package org.apereo.cas.oidc.web;

import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest;
import org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.jooq.lambda.Unchecked;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/OidcConsentApprovalViewResolver.class */
public class OidcConsentApprovalViewResolver extends OAuth20ConsentApprovalViewResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcConsentApprovalViewResolver.class);
    private final TicketRegistry ticketRegistry;
    private final TicketFactory ticketFactory;
    private final OAuth20RequestParameterResolver oauthRequestParameterResolver;

    public OidcConsentApprovalViewResolver(CasConfigurationProperties casConfigurationProperties, SessionStore sessionStore, TicketRegistry ticketRegistry, TicketFactory ticketFactory, OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
        super(casConfigurationProperties, sessionStore);
        this.ticketRegistry = ticketRegistry;
        this.ticketFactory = ticketFactory;
        this.oauthRequestParameterResolver = oAuth20RequestParameterResolver;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver
    public boolean isConsentApprovalBypassed(WebContext webContext, OAuthRegisteredService oAuthRegisteredService) {
        if (oAuthRegisteredService instanceof OidcRegisteredService) {
            if (webContext.getRequestURL().endsWith(OidcConstants.PUSHED_AUTHORIZE_URL)) {
                LOGGER.trace("Consent approval is bypassed for pushed authorization requests");
                return true;
            }
            if (this.oauthRequestParameterResolver.resolveSupportedPromptValues(webContext).contains(OidcConstants.PROMPT_CONSENT)) {
                return false;
            }
        }
        return super.isConsentApprovalBypassed(webContext, oAuthRegisteredService);
    }

    @Override // org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver
    protected String getApprovalViewName() {
        return OidcConstants.CONFIRM_VIEW;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver
    public void prepareApprovalViewModel(Map<String, Object> map, WebContext webContext, OAuthRegisteredService oAuthRegisteredService) throws Exception {
        super.prepareApprovalViewModel(map, webContext, oAuthRegisteredService);
        if (oAuthRegisteredService instanceof OidcRegisteredService) {
            OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) oAuthRegisteredService;
            map.put("dynamic", Boolean.valueOf(oidcRegisteredService.isDynamicallyRegistered()));
            map.put("dynamicTime", oidcRegisteredService.getDynamicRegistrationDateTime());
            HashSet hashSet = new HashSet(this.casProperties.getAuthn().getOidc().getDiscovery().getScopes());
            hashSet.retainAll(oidcRegisteredService.getScopes());
            Collection<String> resolveRequestedScopes = this.oauthRequestParameterResolver.resolveRequestedScopes(webContext);
            Set<String> resolveUserInfoRequestClaims = this.oauthRequestParameterResolver.resolveUserInfoRequestClaims(webContext);
            webContext.getRequestParameter(OidcConstants.REQUEST_URI).ifPresent(Unchecked.consumer(str -> {
                AccessTokenRequestContext accessTokenRequest = ((OidcPushedAuthorizationRequestFactory) this.ticketFactory.get(OidcPushedAuthorizationRequest.class)).toAccessTokenRequest((OidcPushedAuthorizationRequest) this.ticketRegistry.getTicket(str, OidcPushedAuthorizationRequest.class));
                resolveUserInfoRequestClaims.addAll(accessTokenRequest.getClaims().keySet());
                resolveRequestedScopes.addAll(accessTokenRequest.getScopes());
            }));
            hashSet.retainAll(resolveRequestedScopes);
            hashSet.add(OidcConstants.StandardScopes.OPENID.getScope());
            map.put("scopes", hashSet);
            map.put("userInfoClaims", resolveUserInfoRequestClaims);
        }
    }
}
