package org.apereo.cas.oidc.ticket;

import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.validator.authorization.BaseOAuth20AuthorizationRequestValidator;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.function.FunctionUtils;
import org.pac4j.core.context.WebContext;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oidc-core-api-6.6.15.jar:org/apereo/cas/oidc/ticket/OidcPushedAuthorizationRequestValidator.class */
public class OidcPushedAuthorizationRequestValidator extends BaseOAuth20AuthorizationRequestValidator {
    private final TicketRegistry ticketRegistry;
    private final TicketFactory ticketFactory;

    public OidcPushedAuthorizationRequestValidator(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, AuditableExecution auditableExecution, TicketRegistry ticketRegistry, TicketFactory ticketFactory, OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
        super(servicesManager, serviceFactory, auditableExecution, oAuth20RequestParameterResolver);
        this.ticketRegistry = ticketRegistry;
        this.ticketFactory = ticketFactory;
    }

    @Override // org.apereo.cas.support.oauth.validator.OAuth20RequestValidator
    public boolean validate(WebContext webContext) throws Exception {
        return ((Boolean) FunctionUtils.doAndHandle(() -> {
            AccessTokenRequestContext accessTokenRequest = ((OidcPushedAuthorizationRequestFactory) this.ticketFactory.get(OidcPushedAuthorizationRequest.class)).toAccessTokenRequest((OidcPushedAuthorizationRequest) this.ticketRegistry.getTicket(webContext.getRequestParameter(OidcConstants.REQUEST_URI).get(), OidcPushedAuthorizationRequest.class));
            webContext.setRequestAttribute(OidcPushedAuthorizationRequest.class.getName(), accessTokenRequest);
            return Boolean.valueOf(getClientIdFromRequest(webContext).equals(accessTokenRequest.getClientId()) && verifyRegisteredServiceByClientId(webContext, accessTokenRequest.getClientId()) != null);
        }, th -> {
            return false;
        }).get()).booleanValue();
    }

    @Override // org.apereo.cas.support.oauth.validator.OAuth20RequestValidator
    public boolean supports(WebContext webContext) {
        return webContext.getRequestParameter("client_id").isPresent() && webContext.getRequestParameter(OidcConstants.REQUEST_URI).isPresent();
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return 0;
    }
}
