package net.shibboleth.oidc.profile.encoding.impl;

import com.google.common.base.Predicates;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.profile.core.OIDCAuthenticationRequest;
import net.shibboleth.oidc.profile.encoding.AuthenticationContextClassReferenceSupport;
import net.shibboleth.oidc.profile.encoding.OIDCMessageEncoder;
import net.shibboleth.shared.collection.Pair;
import net.shibboleth.shared.net.URLBuilder;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.messaging.encoder.servlet.AbstractHttpServletResponseMessageEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/oidc/profile/encoding/impl/AbstractOIDCMessageEncoder.class */
public abstract class AbstractOIDCMessageEncoder extends AbstractHttpServletResponseMessageEncoder implements OIDCMessageEncoder {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractOIDCMessageEncoder.class);

    @Nonnull
    private Predicate<List<Pair<String, String>>> authorizationParamsAreValidPredicate = Predicates.alwaysTrue();

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractOIDCMessageEncoder() {
        setProtocolMessageLoggerSubCategory("OAUTH2");
    }

    public void setAuthorizationParamsAreValidPredicate(@Nullable Predicate<List<Pair<String, String>>> predicate) {
        ifInitializedThrowUnmodifiabledComponentException();
        ifDestroyedThrowDestroyedComponentException();
        if (predicate != null) {
            this.authorizationParamsAreValidPredicate = predicate;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void serializeAuthorizationParamsToUrl(@Nonnull OIDCAuthenticationRequest oIDCAuthenticationRequest, @Nonnull URLBuilder uRLBuilder) throws MessageEncodingException {
        createParametersFromRequest(oIDCAuthenticationRequest).forEach(pair -> {
            uRLBuilder.getQueryParams().add(pair);
        });
    }

    protected String serializeAuthorizationParamsToQueryString(@Nonnull OIDCAuthenticationRequest oIDCAuthenticationRequest) throws MessageEncodingException {
        URLBuilder uRLBuilder = new URLBuilder();
        createParametersFromRequest(oIDCAuthenticationRequest).forEach(pair -> {
            uRLBuilder.getQueryParams().add(pair);
        });
        return uRLBuilder.buildQueryString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public List<Pair<String, String>> createParametersFromRequest(@Nonnull OIDCAuthenticationRequest oIDCAuthenticationRequest) throws MessageEncodingException {
        ArrayList arrayList = new ArrayList();
        if (oIDCAuthenticationRequest.getRequestObject() != null) {
            createParametersFromRequestWithRequestObject(arrayList, oIDCAuthenticationRequest);
        } else {
            createParametersFromRequestWithoutRequestObject(arrayList, oIDCAuthenticationRequest);
        }
        return arrayList;
    }

    private void createParametersFromRequestWithRequestObject(@Nonnull List<Pair<String, String>> list, @Nonnull OIDCAuthenticationRequest oIDCAuthenticationRequest) throws MessageEncodingException {
        list.add(new Pair<>("client_id", oIDCAuthenticationRequest.getClientID().getValue()));
        if (oIDCAuthenticationRequest.getResponseType() != null) {
            list.add(new Pair<>("response_type", oIDCAuthenticationRequest.getResponseType().toString()));
        }
        list.add(new Pair<>("scope", oIDCAuthenticationRequest.getScope().toString()));
        if (oIDCAuthenticationRequest.getDefaultResponseMode() != null && !oIDCAuthenticationRequest.getDefaultResponseMode().equals(oIDCAuthenticationRequest.getResponseMode())) {
            list.add(new Pair<>("response_mode", oIDCAuthenticationRequest.getResponseMode().getValue()));
        }
        if (oIDCAuthenticationRequest.getRequestObject() != null) {
            try {
                list.add(new Pair<>("request", oIDCAuthenticationRequest.getRequestObject().serialize()));
            } catch (IllegalStateException e) {
                throw new MessageEncodingException("Couldn't serialize request object to JWT: " + e.getMessage(), e);
            }
        }
        if (!validateParams(list)) {
            throw new MessageEncodingException("Authorization parameters are not valid");
        }
    }

    private void createParametersFromRequestWithoutRequestObject(@Nonnull List<Pair<String, String>> list, @Nonnull OIDCAuthenticationRequest oIDCAuthenticationRequest) throws MessageEncodingException {
        list.add(new Pair<>("client_id", oIDCAuthenticationRequest.getClientID().getValue()));
        if (oIDCAuthenticationRequest.getResponseType() != null) {
            list.add(new Pair<>("response_type", oIDCAuthenticationRequest.getResponseType().toString()));
        }
        list.add(new Pair<>("scope", oIDCAuthenticationRequest.getScope().toString()));
        if (oIDCAuthenticationRequest.getDefaultResponseMode() != null && !oIDCAuthenticationRequest.getDefaultResponseMode().equals(oIDCAuthenticationRequest.getResponseMode())) {
            list.add(new Pair<>("response_mode", oIDCAuthenticationRequest.getResponseMode().getValue()));
        }
        if (oIDCAuthenticationRequest.getRedirectURI() != null) {
            list.add(new Pair<>("redirect_uri", oIDCAuthenticationRequest.getRedirectURI().toString()));
        }
        if (oIDCAuthenticationRequest.getState() != null) {
            list.add(new Pair<>("state", oIDCAuthenticationRequest.getState().getValue()));
        }
        if (oIDCAuthenticationRequest.getPrompt() != null) {
            list.add(new Pair<>("prompt", oIDCAuthenticationRequest.getPrompt().toString()));
        }
        if (oIDCAuthenticationRequest.getNonce() != null) {
            list.add(new Pair<>("nonce", oIDCAuthenticationRequest.getNonce().getValue()));
        }
        if (oIDCAuthenticationRequest.getMaxAge() != null) {
            list.add(new Pair<>("max_age", Long.toString(oIDCAuthenticationRequest.getMaxAge().toSeconds())));
        }
        if (oIDCAuthenticationRequest.getLoginHint() != null) {
            list.add(new Pair<>("login_hint", oIDCAuthenticationRequest.getLoginHint()));
        }
        if (oIDCAuthenticationRequest.providerSupportsClaimsParameter()) {
            AuthenticationContextClassReferenceSupport.buildACRClaimsRequest(oIDCAuthenticationRequest);
            if (oIDCAuthenticationRequest.getRequestedClaims() != null) {
                list.add(new Pair<>("claims", oIDCAuthenticationRequest.getRequestedClaims().toJSONString()));
            }
        }
        if (!oIDCAuthenticationRequest.providerSupportsClaimsParameter() && oIDCAuthenticationRequest.getAcrs() != null && !oIDCAuthenticationRequest.getAcrs().isEmpty()) {
            list.add(new Pair<>("acr_values", String.join(" ", oIDCAuthenticationRequest.getAcrs().stream().map((v0) -> {
                return v0.getValue();
            }).toList())));
        }
        if (!validateParams(list)) {
            throw new MessageEncodingException("Authorization parameters are not valid");
        }
    }

    protected boolean validateParams(List<Pair<String, String>> list) {
        if (!this.authorizationParamsAreValidPredicate.test(list)) {
            return false;
        }
        if (!pairFirstEquals("response_type", list)) {
            this.log.error("Authorization request parameters are invalid, no response_type");
            return false;
        }
        if (!pairFirstEquals("client_id", list)) {
            this.log.error("Authorization request parameters are invalid, no client_id");
            return false;
        }
        if (!pairFirstEquals("scope", list)) {
            this.log.error("Authorization request parameters are invalid, no scope");
            return false;
        }
        if (pairSecondContains("scope", "openid", list)) {
            return true;
        }
        this.log.error("Authorization request parameters are invalid, scope does not contain 'openid'");
        return false;
    }

    private boolean pairFirstEquals(@Nonnull String str, List<Pair<String, String>> list) {
        return list.stream().map((v0) -> {
            return v0.getFirst();
        }).anyMatch(str2 -> {
            return str2.equals(str);
        });
    }

    private boolean pairSecondContains(@Nonnull String str, @Nonnull String str2, List<Pair<String, String>> list) {
        Optional<Pair<String, String>> findFirst = list.stream().filter(pair -> {
            return ((String) pair.getFirst()).equals(str);
        }).findFirst();
        if (findFirst.isEmpty() || findFirst.get().getSecond() == null) {
            return false;
        }
        return ((String) findFirst.get().getSecond()).contains(str2);
    }

    @Nullable
    protected String serializeMessageForLogging(@Nullable Object obj) {
        if (!(obj instanceof OIDCAuthenticationRequest)) {
            return null;
        }
        try {
            return "OIDCAuthenticationRequest{" + ((String) createParametersFromRequest((OIDCAuthenticationRequest) obj).stream().map(pair -> {
                return ((String) pair.getFirst()) + "=" + ((String) pair.getSecond());
            }).collect(Collectors.joining(", "))) + "}";
        } catch (MessageEncodingException e) {
            this.log.trace("Unable to generate serialized message for logging '{}'", e.getMessage());
            return null;
        }
    }
}
