package fish.payara.security.openid.controller;

import fish.payara.security.openid.OpenIdUtil;
import fish.payara.security.openid.api.OpenIdState;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import fish.payara.security.openid.domain.OpenIdNonce;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:MICRO-INF/runtime/security-connector-oidc-client.jar:fish/payara/security/openid/controller/AuthenticationController.class */
public class AuthenticationController {

    @Inject
    private StateController stateController;

    @Inject
    private NonceController nonceController;

    @Inject
    private OpenIdConfiguration configuration;
    private static final Logger LOGGER = Logger.getLogger(AuthenticationController.class.getName());

    public AuthenticationStatus authenticateUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UriBuilder queryParam = UriBuilder.fromUri(this.configuration.getProviderMetadata().getAuthorizationEndpoint()).queryParam("scope", this.configuration.getScopes()).queryParam("response_type", this.configuration.getResponseType()).queryParam("client_id", this.configuration.getClientId()).queryParam("redirect_uri", this.configuration.buildRedirectURI(httpServletRequest));
        OpenIdState openIdState = new OpenIdState();
        queryParam.queryParam("state", openIdState.getValue());
        this.stateController.store(openIdState, this.configuration, httpServletRequest, httpServletResponse);
        if (this.configuration.isUseNonce()) {
            OpenIdNonce openIdNonce = new OpenIdNonce();
            queryParam.queryParam("nonce", this.nonceController.getNonceHash(openIdNonce));
            this.nonceController.store(openIdNonce, this.configuration, httpServletRequest, httpServletResponse);
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getResponseMode())) {
            queryParam.queryParam("response_mode", this.configuration.getResponseMode());
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getDisplay())) {
            queryParam.queryParam("display", this.configuration.getDisplay());
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getPrompt())) {
            queryParam.queryParam("prompt", this.configuration.getPrompt());
        }
        this.configuration.getExtraParameters().forEach((str, list) -> {
            list.stream().forEach(str -> {
                queryParam.queryParam(str, str);
            });
        });
        String obj = queryParam.toString();
        LOGGER.log(Level.FINEST, "Redirecting for authentication to {0}", obj);
        try {
            httpServletResponse.sendRedirect(obj);
            return AuthenticationStatus.SEND_CONTINUE;
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }
}
