package org.apereo.cas.support.oauth.services;

import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apereo.cas.authentication.BaseAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.util.LoggingUtils;
import org.jooq.lambda.Unchecked;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.14.jar:org/apereo/cas/support/oauth/services/OAuth20AuthenticationServiceSelectionStrategy.class */
public class OAuth20AuthenticationServiceSelectionStrategy extends BaseAuthenticationServiceSelectionStrategy {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20AuthenticationServiceSelectionStrategy.class);
    private static final long serialVersionUID = 8517547235465666978L;
    private final String callbackUrl;
    private final OAuth20RequestParameterResolver requestParameterResolver;

    public OAuth20AuthenticationServiceSelectionStrategy(ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, String str, OAuth20RequestParameterResolver oAuth20RequestParameterResolver) {
        super(servicesManager, serviceFactory);
        this.callbackUrl = str;
        this.requestParameterResolver = oAuth20RequestParameterResolver;
    }

    @Override // org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy
    public Service resolveServiceFrom(Service service) {
        Optional<NameValuePair> resolveClientIdFromService = resolveClientIdFromService(service);
        if (resolveClientIdFromService.isPresent()) {
            service.getAttributes().computeIfAbsent("client_id", str -> {
                return CollectionUtils.wrapList(((NameValuePair) resolveClientIdFromService.get()).getValue());
            });
            Optional<NameValuePair> resolveRedirectUri = resolveRedirectUri(service);
            if (resolveRedirectUri.isPresent()) {
                return createService(resolveRedirectUri.get().getValue(), service);
            }
            Optional<NameValuePair> resolveGrantType = resolveGrantType(service);
            if (resolveGrantType.isPresent()) {
                String str2 = "";
                String value = resolveGrantType.get().getValue();
                if (OAuth20Utils.isGrantType(value, OAuth20GrantTypes.CLIENT_CREDENTIALS)) {
                    LOGGER.debug("Located grant type [{}]; checking for service headers", value);
                    str2 = OAuth20Utils.getServiceRequestHeaderIfAny(new JEEContext(HttpRequestUtils.getHttpServletRequestFromRequestAttributes(), HttpRequestUtils.getHttpServletResponseFromRequestAttributes()));
                }
                if (StringUtils.isBlank(str2)) {
                    str2 = resolveClientIdFromService.get().getValue();
                }
                LOGGER.debug("Built web application service based on identifier [{}]", str2);
                return createService(str2, service);
            }
        }
        return service;
    }

    @Override // org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy
    public boolean supports(Service service) {
        boolean z = getServicesManager().findServiceBy(service) != null && service.getId().startsWith(this.callbackUrl);
        LOGGER.trace(String.format("Authentication request is%s identified as an OAuth request", BooleanUtils.toString(z, "", " not")));
        return z;
    }

    private Optional<NameValuePair> resolveRedirectUri(Service service) {
        return getRequestParameter(service, "redirect_uri");
    }

    private Optional<NameValuePair> resolveGrantType(Service service) {
        return getRequestParameter(service, "grant_type");
    }

    private Optional<NameValuePair> resolveClientIdFromService(Service service) {
        return getRequestParameter(service, "client_id");
    }

    private Optional<NameValuePair> getRequestParameter(Service service, String str) {
        try {
            return getJwtRequestParameter(service, str).or(Unchecked.supplier(() -> {
                return new URIBuilder(service.getId()).getQueryParams().stream().filter(nameValuePair -> {
                    return nameValuePair.getName().equals(str);
                }).map((v0) -> {
                    return v0.getValue();
                }).findFirst();
            })).map(str2 -> {
                return new BasicNameValuePair(str, str2);
            });
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return Optional.empty();
        }
    }

    private Optional<String> getJwtRequestParameter(Service service, String str) throws Exception {
        if (!service.getAttributes().containsKey("request")) {
            return Optional.empty();
        }
        return Optional.of((String) this.requestParameterResolver.resolveJwtRequestParameter((String) service.getAttributes().get("request").get(0), getServicesManager().findServiceBy(service), str, String.class));
    }

    @Generated
    public String getCallbackUrl() {
        return this.callbackUrl;
    }

    @Generated
    public OAuth20RequestParameterResolver getRequestParameterResolver() {
        return this.requestParameterResolver;
    }
}
