package org.apereo.cas.support.oauth.validator.authorization;

import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.util.HttpRequestUtils;
import org.pac4j.core.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.3.7.4.jar:org/apereo/cas/support/oauth/validator/authorization/OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator.class */
public class OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator implements OAuth20AuthorizationRequestValidator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator.class);
    protected final ServicesManager servicesManager;
    protected final ServiceFactory<WebApplicationService> webApplicationServiceServiceFactory;
    protected final AuditableExecution registeredServiceAccessStrategyEnforcer;
    private int order = Integer.MAX_VALUE;

    @Override // org.apereo.cas.support.oauth.validator.OAuth20RequestValidator
    public boolean validate(JEEContext jEEContext) {
        HttpServletRequest nativeRequest = jEEContext.getNativeRequest();
        if (!Stream.of((Object[]) new String[]{"client_id", "redirect_uri", "response_type"}).allMatch(str -> {
            return HttpRequestUtils.doesParameterExist(nativeRequest, str);
        })) {
            LOGGER.warn("Missing required parameters (client id, redirect uri, etc) for response type [{}].", getResponseType());
            return false;
        }
        if (StringUtils.isNotBlank(nativeRequest.getParameter("request"))) {
            LOGGER.warn("Self-contained authentication requests as JWTs are not accepted");
            return false;
        }
        String parameter = nativeRequest.getParameter("response_type");
        if (!OAuth20Utils.checkResponseTypes(parameter, OAuth20ResponseTypes.values())) {
            LOGGER.warn("Response type [{}] is not found in the list of supported values [{}].", parameter, OAuth20ResponseTypes.values());
            return false;
        }
        String parameter2 = nativeRequest.getParameter("client_id");
        LOGGER.debug("Locating registered service for client id [{}]", parameter2);
        OAuthRegisteredService registeredServiceByClientId = getRegisteredServiceByClientId(parameter2);
        if (this.registeredServiceAccessStrategyEnforcer.execute(AuditableContext.builder().registeredService(registeredServiceByClientId).build()).isExecutionFailure()) {
            LOGGER.warn("Registered service [{}] is not found or is not authorized for access.", registeredServiceByClientId);
            return false;
        }
        String parameter3 = nativeRequest.getParameter("redirect_uri");
        if (OAuth20Utils.checkCallbackValid(registeredServiceByClientId, parameter3)) {
            return OAuth20Utils.isAuthorizedResponseTypeForService(jEEContext, registeredServiceByClientId);
        }
        LOGGER.warn("Callback URL [{}] is not authorized for registered service [{}].", parameter3, registeredServiceByClientId);
        return false;
    }

    protected OAuthRegisteredService getRegisteredServiceByClientId(String str) {
        return OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, str);
    }

    @Override // org.apereo.cas.support.oauth.validator.OAuth20RequestValidator
    public boolean supports(JEEContext jEEContext) {
        return OAuth20Utils.isResponseType((String) jEEContext.getRequestParameter("response_type").map((v0) -> {
            return String.valueOf(v0);
        }).orElse(""), getResponseType());
    }

    public OAuth20ResponseTypes getResponseType() {
        return OAuth20ResponseTypes.CODE;
    }

    @Generated
    public OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, AuditableExecution auditableExecution) {
        this.servicesManager = servicesManager;
        this.webApplicationServiceServiceFactory = serviceFactory;
        this.registeredServiceAccessStrategyEnforcer = auditableExecution;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }

    @Generated
    public ServiceFactory<WebApplicationService> getWebApplicationServiceServiceFactory() {
        return this.webApplicationServiceServiceFactory;
    }

    @Generated
    public AuditableExecution getRegisteredServiceAccessStrategyEnforcer() {
        return this.registeredServiceAccessStrategyEnforcer;
    }

    @Override // org.springframework.core.Ordered
    @Generated
    public int getOrder() {
        return this.order;
    }

    @Generated
    public void setOrder(int i) {
        this.order = i;
    }
}
