package org.xdi.oxauth.uma.ws.rs;

import java.net.URI;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.xdi.model.custom.script.conf.CustomScriptConfiguration;
import org.xdi.oxauth.model.common.SessionId;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.uma.UmaErrorResponseType;
import org.xdi.oxauth.model.uma.persistence.UmaPermission;
import org.xdi.oxauth.service.UserService;
import org.xdi.oxauth.service.external.ExternalUmaClaimsGatheringService;
import org.xdi.oxauth.uma.authorization.UmaGatherContext;
import org.xdi.oxauth.uma.authorization.UmaWebException;
import org.xdi.oxauth.uma.service.UmaPctService;
import org.xdi.oxauth.uma.service.UmaPermissionService;
import org.xdi.oxauth.uma.service.UmaSessionService;
import org.xdi.oxauth.uma.service.UmaValidationService;

@Path(UmaMetadataWS.UMA_CLAIMS_GATHERING_PATH)
/* loaded from: input_file:org/xdi/oxauth/uma/ws/rs/UmaGatheringWS.class */
public class UmaGatheringWS {

    @Inject
    private Logger log;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private UmaValidationService validationService;

    @Inject
    private ExternalUmaClaimsGatheringService external;

    @Inject
    private UmaSessionService sessionService;

    @Inject
    private UmaPermissionService permissionService;

    @Inject
    private UmaPctService pctService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private UserService userService;

    public Response gatherClaims(String str, String str2, String str3, String str4, Boolean bool, Boolean bool2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SessionId session;
        List<UmaPermission> validateTicketWithRedirect;
        String[] validatesGatheringScriptNames;
        CustomScriptConfiguration determineScript;
        try {
            this.log.trace("gatherClaims client_id: {}, ticket: {}, claims_redirect_uri: {}, state: {}, authenticationRedirect: {}, queryString: {}", new Object[]{str, str2, str3, str4, bool2, httpServletRequest.getQueryString()});
            session = this.sessionService.getSession(httpServletRequest, httpServletResponse);
            if (bool2 != null && bool2.booleanValue()) {
                this.log.debug("Authentication redirect, restoring parameters from session ...");
                if (session == null) {
                    this.log.error("Session is null however authentication=true. Wrong workflow! Please correct custom Glaims-Gathering Script.");
                    throw new UmaWebException(Response.Status.BAD_REQUEST, this.errorResponseFactory, UmaErrorResponseType.INVALID_SESSION);
                }
                str = this.sessionService.getClientId(session);
                str2 = this.sessionService.getTicket(session);
                str3 = this.sessionService.getClaimsRedirectUri(session);
                str4 = this.sessionService.getState(session);
                this.log.debug("Restored parameters from session, clientId: {}, ticket: {}, claims_redirect_uri: {}, state: {}", new Object[]{str, str2, str3, str4});
            }
            this.validationService.validateClientAndClaimsRedirectUri(str, str3, str4);
            validateTicketWithRedirect = this.validationService.validateTicketWithRedirect(str2, str3, str4);
            validatesGatheringScriptNames = this.validationService.validatesGatheringScriptNames(getScriptNames(validateTicketWithRedirect), str3, str4);
            determineScript = this.external.determineScript(validatesGatheringScriptNames);
        } catch (Exception e) {
            this.log.error("Exception happened", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
        }
        if (determineScript == null) {
            this.log.error("Failed to determine claims-gathering script for names: " + Arrays.toString(validatesGatheringScriptNames));
            throw new UmaWebException(str3, this.errorResponseFactory, UmaErrorResponseType.INVALID_CLAIMS_GATHERING_SCRIPT_NAME, str4);
        }
        this.sessionService.configure(session, determineScript.getName(), bool, validateTicketWithRedirect, str, str3, str4);
        UmaGatherContext umaGatherContext = new UmaGatherContext(determineScript.getConfigurationAttributes(), httpServletRequest, session, this.sessionService, this.permissionService, this.pctService, new HashMap(), this.userService, null, this.appConfiguration);
        int step = this.sessionService.getStep(session);
        int stepsCount = this.external.getStepsCount(determineScript, umaGatherContext);
        if (step >= stepsCount) {
            this.log.error("Step '{}' is more or equal to stepCount: '{}'", Integer.valueOf(stepsCount));
            this.log.error("Failed to handle call to UMA Claims Gathering Endpoint.");
            throw new UmaWebException(Response.Status.INTERNAL_SERVER_ERROR, this.errorResponseFactory, UmaErrorResponseType.SERVER_ERROR);
        }
        String pageForStep = this.external.getPageForStep(determineScript, step, umaGatherContext);
        umaGatherContext.persist();
        String removeEnd = StringUtils.removeEnd(StringUtils.removeEnd(StringUtils.removeEnd(StringUtils.removeEnd(this.appConfiguration.getBaseEndpoint(), "/"), "restv1"), "/") + pageForStep, ".xhtml");
        this.log.trace("Redirecting to page: '{}', fullUri: {}", pageForStep, removeEnd);
        return Response.status(Response.Status.FOUND).location(new URI(removeEnd)).build();
    }

    private static String getScriptNames(List<UmaPermission> list) {
        return (String) list.get(0).getAttributes().get("gathering_id");
    }

    @GET
    @Produces({"application/json"})
    public Response getGatherClaims(@QueryParam("client_id") String str, @QueryParam("ticket") String str2, @QueryParam("claims_redirect_uri") String str3, @QueryParam("state") String str4, @QueryParam("reset") Boolean bool, @QueryParam("authentication") Boolean bool2, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        return gatherClaims(str, str2, str3, str4, bool, bool2, httpServletRequest, httpServletResponse);
    }

    @POST
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response postGatherClaims(@FormParam("client_id") String str, @FormParam("ticket") String str2, @FormParam("claims_redirect_uri") String str3, @FormParam("state") String str4, @FormParam("reset") Boolean bool, @FormParam("authentication") Boolean bool2, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        return gatherClaims(str, str2, str3, str4, bool, bool2, httpServletRequest, httpServletResponse);
    }
}
