package org.xdi.oxauth.service;

import com.google.common.collect.Sets;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.ejb.Stateless;
import javax.faces.application.FacesMessage;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.gluu.jsf2.message.FacesMessages;
import org.gluu.jsf2.service.FacesService;
import org.slf4j.Logger;
import org.xdi.model.security.Identity;
import org.xdi.oxauth.auth.Authenticator;
import org.xdi.oxauth.model.authorize.AuthorizeErrorResponseType;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.ResponseType;
import org.xdi.oxauth.model.common.Scope;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.util.ServerUtil;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/service/AuthorizeService.class */
public class AuthorizeService {
    public static final List<String> ALLOWED_PARAMETER = Collections.unmodifiableList(Arrays.asList("scope", "response_type", "client_id", "redirect_uri", "state", "response_mode", "nonce", "display", "prompt", "max_age", "ui_locales", "id_token_hint", "login_hint", "acr_values", SessionIdService.SESSION_ID_COOKIE_NAME, "request", "request_uri", "origin_headers", "code_challenge", "code_challenge_method", "custom_response_headers", "claims"));

    @Inject
    private Logger log;

    @Inject
    private ClientService clientService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private UserService userService;

    @Inject
    private ClientAuthorizationsService clientAuthorizationsService;

    @Inject
    private Identity identity;

    @Inject
    private Authenticator authenticator;

    @Inject
    private FacesService facesService;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private ScopeService scopeService;

    @Inject
    private RequestParameterService requestParameterService;

    public SessionId getSession() {
        return getSession(null);
    }

    public SessionId getSession(String str) {
        if (StringUtils.isBlank(str)) {
            str = this.sessionIdService.getSessionIdFromCookie();
            if (StringUtils.isBlank(str)) {
                return null;
            }
        }
        if (!this.identity.isLoggedIn()) {
            this.authenticator.authenticateBySessionId(str);
        }
        SessionId sessionId = this.sessionIdService.getSessionId(str);
        if (sessionId == null) {
            this.identity.logout();
        }
        return sessionId;
    }

    public void permissionGranted(HttpServletRequest httpServletRequest, SessionId sessionId) {
        this.log.trace("permissionGranted");
        try {
            User userByDn = this.userService.getUserByDn(sessionId.getUserDn(), new String[0]);
            if (userByDn == null) {
                this.log.error("Permission denied. Failed to find session user: userDn = " + sessionId.getUserDn() + ".");
                permissionDenied(sessionId);
                return;
            }
            String str = sessionId.getSessionAttributes().get("client_id");
            Client client = this.clientService.getClient(str);
            String str2 = sessionId.getSessionAttributes().get("scope");
            boolean z = ServerUtil.isFalse(this.appConfiguration.getUseCacheForAllImplicitFlowObjects()) || !ResponseType.isImplicitFlow(sessionId.getSessionAttributes().get("response_type"));
            if (!client.getTrustedClient() && z) {
                this.clientAuthorizationsService.add(userByDn.getAttribute("inum"), client.getClientId(), Sets.newHashSet(org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(str2)), client.getPersistClientAuthorizations());
            }
            sessionId.addPermission(str, true);
            this.sessionIdService.updateSessionId(sessionId);
            this.sessionIdService.createSessionIdCookie(sessionId.getId(), sessionId.getSessionState(), false);
            Map<String, String> allowedParameters = this.requestParameterService.getAllowedParameters(sessionId.getSessionAttributes());
            if (allowedParameters.containsKey("prompt")) {
                List fromString = Prompt.fromString(allowedParameters.get("prompt"), " ");
                fromString.remove(Prompt.CONSENT);
                allowedParameters.put("prompt", org.xdi.oxauth.model.util.StringUtils.implodeEnum(fromString, " "));
            }
            String str3 = httpServletRequest.getContextPath() + "/restv1/authorize?" + this.requestParameterService.parametersAsString(allowedParameters);
            this.log.trace("permissionGranted, redirectTo: {}", str3);
            this.facesService.redirectToExternalURL(str3);
        } catch (UnsupportedEncodingException e) {
            this.log.trace(e.getMessage(), e);
        }
    }

    public void permissionDenied(SessionId sessionId) {
        this.log.trace("permissionDenied");
        if (sessionId == null) {
            authenticationFailedSessionInvalid();
            return;
        }
        StringBuilder sb = new StringBuilder();
        String str = sessionId.getSessionAttributes().get("redirect_uri");
        String str2 = sessionId.getSessionAttributes().get("state");
        sb.append(str);
        if (str == null || !str.contains("?")) {
            sb.append("?");
        } else {
            sb.append("&");
        }
        sb.append(this.errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.ACCESS_DENIED, str2));
        this.facesService.redirectToExternalURL(sb.toString());
    }

    private void authenticationFailedSessionInvalid() {
        this.facesMessages.add(FacesMessage.SEVERITY_ERROR, Authenticator.INVALID_SESSION_MESSAGE);
        this.facesService.redirect("/error.xhtml");
    }

    public List<Scope> getScopes() {
        return getScopes(getSession().getSessionAttributes().get("scope"));
    }

    public List<Scope> getScopes(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null && !str.isEmpty()) {
            for (String str2 : str.split(" ")) {
                Scope scopeByDisplayName = this.scopeService.getScopeByDisplayName(str2);
                if (scopeByDisplayName != null && scopeByDisplayName.getDescription() != null) {
                    arrayList.add(scopeByDisplayName);
                }
            }
        }
        return arrayList;
    }
}
