package org.apereo.cas.oidc.web;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.oidc.util.OidcRequestSupport;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20ResponseModeTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationModelAndViewBuilder;
import org.apereo.cas.support.oauth.web.views.OAuth20CallbackAuthorizeViewResolver;
import org.apereo.cas.util.function.FunctionUtils;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.ProfileManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.web.servlet.view.json.MappingJackson2JsonView;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/OidcCallbackAuthorizeViewResolver.class */
public class OidcCallbackAuthorizeViewResolver implements OAuth20CallbackAuthorizeViewResolver {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcCallbackAuthorizeViewResolver.class);
    private final ServicesManager servicesManager;
    private final OAuth20AuthorizationModelAndViewBuilder authorizationModelAndViewBuilder;
    private final OAuth20RequestParameterResolver oauthRequestParameterResolver;

    @Override // org.apereo.cas.support.oauth.web.views.OAuth20CallbackAuthorizeViewResolver
    public ModelAndView resolve(WebContext webContext, ProfileManager profileManager, String str) {
        Set<String> resolveSupportedPromptValues = this.oauthRequestParameterResolver.resolveSupportedPromptValues(str);
        if (!resolveSupportedPromptValues.contains("none")) {
            if (!resolveSupportedPromptValues.contains("login")) {
                LOGGER.trace("Redirecting to URL [{}]", str);
                return new ModelAndView(new RedirectView(str));
            }
            LOGGER.trace("Removing login prompt from URL [{}]", str);
            String removeOidcPromptFromAuthorizationRequest = OidcRequestSupport.removeOidcPromptFromAuthorizationRequest(str, "login");
            LOGGER.trace("Redirecting to URL [{}]", removeOidcPromptFromAuthorizationRequest);
            return new ModelAndView(new RedirectView(removeOidcPromptFromAuthorizationRequest));
        }
        if (profileManager.getProfile().isPresent()) {
            LOGGER.trace("Redirecting to URL [{}] without prompting for login", str);
            return new ModelAndView(new RedirectView(str));
        }
        Optional<String> resolveRequestParameter = this.oauthRequestParameterResolver.resolveRequestParameter(webContext, "redirect_uri");
        if (resolveRequestParameter.isEmpty()) {
            HashMap hashMap = new HashMap();
            hashMap.put("error", "login_required");
            return new ModelAndView(new MappingJackson2JsonView(), hashMap);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("error", "login_required");
        this.oauthRequestParameterResolver.resolveRequestParameter(webContext, "state").ifPresent(str2 -> {
            linkedHashMap.put("state", str2);
        });
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, this.oauthRequestParameterResolver.resolveRequestParameter(webContext, "client_id").orElse(""));
        OAuth20ResponseModeTypes resolveResponseModeType = this.oauthRequestParameterResolver.resolveResponseModeType(webContext);
        boolean isResponseModeTypeFormPost = OAuth20Utils.isResponseModeTypeFormPost(registeredOAuthServiceByClientId, resolveResponseModeType);
        Objects.requireNonNull(resolveRequestParameter);
        String str3 = (String) FunctionUtils.doIf(isResponseModeTypeFormPost, resolveRequestParameter::get, () -> {
            return OidcRequestSupport.getRedirectUrlWithError((String) resolveRequestParameter.get(), "login_required", webContext);
        }).get();
        return (ModelAndView) FunctionUtils.doUnchecked(() -> {
            LOGGER.warn("Unable to detect authenticated user profile for prompt-less login attempts. Redirecting to URL [{}]", str3);
            return this.authorizationModelAndViewBuilder.build(registeredOAuthServiceByClientId, resolveResponseModeType, str3, linkedHashMap);
        });
    }

    @Generated
    public OidcCallbackAuthorizeViewResolver(ServicesManager servicesManager, OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder, OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
        this.servicesManager = servicesManager;
        this.authorizationModelAndViewBuilder = oAuth20AuthorizationModelAndViewBuilder;
        this.oauthRequestParameterResolver = oAuth20RequestParameterResolver;
    }
}
