParams getAuthorizationUrlParams) throws Exception {
        Rp rp = getRp();
        String authorizationEndpoint = getDiscoveryService().getConnectDiscoveryResponse(rp).getAuthorizationEndpoint();
        ArrayList newArrayList = Lists.newArrayList();
        if (getAuthorizationUrlParams.getScope() != null && !getAuthorizationUrlParams.getScope().isEmpty()) {
            newArrayList.addAll(getAuthorizationUrlParams.getScope());
        } else if (rp.getScope() != null) {
            newArrayList.addAll(rp.getScope());
        }
        if (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) && !Utils.isValidUrl(getAuthorizationUrlParams.getRedirectUri())) {
            throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
        }
        if (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) && !rp.getRedirectUris().contains(getAuthorizationUrlParams.getRedirectUri())) {
            throw new HttpException(ErrorResponseCode.REDIRECT_URI_IS_NOT_REGISTERED);
        }
        ArrayList newArrayList2 = Lists.newArrayList();
        if (getAuthorizationUrlParams.getResponseTypes() == null || getAuthorizationUrlParams.getResponseTypes().isEmpty() || !rp.getResponseTypes().containsAll(getAuthorizationUrlParams.getResponseTypes())) {
            newArrayList2.addAll(rp.getResponseTypes());
        } else {
            newArrayList2.addAll(getAuthorizationUrlParams.getResponseTypes());
        }
        String str = (((((authorizationEndpoint + "?response_type=" + Utils.joinAndUrlEncode(newArrayList2)) + "&client_id=" + rp.getClientId()) + "&redirect_uri=" + (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) ? getAuthorizationUrlParams.getRedirectUri() : rp.getRedirectUri())) + "&scope=" + Utils.joinAndUrlEncode(newArrayList)) + "&state=" + (StringUtils.isNotBlank(getAuthorizationUrlParams.getState()) ? getStateService().putState(Utils.encode(getAuthorizationUrlParams.getState())) : getStateService().generateState())) + "&nonce=" + getStateService().generateNonce();
        String trim = Utils.joinAndUrlEncode(acrValues(rp, getAuthorizationUrlParams)).trim();
        if (!Strings.isNullOrEmpty(trim)) {
            str = str + "&acr_values=" + trim;
        }
        if (!Strings.isNullOrEmpty(getAuthorizationUrlParams.getPrompt())) {
            str = str + "&prompt=" + getAuthorizationUrlParams.getPrompt();
        }
        if (!Strings.isNullOrEmpty(getAuthorizationUrlParams.getHostedDomain())) {
            str = str + "&hd=" + getAuthorizationUrlParams.getHostedDomain();
        }
        if (getAuthorizationUrlParams.getCustomParameters() != null && !getAuthorizationUrlParams.getCustomParameters().isEmpty()) {
            str = str + "&custom_response_headers=" + Utils.encode(Util.mapAsString(getAuthorizationUrlParams.getCustomParameters()));
        }
        if (getAuthorizationUrlParams.getParams() != null && !getAuthorizationUrlParams.getParams().isEmpty()) {
            str = str + UrlBuilder.PARAMETER_PAIR_SEPARATOR + Utils.mapAsStringWithEncodedValues(getAuthorizationUrlParams.getParams());
        }
        return new GetAuthorizationUrlResponse(str);
    }

    private List<String> acrValues(Rp rp, GetAuthorizationUrlParams getAuthorizationUrlParams) {
        List<String> acrValues = (getAuthorizationUrlParams.getAcrValues() == null || getAuthorizationUrlParams.getAcrValues().isEmpty()) ? rp.getAcrValues() : getAuthorizationUrlParams.getAcrValues();
        if (acrValues != null) {
            return acrValues;
        }
        LOG.error("acr value is null for site: " + rp);
        return new ArrayList();
    }
}
