package org.apereo.cas.support.oauth.validator.authorization;

import lombok.Generated;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.pac4j.core.context.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.15.jar:org/apereo/cas/support/oauth/validator/authorization/BaseOAuth20AuthorizationRequestValidator.class */
public abstract class BaseOAuth20AuthorizationRequestValidator implements OAuth20AuthorizationRequestValidator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseOAuth20AuthorizationRequestValidator.class);
    protected final ServicesManager servicesManager;
    protected final ServiceFactory<WebApplicationService> webApplicationServiceServiceFactory;
    protected final AuditableExecution registeredServiceAccessStrategyEnforcer;
    protected final OAuth20RequestParameterResolver requestParameterResolver;

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean preValidate(WebContext webContext) throws Exception {
        OAuthRegisteredService verifyRegisteredServiceByClientId = verifyRegisteredServiceByClientId(webContext, getClientIdFromRequest(webContext));
        return verifyRegisteredServiceByClientId != null && verifyRedirectUriForRegisteredService(webContext, verifyRegisteredServiceByClientId, getRedirectUriFromRequest(webContext)) && verifyResponseType(webContext, getResponseTypeFromRequest(webContext));
    }

    protected String getResponseTypeFromRequest(WebContext webContext) {
        return this.requestParameterResolver.resolveRequestParameter(webContext, "response_type").orElse("");
    }

    protected String getRedirectUriFromRequest(WebContext webContext) {
        return this.requestParameterResolver.resolveRequestParameter(webContext, "redirect_uri").orElse("");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getClientIdFromRequest(WebContext webContext) {
        return this.requestParameterResolver.resolveRequestParameter(webContext, "client_id").orElse("");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v6, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    public OAuthRegisteredService verifyRegisteredServiceByClientId(WebContext webContext, String str) {
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("Missing required parameter [{}]", "client_id");
            setErrorDetails(webContext, "invalid_request", String.format("Missing required parameter: [%s]", "client_id"), false);
            return null;
        }
        LOGGER.debug("Locating registered service for client id [{}]", str);
        OAuthRegisteredService registeredServiceByClientId = getRegisteredServiceByClientId(str);
        if (!this.registeredServiceAccessStrategyEnforcer.execute(AuditableContext.builder().registeredService(registeredServiceByClientId).build()).isExecutionFailure()) {
            return registeredServiceByClientId;
        }
        LOGGER.warn("Registered service [{}] is not found or is not authorized for access.", ObjectUtils.defaultIfNull(registeredServiceByClientId, str));
        setErrorDetails(webContext, "invalid_request", "", false);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setErrorDetails(WebContext webContext, String str, String str2, boolean z) {
        webContext.setRequestAttribute("error", str);
        webContext.setRequestAttribute("error_description", str2);
        webContext.setRequestAttribute(OAuth20Constants.ERROR_WITH_CALLBACK, Boolean.valueOf(z));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService getRegisteredServiceByClientId(String str) {
        return OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, str);
    }

    protected boolean verifyRedirectUriForRegisteredService(WebContext webContext, OAuthRegisteredService oAuthRegisteredService, String str) {
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("Missing required parameter [{}]", "redirect_uri");
            setErrorDetails(webContext, "invalid_request", String.format("Missing required parameter: [%s]", "redirect_uri"), false);
            return false;
        }
        if (OAuth20Utils.checkCallbackValid(oAuthRegisteredService, str)) {
            return true;
        }
        LOGGER.warn("Callback URL [{}] is not authorized for registered service [{}].", str, oAuthRegisteredService.getServiceId());
        setErrorDetails(webContext, "invalid_request", "", false);
        return false;
    }

    private boolean verifyResponseType(WebContext webContext, String str) {
        if (StringUtils.isBlank(str)) {
            setErrorDetails(webContext, "unsupported_response_type", String.format("Missing required parameter: [%s]", "response_type"), true);
            return false;
        }
        if (OAuth20Utils.checkResponseTypes(str, OAuth20ResponseTypes.values())) {
            return true;
        }
        LOGGER.warn("Response type [{}] is not found in the list of supported values [{}].", str, OAuth20ResponseTypes.values());
        setErrorDetails(webContext, "unsupported_response_type", String.format("Unsupported response_type: [%s]", str), true);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseOAuth20AuthorizationRequestValidator(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, AuditableExecution auditableExecution, OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
        this.servicesManager = servicesManager;
        this.webApplicationServiceServiceFactory = serviceFactory;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
        this.requestParameterResolver = oAuth20RequestParameterResolver;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public ServiceFactory<WebApplicationService> getWebApplicationServiceServiceFactory() {
        return this.webApplicationServiceServiceFactory;
    }

    @Generated
    public AuditableExecution getRegisteredServiceAccessStrategyEnforcer() {
        return this.registeredServiceAccessStrategyEnforcer;
    }

    @Generated
    public OAuth20RequestParameterResolver getRequestParameterResolver() {
        return this.requestParameterResolver;
    }
}
