package net.trajano.openidconnect.provider.endpoints;

import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.ejb.EJB;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import net.trajano.openidconnect.auth.AuthenticationRequest;
import net.trajano.openidconnect.auth.Prompt;
import net.trajano.openidconnect.core.ErrorCode;
import net.trajano.openidconnect.core.ErrorResponse;
import net.trajano.openidconnect.core.OpenIdConnectException;
import net.trajano.openidconnect.core.OpenIdConnectKey;
import net.trajano.openidconnect.core.RedirectedOpenIdProviderException;
import net.trajano.openidconnect.crypto.JsonWebTokenBuilder;
import net.trajano.openidconnect.provider.spi.AuthenticationResponseProvider;
import net.trajano.openidconnect.provider.spi.Authenticator;
import net.trajano.openidconnect.provider.spi.ClientManager;
import net.trajano.openidconnect.provider.spi.Consent;
import net.trajano.openidconnect.provider.spi.KeyProvider;
import net.trajano.openidconnect.provider.spi.TokenProvider;

@Path("auth")
/* loaded from: input_file:WEB-INF/lib/openid-connect-provider-1.0.1.jar:net/trajano/openidconnect/provider/endpoints/AuthorizationEndpoint.class */
public class AuthorizationEndpoint {

    @EJB
    private AuthenticationResponseProvider arp;
    private Authenticator authenticator;
    private ClientManager clientManager;
    private KeyProvider keyProvider;

    @Context
    private Providers providers;

    @EJB
    private TokenProvider tp;

    @Context
    private UriInfo uriInfo;

    @GET
    public Response getOp(@Context HttpServletRequest httpServletRequest) throws IOException, GeneralSecurityException {
        return op(httpServletRequest);
    }

    @POST
    @Consumes({"application/x-www-form-urlencoded"})
    public Response op(@Context HttpServletRequest httpServletRequest) throws IOException, GeneralSecurityException {
        AuthenticationRequest authenticationRequest = new AuthenticationRequest(httpServletRequest, this.keyProvider.getPrivateJwks());
        if (!this.clientManager.isRedirectUriValidForClient(authenticationRequest.getClientId(), authenticationRequest.getRedirectUri())) {
            throw new OpenIdConnectException(ErrorCode.invalid_grant, "redirect URI is not supported for the client");
        }
        boolean isAuthenticated = this.authenticator.isAuthenticated(httpServletRequest);
        if (!isAuthenticated && authenticationRequest.getPrompts().contains(Prompt.none)) {
            throw new RedirectedOpenIdProviderException(authenticationRequest, new ErrorResponse(ErrorCode.login_required));
        }
        boolean z = this.clientManager.isImplicitConsent(authenticationRequest.getClientId()) || this.tp.getByConsent(new Consent(this.authenticator.getSubject(httpServletRequest), authenticationRequest.getClientId(), authenticationRequest.getScopes())) != null;
        if (!z && authenticationRequest.getPrompts().contains(Prompt.none)) {
            throw new RedirectedOpenIdProviderException(authenticationRequest, new ErrorResponse(ErrorCode.consent_required));
        }
        String parameter = httpServletRequest.getParameter(OpenIdConnectKey.REQUEST);
        if (parameter == null) {
            parameter = new JsonWebTokenBuilder().payload(authenticationRequest.toJsonObject()).compress(true).toString();
        }
        UriBuilder replacePath = this.uriInfo.getBaseUriBuilder().replacePath(httpServletRequest.getContextPath());
        return !isAuthenticated ? Response.temporaryRedirect(this.authenticator.authenticate(authenticationRequest, parameter, httpServletRequest, replacePath)).build() : !z ? Response.temporaryRedirect(this.authenticator.consent(authenticationRequest, parameter, httpServletRequest, replacePath)).build() : this.arp.buildResponse(parameter, httpServletRequest, this.authenticator.getSubject(httpServletRequest));
    }

    @EJB
    public void setAuthenticator(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    @EJB
    public void setClientManager(ClientManager clientManager) {
        this.clientManager = clientManager;
    }

    @EJB
    public void setKeyProvider(KeyProvider keyProvider) {
        this.keyProvider = keyProvider;
    }
}
