package com.predic8.membrane.core.interceptor.oauth2.processors;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.ClaimRenamer;
import com.predic8.membrane.core.interceptor.oauth2.ConsentPageFile;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.ParamNames;
import com.predic8.membrane.core.interceptor.oauth2.flows.CodeFlow;
import com.predic8.membrane.core.interceptor.oauth2.flows.IdTokenTokenFlow;
import com.predic8.membrane.core.interceptor.oauth2.flows.TokenFlow;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import com.predic8.membrane.core.util.functionalInterfaces.Function;
import java.io.UnsupportedEncodingException;
import java.util.HashSet;
import java.util.Iterator;

/* loaded from: input_file:lib/service-proxy-core-4.2.3.jar:com/predic8/membrane/core/interceptor/oauth2/processors/EmptyEndpointProcessor.class */
public class EmptyEndpointProcessor extends EndpointProcessor {
    public EmptyEndpointProcessor(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor) {
        super(oAuth2AuthorizationServerInterceptor);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.processors.EndpointProcessor
    public boolean isResponsible(Exchange exchange) {
        SessionManager.Session session = this.authServer.getSessionManager().getSession(exchange);
        return (exchange.getRequestURI().equals("/") || exchange.getRequestURI().startsWith("/?")) && session != null && (session.isPreAuthorized() || session.isAuthorized());
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.processors.EndpointProcessor
    public Outcome process(Exchange exchange) throws Exception {
        SessionManager.Session orCreateSession = this.authServer.getSessionManager().getOrCreateSession(exchange);
        synchronized (orCreateSession) {
            if (!OAuth2Util.isOpenIdScope(orCreateSession.getUserAttributes().get("scope"))) {
                orCreateSession.getUserAttributes().put("consent", "true");
            }
            if (!orCreateSession.getUserAttributes().containsKey("consent")) {
                addConsentPageDataToSession(orCreateSession);
                return redirectToConsentPage(exchange);
            }
            if (!orCreateSession.getUserAttributes().get("consent").equals("true")) {
                exchange.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exchange, this.jsonGen, "error", "consent_required"));
                return Outcome.RETURN;
            }
            orCreateSession.authorize();
            return startOAuth2Flow(exchange, orCreateSession);
        }
    }

    private Outcome startOAuth2Flow(Exchange exchange, SessionManager.Session session) throws Exception {
        if (getResponseType(session).equals(ParamNames.CODE)) {
            return new CodeFlow(this.authServer, exchange, session).getResponse();
        }
        if (getResponseType(session).equals("token")) {
            this.authServer.getStatistics().implicitFlow();
            return new TokenFlow(this.authServer, exchange, session).getResponse();
        }
        if (getResponseType(session).equals("id_token token")) {
            return new IdTokenTokenFlow(this.authServer, exchange, session).getResponse();
        }
        exchange.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exchange, this.jsonGen, "error", "unsupported_response_type"));
        return Outcome.RETURN;
    }

    private void addConsentPageDataToSession(SessionManager.Session session) throws UnsupportedEncodingException {
        session.getUserAttributes().put(ConsentPageFile.PRODUCT_NAME, this.authServer.getConsentPageFile().getProductName());
        session.getUserAttributes().put(ConsentPageFile.LOGO_URL, this.authServer.getConsentPageFile().getLogoUrl());
        session.getUserAttributes().put(ConsentPageFile.SCOPE_DESCRIPTIONS, getScopeDescriptions(session.getUserAttributes().get("scope").split(" ")));
        session.getUserAttributes().put(ConsentPageFile.CLAIM_DESCRIPTIONS, getClaimDescriptions(processClaimsParameterToClaimsString(session.getUserAttributes().get("claims"))));
    }

    private String[] processClaimsParameterToClaimsString(String str) {
        ClaimsParameter claimsParameter = new ClaimsParameter(this.authServer.getClaimList().getSupportedClaims(), str);
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = claimsParameter.getUserinfoClaims().iterator();
        while (it.hasNext()) {
            sb.append(" ").append(it.next());
        }
        Iterator<String> it2 = claimsParameter.getIdTokenClaims().iterator();
        while (it2.hasNext()) {
            sb.append(" ").append(it2.next());
        }
        return sb.toString().trim().split(" ");
    }

    private String getClaimDescriptions(String[] strArr) throws UnsupportedEncodingException {
        return createDescription(strArr, new Function<String, String>() { // from class: com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor.1
            @Override // com.predic8.membrane.core.util.functionalInterfaces.Function
            public String call(String str) {
                return ClaimRenamer.convert(str);
            }
        }, new Function<String, String>() { // from class: com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor.2
            @Override // com.predic8.membrane.core.util.functionalInterfaces.Function
            public String call(String str) {
                return EmptyEndpointProcessor.this.authServer.getConsentPageFile().convertClaim(ClaimRenamer.convert(str));
            }
        });
    }

    private String getScopeDescriptions(String[] strArr) throws UnsupportedEncodingException {
        return createDescription(strArr, new Function<String, String>() { // from class: com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor.3
            @Override // com.predic8.membrane.core.util.functionalInterfaces.Function
            public String call(String str) {
                return str.equals("openid") ? "" : str;
            }
        }, new Function<String, String>() { // from class: com.predic8.membrane.core.interceptor.oauth2.processors.EmptyEndpointProcessor.4
            @Override // com.predic8.membrane.core.util.functionalInterfaces.Function
            public String call(String str) {
                return EmptyEndpointProcessor.this.authServer.getConsentPageFile().convertScope(str);
            }
        });
    }

    private String createDescription(String[] strArr, Function<String, String> function, Function<String, String> function2) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            String call = function.call(str);
            if (!call.isEmpty() && !hashSet.contains(call)) {
                hashSet.add(call);
                sb.append(" ").append(call).append(" ").append(OAuth2Util.urlencode(function2.call(str)));
            }
        }
        return sb.toString().trim();
    }

    private Outcome redirectToConsentPage(Exchange exchange) {
        exchange.setResponse(Response.redirect("/login/consent", false).dontCache().bodyEmpty().build());
        return Outcome.RETURN;
    }

    protected static String getResponseType(SessionManager.Session session) {
        String str;
        synchronized (session) {
            str = session.getUserAttributes().get(ParamNames.RESPONSE_TYPE);
        }
        return str;
    }
}
