package org.apereo.cas.oidc.util;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.BasicUserProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/util/OidcRequestSupport.class */
public class OidcRequestSupport {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcRequestSupport.class);
    private final CasCookieBuilder ticketGrantingTicketCookieGenerator;
    private final TicketRegistrySupport ticketRegistrySupport;

    public static Optional<Long> getOidcMaxAgeFromAuthorizationRequest(WebContext webContext) {
        return (Optional) FunctionUtils.doUnchecked(() -> {
            return (Optional) ((Optional) new URIBuilder(webContext.getFullRequestURL()).getQueryParams().stream().filter(nameValuePair -> {
                return "max_age".equals(nameValuePair.getName());
            }).map(nameValuePair2 -> {
                return Optional.of(nameValuePair2.getValue());
            }).findFirst().orElseGet(() -> {
                return webContext.getRequestParameter("max_age");
            })).map(str -> {
                return Optional.of(Long.valueOf(NumberUtils.toLong(str, -1L)));
            }).orElseGet(Optional::empty);
        });
    }

    public static Optional<UserProfile> isAuthenticationProfileAvailable(JEEContext jEEContext, SessionStore sessionStore) {
        return new ProfileManager(jEEContext, sessionStore).getProfile();
    }

    public static String getRedirectUrlWithError(String str, String str2, WebContext webContext) {
        return (String) FunctionUtils.doUnchecked(() -> {
            URIBuilder addParameter = new URIBuilder(str).addParameter("error", str2);
            webContext.getRequestParameter("state").ifPresent(str3 -> {
                addParameter.addParameter("state", str3);
            });
            return addParameter.build().toASCIIString();
        });
    }

    public static String removeOidcPromptFromAuthorizationRequest(String str, String str2) {
        return (String) FunctionUtils.doUnchecked(() -> {
            URIBuilder uRIBuilder = new URIBuilder(str);
            return uRIBuilder.removeQuery().addParameters((List) uRIBuilder.getQueryParams().stream().filter(nameValuePair -> {
                return ("prompt".equals(nameValuePair.getName()) && nameValuePair.getValue().equalsIgnoreCase(str2)) ? false : true;
            }).collect(Collectors.toList())).build().toASCIIString();
        });
    }

    public static boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, ZonedDateTime zonedDateTime) {
        Optional<Long> oidcMaxAgeFromAuthorizationRequest = getOidcMaxAgeFromAuthorizationRequest(webContext);
        if (!oidcMaxAgeFromAuthorizationRequest.isPresent() || oidcMaxAgeFromAuthorizationRequest.get().longValue() <= 0) {
            return false;
        }
        long epochSecond = ZonedDateTime.now(ZoneOffset.UTC).toEpochSecond();
        long epochSecond2 = zonedDateTime.toEpochSecond();
        long j = epochSecond - epochSecond2;
        if (j <= oidcMaxAgeFromAuthorizationRequest.get().longValue()) {
            return false;
        }
        LOGGER.info("Authentication is too old: [{}] and was created [{}] seconds ago.", Long.valueOf(epochSecond2), Long.valueOf(j));
        return true;
    }

    public static boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, Authentication authentication) {
        return isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, authentication.getAuthenticationDate());
    }

    public static boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, BasicUserProfile basicUserProfile) {
        Object attribute = basicUserProfile.getAttribute("authenticationDate");
        if (attribute == null) {
            attribute = basicUserProfile.getAuthenticationAttribute("authenticationDate");
        }
        if (attribute == null) {
            return false;
        }
        return isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, ZonedDateTime.parse(CollectionUtils.toCollection(attribute).iterator().next().toString()));
    }

    public boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext) {
        return isCasAuthenticationAvailable(webContext).filter(authentication -> {
            return isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, authentication);
        }).isPresent();
    }

    public Optional<Authentication> isCasAuthenticationAvailable(WebContext webContext) {
        Authentication authenticationFrom;
        JEEContext jEEContext = (JEEContext) webContext;
        if (jEEContext != null) {
            String retrieveCookieValue = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(jEEContext.getNativeRequest());
            if (StringUtils.isNotBlank(retrieveCookieValue) && (authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(retrieveCookieValue)) != null) {
                return Optional.of(authenticationFrom);
            }
        }
        return Optional.empty();
    }

    @Generated
    public OidcRequestSupport(CasCookieBuilder casCookieBuilder, TicketRegistrySupport ticketRegistrySupport) {
        this.ticketGrantingTicketCookieGenerator = casCookieBuilder;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }
}
