package org.apereo.cas.oidc.web.controllers;

import com.google.common.base.Throwables;
import java.util.ArrayList;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.message.BasicNameValuePair;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.oidc.token.OidcIdTokenGeneratorService;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.OAuth20Validator;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder;
import org.apereo.cas.support.oauth.web.views.ConsentApprovalViewResolver;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.accesstoken.AccessTokenFactory;
import org.apereo.cas.ticket.code.OAuthCodeFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.CookieUtils;
import org.pac4j.core.context.J2EContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:org/apereo/cas/oidc/web/controllers/OidcAuthorizeEndpointController.class */
public class OidcAuthorizeEndpointController extends OAuth20AuthorizeEndpointController {
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcAuthorizeEndpointController.class);
    private final OidcIdTokenGeneratorService idTokenGenerator;

    public OidcAuthorizeEndpointController(ServicesManager servicesManager, TicketRegistry ticketRegistry, OAuth20Validator oAuth20Validator, AccessTokenFactory accessTokenFactory, PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, OAuthCodeFactory oAuthCodeFactory, ConsentApprovalViewResolver consentApprovalViewResolver, OidcIdTokenGeneratorService oidcIdTokenGeneratorService, OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, CasConfigurationProperties casConfigurationProperties, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, OAuth20CasAuthenticationBuilder oAuth20CasAuthenticationBuilder) {
        super(servicesManager, ticketRegistry, oAuth20Validator, accessTokenFactory, principalFactory, serviceFactory, oAuthCodeFactory, consentApprovalViewResolver, oAuth20ProfileScopeToAttributesFilter, casConfigurationProperties, cookieRetrievingCookieGenerator, oAuth20CasAuthenticationBuilder);
        this.idTokenGenerator = oidcIdTokenGeneratorService;
    }

    @GetMapping({"/oidc/authorize"})
    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Collection requestedScopes = OAuth20Utils.getRequestedScopes(httpServletRequest);
        if (requestedScopes.isEmpty() || !requestedScopes.contains("openid")) {
            LOGGER.warn("Provided scopes [{}] are undefined by OpenID Connect, which requires that scope [{}] MUST be specified, or the behavior is unspecified. CAS MAY allow this request to be processed for now.", requestedScopes, "openid");
        }
        return super.handleRequest(httpServletRequest, httpServletResponse);
    }

    protected OAuthRegisteredService getRegisteredServiceByClientId(String str) {
        OAuthRegisteredService registeredServiceByClientId = super.getRegisteredServiceByClientId(str);
        this.scopeToAttributesFilter.reconcile(registeredServiceByClientId);
        return registeredServiceByClientId;
    }

    protected String buildCallbackUrlForTokenResponseType(J2EContext j2EContext, Authentication authentication, Service service, String str, String str2, String str3) {
        if (!OAuth20Utils.isResponseType(str2, OAuth20ResponseTypes.IDTOKEN_TOKEN)) {
            return super.buildCallbackUrlForTokenResponseType(j2EContext, authentication, service, str, str2, str3);
        }
        LOGGER.debug("Handling callback for response type [{}]", str2);
        return buildCallbackUrlForImplicitTokenResponseType(j2EContext, authentication, service, str, str3, OAuth20ResponseTypes.IDTOKEN_TOKEN, CookieUtils.getTicketGrantingTicketFromRequest(this.ticketGrantingTicketCookieGenerator, this.ticketRegistry, j2EContext.getRequest()));
    }

    private String buildCallbackUrlForImplicitTokenResponseType(J2EContext j2EContext, Authentication authentication, Service service, String str, String str2, OAuth20ResponseTypes oAuth20ResponseTypes, TicketGrantingTicket ticketGrantingTicket) {
        try {
            OAuthRegisteredService oAuthRegisteredService = (OidcRegisteredService) OAuth20Utils.getRegisteredOAuthService(this.servicesManager, str2);
            AccessToken generateAccessToken = generateAccessToken(new AccessTokenRequestDataHolder(service, authentication, oAuthRegisteredService, ticketGrantingTicket));
            LOGGER.debug("Generated OAuth access token: [{}]", generateAccessToken);
            String generate = this.idTokenGenerator.generate(j2EContext.getRequest(), j2EContext.getResponse(), generateAccessToken, this.casProperties.getTicket().getTgt().getTimeToKillInSeconds(), oAuth20ResponseTypes, oAuthRegisteredService);
            LOGGER.debug("Generated id token [{}]", generate);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("id_token", generate));
            return buildCallbackUrlResponseType(authentication, service, str, generateAccessToken, arrayList);
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
