package leap.oauth2.as.endpoint.authorize;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.core.validation.Validation;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.http.QueryStringBuilder;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.lang.net.Urls;
import leap.oauth2.OAuth2Errors;
import leap.oauth2.OAuth2Params;
import leap.oauth2.as.OAuth2AuthzServerConfig;
import leap.oauth2.as.authc.AuthzAuthentication;
import leap.oauth2.as.client.AuthzClient;
import leap.oauth2.as.client.AuthzClientManager;
import leap.web.Request;
import leap.web.Response;

/* loaded from: input_file:leap/oauth2/as/endpoint/authorize/AbstractResponseTypeHandler.class */
public abstract class AbstractResponseTypeHandler implements ResponseTypeHandler {
    private static final Log log = LogFactory.get(AbstractResponseTypeHandler.class);

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected AuthzClientManager clientManager;

    @Inject
    protected Oauth2RedirectHandler[] handlers;

    @Override // leap.oauth2.as.endpoint.authorize.ResponseTypeHandler
    public Result<AuthzClient> validateRequest(Request request, Response response, OAuth2Params oAuth2Params) throws Throwable {
        Validation validation = request.getValidation();
        String clientId = oAuth2Params.getClientId();
        if (Strings.isEmpty(clientId)) {
            log.debug("error : client_id required");
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "client_id required");
            request.forwardToView(this.config.getErrorView());
            return Result.intercepted();
        }
        String redirectUri = oAuth2Params.getRedirectUri();
        if (Strings.isEmpty(redirectUri)) {
            log.debug("error : redirect_uri required");
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "redirect_uri required");
            request.forwardToView(this.config.getErrorView());
            return Result.intercepted();
        }
        AuthzClient loadClientById = this.clientManager.loadClientById(clientId);
        if (null == loadClientById) {
            log.debug("error : client_id {} not found", new Object[]{clientId});
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "invalid client_id");
            request.forwardToView(this.config.getErrorView());
            return Result.intercepted();
        }
        if (!loadClientById.isEnabled()) {
            log.debug("error : client '{}' disabled", new Object[]{clientId});
            validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "client disabled");
            request.forwardToView(this.config.getErrorView());
            return Result.intercepted();
        }
        if (loadClientById.acceptsRedirectUri(redirectUri)) {
            return Result.of(loadClientById);
        }
        log.debug("error : mismatch redirect_uri '{}' of client '{}'", new Object[]{redirectUri, clientId});
        validation.addError(OAuth2Errors.ERROR_INVALID_REQUEST, "invalid redirect_uri");
        request.forwardToView(this.config.getErrorView());
        return Result.intercepted();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendSuccessRedirect(Request request, Response response, AuthzAuthentication authzAuthentication, Map<String, String> map) {
        String state = authzAuthentication.getParams().getState();
        if (!Strings.isEmpty(state)) {
            map.put(OAuth2Params.STATE, state);
        }
        for (Oauth2RedirectHandler oauth2RedirectHandler : this.handlers) {
            if (!oauth2RedirectHandler.onOauth2LoginSuccessRedirect(request, response, authzAuthentication, map)) {
                return;
            }
        }
        QueryStringBuilder queryStringBuilder = new QueryStringBuilder(request.getCharacterEncoding());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            queryStringBuilder.add(entry.getKey(), entry.getValue());
        }
        response.sendRedirect(Urls.appendQueryString(authzAuthentication.getRedirectUri(), queryStringBuilder.build()));
    }
}
