package org.apereo.cas.oidc.web;

import java.util.HashMap;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequest;
import org.apereo.cas.oidc.ticket.OidcPushedAuthorizationRequestFactory;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.response.OAuth20AuthorizationRequest;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.support.oauth.web.response.callback.BaseOAuth20AuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationModelAndViewBuilder;
import org.apereo.cas.util.function.FunctionUtils;
import org.jooq.lambda.Unchecked;
import org.pac4j.core.context.WebContext;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/OidcPushedAuthorizationRequestUriResponseBuilder.class */
public class OidcPushedAuthorizationRequestUriResponseBuilder extends BaseOAuth20AuthorizationResponseBuilder<OidcConfigurationContext> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcPushedAuthorizationRequestUriResponseBuilder.class);

    public OidcPushedAuthorizationRequestUriResponseBuilder(OidcConfigurationContext oidcConfigurationContext, OAuth20AuthorizationModelAndViewBuilder oAuth20AuthorizationModelAndViewBuilder) {
        super(oidcConfigurationContext, oAuth20AuthorizationModelAndViewBuilder);
    }

    @Override // org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder
    public ModelAndView build(AccessTokenRequestContext accessTokenRequestContext) throws Exception {
        OidcPushedAuthorizationRequest create = ((OidcPushedAuthorizationRequestFactory) ((OidcConfigurationContext) this.configurationContext).getTicketFactory().get(OidcPushedAuthorizationRequest.class)).create(accessTokenRequestContext);
        LOGGER.debug("Generated pushed authorization URI code: [{}]", create);
        ((OidcConfigurationContext) this.configurationContext).getTicketRegistry().addTicket(create);
        HashMap hashMap = new HashMap();
        hashMap.put("expires_in", String.valueOf(create.getExpirationPolicy().getTimeToLive()));
        hashMap.put(OidcConstants.REQUEST_URI, create.getId());
        LOGGER.debug("Pushed authorization request verification successful for client [{}] with redirect uri [{}]", accessTokenRequestContext.getClientId(), accessTokenRequestContext.getRedirectUri());
        return this.authorizationModelAndViewBuilder.build(accessTokenRequestContext.getRegisteredService(), accessTokenRequestContext.getResponseMode(), accessTokenRequestContext.getRedirectUri(), hashMap);
    }

    @Override // org.apereo.cas.support.oauth.web.response.callback.BaseOAuth20AuthorizationResponseBuilder, org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder
    public Optional<OAuth20AuthorizationRequest.OAuth20AuthorizationRequestBuilder> toAuthorizationRequest(WebContext webContext, Authentication authentication, Service service, OAuthRegisteredService oAuthRegisteredService) {
        Optional<String> requestParameter = webContext.getRequestParameter(OidcConstants.REQUEST_URI);
        if (webContext.getRequestURL().endsWith(OidcConstants.AUTHORIZE_URL) && requestParameter.isEmpty()) {
            return Optional.empty();
        }
        OAuth20AuthorizationRequest.OAuth20AuthorizationRequestBuilder oAuth20AuthorizationRequestBuilder = super.toAuthorizationRequest(webContext, authentication, service, oAuthRegisteredService).get();
        return (Optional) requestParameter.map(Unchecked.function(str -> {
            OidcPushedAuthorizationRequestFactory oidcPushedAuthorizationRequestFactory = (OidcPushedAuthorizationRequestFactory) ((OidcConfigurationContext) this.configurationContext).getTicketFactory().get(OidcPushedAuthorizationRequest.class);
            OidcPushedAuthorizationRequest oidcPushedAuthorizationRequest = (OidcPushedAuthorizationRequest) ((OidcConfigurationContext) this.configurationContext).getTicketRegistry().getTicket(str, OidcPushedAuthorizationRequest.class);
            AccessTokenRequestContext accessTokenRequest = oidcPushedAuthorizationRequestFactory.toAccessTokenRequest(oidcPushedAuthorizationRequest);
            oidcPushedAuthorizationRequest.update();
            FunctionUtils.doIf(oidcPushedAuthorizationRequest.isExpired(), Unchecked.consumer(obj -> {
                ((OidcConfigurationContext) this.configurationContext).getTicketRegistry().deleteTicket(oidcPushedAuthorizationRequest);
            }), Unchecked.consumer(obj2 -> {
                ((OidcConfigurationContext) this.configurationContext).getTicketRegistry().updateTicket(oidcPushedAuthorizationRequest);
            })).accept(oidcPushedAuthorizationRequest);
            accessTokenRequest.setTicketGrantingTicket(((OidcConfigurationContext) this.configurationContext).fetchTicketGrantingTicketFrom((JEEContext) webContext));
            return Optional.of(oAuth20AuthorizationRequestBuilder.accessTokenRequest(accessTokenRequest).responseType(accessTokenRequest.getResponseType().getType()).clientId(accessTokenRequest.getClientId()).grantType(accessTokenRequest.getGrantType().getType()));
        })).orElseGet(() -> {
            return Optional.of(oAuth20AuthorizationRequestBuilder.singleSignOnSessionRequired(!webContext.getRequestURL().endsWith(OidcConstants.PUSHED_AUTHORIZE_URL)));
        });
    }

    @Override // org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder
    public boolean supports(OAuth20AuthorizationRequest oAuth20AuthorizationRequest) {
        return oAuth20AuthorizationRequest.getUrl().endsWith(OidcConstants.PUSHED_AUTHORIZE_URL) && StringUtils.isNotBlank(oAuth20AuthorizationRequest.getClientId());
    }

    @Override // org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder, org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }
}
