package org.apereo.cas.oidc.web.controllers.authorize;

import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.oidc.OidcConfigurationContext;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/web/controllers/authorize/OidcAuthorizeEndpointController.class */
public class OidcAuthorizeEndpointController extends OAuth20AuthorizeEndpointController<OidcConfigurationContext> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OidcAuthorizeEndpointController.class);

    public OidcAuthorizeEndpointController(OidcConfigurationContext oidcConfigurationContext) {
        super(oidcConfigurationContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController
    @GetMapping({"/oidc/authorize", "/**/oidcAuthorize"})
    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        JEEContext jEEContext = new JEEContext(httpServletRequest, httpServletResponse);
        if (!((OidcConfigurationContext) getConfigurationContext()).getIssuerService().validateIssuer(jEEContext, OidcConstants.AUTHORIZE_URL)) {
            LOGGER.warn("CAS cannot accept the authorization request given the issuer is invalid.");
            return OAuth20Utils.writeError(httpServletResponse, "invalid_request", "Invalid issuer");
        }
        if (((OidcConfigurationContext) getConfigurationContext()).getDiscoverySettings().isRequirePushedAuthorizationRequests() && jEEContext.getRequestURL().endsWith(OidcConstants.AUTHORIZE_URL) && StringUtils.isBlank(httpServletRequest.getParameter(OidcConstants.REQUEST_URI))) {
            LOGGER.warn("CAS is configured to only accept pushed authorization requests");
            return OAuth20Utils.produceUnauthorizedErrorView(HttpStatus.FORBIDDEN);
        }
        Collection<String> resolveRequestedScopes = ((OidcConfigurationContext) getConfigurationContext()).getRequestParameterResolver().resolveRequestedScopes(jEEContext);
        if (resolveRequestedScopes.isEmpty() || !resolveRequestedScopes.contains(OidcConstants.StandardScopes.OPENID.getScope())) {
            LOGGER.warn("Provided scopes [{}] are undefined by OpenID Connect, which requires that scope [{}] MUST be specified, or the behavior is unspecified. CAS MAY allow this request to be processed for now.", resolveRequestedScopes, OidcConstants.StandardScopes.OPENID.getScope());
        }
        return super.handleRequest(httpServletRequest, httpServletResponse);
    }

    @Override // org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController
    @PostMapping({"/oidc/authorize", "/**/oidcAuthorize"})
    public ModelAndView handleRequestPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return handleRequest(httpServletRequest, httpServletResponse);
    }
}
