package org.apereo.cas.support.oauth.util;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.pac4j.core.context.J2EContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;

/* loaded from: input_file:org/apereo/cas/support/oauth/util/OAuth20Utils.class */
public final class OAuth20Utils {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth20Utils.class);
    private static final ObjectWriter WRITER = new ObjectMapper().findAndRegisterModules().writer().withDefaultPrettyPrinter();

    public static ModelAndView writeTextError(HttpServletResponse httpServletResponse, String str) {
        return writeText(httpServletResponse, "error=" + str, 400);
    }

    public static ModelAndView writeText(HttpServletResponse httpServletResponse, String str, int i) {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            Throwable th = null;
            try {
                httpServletResponse.setStatus(i);
                writer.print(str);
                if (writer != null) {
                    if (0 != 0) {
                        try {
                            writer.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        writer.close();
                    }
                }
                return null;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.error("Failed to write to response", e);
            return null;
        }
    }

    public static ModelAndView redirectTo(View view) {
        return new ModelAndView(view);
    }

    public static OAuthRegisteredService getRegisteredOAuthServiceByClientId(ServicesManager servicesManager, String str) {
        return getRegisteredOAuthServiceByPredicate(servicesManager, oAuthRegisteredService -> {
            return oAuthRegisteredService.getClientId().equals(str);
        });
    }

    public static OAuthRegisteredService getRegisteredOAuthServiceByRedirectUri(ServicesManager servicesManager, String str) {
        return getRegisteredOAuthServiceByPredicate(servicesManager, oAuthRegisteredService -> {
            return oAuthRegisteredService.matches(str);
        });
    }

    @SuppressFBWarnings({"PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS"})
    private static OAuthRegisteredService getRegisteredOAuthServiceByPredicate(ServicesManager servicesManager, Predicate<OAuthRegisteredService> predicate) {
        Stream stream = servicesManager.getAllServices().stream();
        Class<OAuthRegisteredService> cls = OAuthRegisteredService.class;
        Objects.requireNonNull(OAuthRegisteredService.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<OAuthRegisteredService> cls2 = OAuthRegisteredService.class;
        Objects.requireNonNull(OAuthRegisteredService.class);
        return (OAuthRegisteredService) filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(predicate).findFirst().orElse(null);
    }

    public static Map<String, Object> getRequestParameters(Collection<String> collection, HttpServletRequest httpServletRequest) {
        return (Map) collection.stream().filter(str -> {
            return StringUtils.isNotBlank(httpServletRequest.getParameter(str));
        }).map(str2 -> {
            String[] parameterValues = httpServletRequest.getParameterValues(str2);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            if (parameterValues != null && parameterValues.length > 0) {
                Arrays.stream(parameterValues).forEach(str2 -> {
                    linkedHashSet.addAll((Collection) Arrays.stream(str2.split(" ")).collect(Collectors.toSet()));
                });
            }
            return Pair.of(str2, linkedHashSet);
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public static Collection<String> getRequestedScopes(J2EContext j2EContext) {
        return getRequestedScopes(j2EContext.getRequest());
    }

    public static Collection<String> getRequestedScopes(HttpServletRequest httpServletRequest) {
        Map<String, Object> requestParameters = getRequestParameters(CollectionUtils.wrap("scope"), httpServletRequest);
        return (requestParameters == null || requestParameters.isEmpty()) ? new ArrayList(0) : (Collection) requestParameters.get("scope");
    }

    public static ModelAndView produceUnauthorizedErrorView() {
        return produceErrorView(new UnauthorizedServiceException("screen.service.error.message", ""));
    }

    public static ModelAndView produceErrorView(Exception exc) {
        HashMap hashMap = new HashMap();
        hashMap.put("rootCauseException", exc);
        return new ModelAndView("casServiceErrorView", hashMap);
    }

    public static String casOAuthCallbackUrl(String str) {
        return str.concat("/oauth2.0/callbackAuthorize");
    }

    public static String jsonify(Map map) {
        return WRITER.writeValueAsString(map);
    }

    public static OAuth20ResponseTypes getResponseType(J2EContext j2EContext) {
        String requestParameter = j2EContext.getRequestParameter("response_type");
        OAuth20ResponseTypes oAuth20ResponseTypes = (OAuth20ResponseTypes) Arrays.stream(OAuth20ResponseTypes.values()).filter(oAuth20ResponseTypes2 -> {
            return oAuth20ResponseTypes2.getType().equalsIgnoreCase(requestParameter);
        }).findFirst().orElse(OAuth20ResponseTypes.CODE);
        LOGGER.debug("OAuth response type is [{}]", oAuth20ResponseTypes);
        return oAuth20ResponseTypes;
    }

    public static boolean isGrantType(String str, OAuth20GrantTypes oAuth20GrantTypes) {
        return oAuth20GrantTypes.name().equalsIgnoreCase(str);
    }

    public static boolean isResponseType(String str, OAuth20ResponseTypes oAuth20ResponseTypes) {
        return oAuth20ResponseTypes.getType().equalsIgnoreCase(str);
    }

    public static boolean isAuthorizedResponseTypeForService(J2EContext j2EContext, OAuthRegisteredService oAuthRegisteredService) {
        String requestParameter = j2EContext.getRequestParameter("response_type");
        if (oAuthRegisteredService.getSupportedResponseTypes() == null || oAuthRegisteredService.getSupportedResponseTypes().isEmpty()) {
            LOGGER.warn("Registered service [{}] does not define any authorized/supported response types. It is STRONGLY recommended that you authorize and assign response types to the service definition. While just a warning for now, this behavior will be enforced by CAS in future versions.", oAuthRegisteredService.getName());
            return true;
        }
        LOGGER.debug("Checking response type [{}] against supported response types [{}]", requestParameter, oAuthRegisteredService.getSupportedResponseTypes());
        return oAuthRegisteredService.getSupportedResponseTypes().stream().anyMatch(str -> {
            return str.equalsIgnoreCase(requestParameter);
        });
    }

    public static boolean isAuthorizedGrantTypeForService(J2EContext j2EContext, OAuthRegisteredService oAuthRegisteredService) {
        String requestParameter = j2EContext.getRequestParameter("grant_type");
        if (oAuthRegisteredService.getSupportedGrantTypes() == null || oAuthRegisteredService.getSupportedGrantTypes().isEmpty()) {
            LOGGER.warn("Registered service [{}] does not define any authorized/supported grant types. It is STRONGLY recommended that you authorize and assign grant types to the service definition. While just a warning for now, this behavior will be enforced by CAS in future versions.", oAuthRegisteredService.getName());
            return true;
        }
        LOGGER.debug("Checking grant type [{}] against supported grant types [{}]", requestParameter, oAuthRegisteredService.getSupportedGrantTypes());
        return oAuthRegisteredService.getSupportedGrantTypes().stream().anyMatch(str -> {
            return str.equalsIgnoreCase(requestParameter);
        });
    }

    public static Set<String> parseRequestScopes(J2EContext j2EContext) {
        return parseRequestScopes(j2EContext.getRequest());
    }

    public static Set<String> parseRequestScopes(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("scope");
        return StringUtils.isBlank(parameter) ? new HashSet(0) : CollectionUtils.wrapSet(parameter.split(" "));
    }

    public static String getServiceRequestHeaderIfAny(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return null;
        }
        String header = httpServletRequest.getHeader("service");
        if (StringUtils.isBlank(header)) {
            header = httpServletRequest.getHeader("X-".concat("service"));
        }
        return header;
    }

    public static boolean checkCallbackValid(RegisteredService registeredService, String str) {
        String serviceId = registeredService.getServiceId();
        LOGGER.debug("Found: [{}] vs redirectUri: [{}]", registeredService, str);
        if (str.matches(serviceId)) {
            return true;
        }
        LOGGER.error("Unsupported [{}]: [{}] does not match what is defined for registered service: [{}]. Service is considered unauthorized. Verify the service definition in the registry is correct and does in fact match the client [{}]", new Object[]{"redirect_uri", str, serviceId, str});
        return false;
    }

    public static boolean checkClientSecret(OAuthRegisteredService oAuthRegisteredService, String str) {
        LOGGER.debug("Found: [{}] in secret check", oAuthRegisteredService);
        if (StringUtils.isBlank(oAuthRegisteredService.getClientSecret())) {
            LOGGER.debug("The client secret is not defined for the registered service [{}]", oAuthRegisteredService.getName());
            return true;
        }
        if (StringUtils.equals(oAuthRegisteredService.getClientSecret(), str)) {
            return true;
        }
        LOGGER.error("Wrong client secret for service: [{}]", oAuthRegisteredService);
        return false;
    }

    public static boolean checkResponseTypes(String str, OAuth20ResponseTypes... oAuth20ResponseTypesArr) {
        LOGGER.debug("Response type: [{}]", str);
        boolean anyMatch = Stream.of((Object[]) oAuth20ResponseTypesArr).anyMatch(oAuth20ResponseTypes -> {
            return isResponseType(str, oAuth20ResponseTypes);
        });
        if (!anyMatch) {
            LOGGER.error("Unsupported response type: [{}]", str);
        }
        return anyMatch;
    }

    @Generated
    private OAuth20Utils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
