package io.jans.as.server.par.ws.rs;

import io.jans.as.common.model.registration.Client;
import io.jans.as.common.util.RedirectUri;
import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.common.ResponseMode;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponse;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.util.QueryStringDecoder;
import io.jans.as.model.util.Util;
import io.jans.as.persistence.model.Par;
import io.jans.as.server.auth.DpopService;
import io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceValidator;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.service.RedirectUriResponse;
import io.jans.as.server.service.RequestParameterService;
import io.jans.as.server.util.ServerUtil;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HEAD;
import jakarta.ws.rs.OPTIONS;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.ThreadContext;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;

@Path("/par")
/* loaded from: input_file:io/jans/as/server/par/ws/rs/ParRestWebService.class */
public class ParRestWebService {

    @Inject
    private Logger log;

    @Inject
    private ParService parService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private ParValidator parValidator;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private AuthorizeRestWebServiceValidator authorizeRestWebServiceValidator;

    @Inject
    private RequestParameterService requestParameterService;

    @Inject
    private DpopService dpopService;

    @POST
    @Produces({"application/json"})
    public Response requestPushedAuthorizationRequest(@FormParam("scope") String str, @FormParam("response_type") String str2, @FormParam("client_id") String str3, @FormParam("redirect_uri") String str4, @FormParam("state") String str5, @FormParam("response_mode") String str6, @FormParam("nonce") String str7, @FormParam("display") String str8, @FormParam("prompt") String str9, @FormParam("max_age") Integer num, @FormParam("ui_locales") String str10, @FormParam("id_token_hint") String str11, @FormParam("login_hint") String str12, @FormParam("acr_values") String str13, @FormParam("amr_values") String str14, @FormParam("request") String str15, @FormParam("request_uri") String str16, @FormParam("session_id") String str17, @FormParam("origin_headers") String str18, @FormParam("code_challenge") String str19, @FormParam("code_challenge_method") String str20, @FormParam("nbf") String str21, @FormParam("custom_response_headers") String str22, @FormParam("claims") String str23, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context SecurityContext securityContext) {
        try {
            this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.PAR);
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpServletRequest), Action.PAR_REQUEST);
            oAuth2AuditLog.setClientId(str3);
            oAuth2AuditLog.setScope(str);
            String urlDecode = ServerUtil.urlDecode(str);
            String header = httpServletRequest.getHeader("Sec-Token-Binding");
            this.log.debug("Attempting to request PAR: responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, state = {}, request = {}, isSecure = {}, sessionId = {}", new Object[]{str2, str3, urlDecode, str4, str7, str5, str15, Boolean.valueOf(securityContext.isSecure()), str17});
            this.log.debug("Attempting to request PAR: acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", new Object[]{str13, str14, str18, str19, str20, str22, str23, header});
            List fromString = ResponseType.fromString(str2, " ");
            ResponseMode byValue = ResponseMode.getByValue(str6);
            Jwt parseSilently = Jwt.parseSilently(str15);
            String clientId = getClientId(str3, parseSilently);
            Client validateClient = this.authorizeRestWebServiceValidator.validateClient(clientId, str5, true);
            String validateRedirectUri = this.authorizeRestWebServiceValidator.validateRedirectUri(validateClient, getRedirectUri(str4, parseSilently), str5, null, httpServletRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
            RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(validateRedirectUri, fromString, byValue), str5, httpServletRequest, this.errorResponseFactory);
            redirectUriResponse.setFapiCompatible(this.appConfiguration.isFapi());
            this.parValidator.validateRequestUriIsAbsent(str16);
            String dPoPJwkThumbprint = this.dpopService.getDPoPJwkThumbprint(httpServletRequest, validateClient, oAuth2AuditLog);
            Integer parLifetime = validateClient.getAttributes().getParLifetime();
            Par par = new Par();
            par.setDeletable(true);
            par.setTtl(parLifetime);
            par.setExpirationDate(Util.createExpirationDate(parLifetime));
            par.getAttributes().setScope(urlDecode);
            par.getAttributes().setNbf(Util.parseIntegerSilently(str21));
            par.getAttributes().setResponseType(str2);
            par.getAttributes().setClientId(clientId);
            par.getAttributes().setRedirectUri(validateRedirectUri);
            par.getAttributes().setState(str5);
            par.getAttributes().setResponseMode(str6);
            par.getAttributes().setNonce(str7);
            par.getAttributes().setDisplay(str8);
            par.getAttributes().setPrompt(str9);
            par.getAttributes().setMaxAge(num);
            par.getAttributes().setUiLocales(str10);
            par.getAttributes().setIdTokenHint(str11);
            par.getAttributes().setLoginHint(str12);
            par.getAttributes().setAcrValuesStr(str13);
            par.getAttributes().setAmrValuesStr(str14);
            par.getAttributes().setRequest(str15);
            par.getAttributes().setRequestUri(str16);
            par.getAttributes().setSessionId(str17);
            par.getAttributes().setOriginHeaders(str18);
            par.getAttributes().setCodeChallenge(str19);
            par.getAttributes().setCodeChallengeMethod(str20);
            par.getAttributes().setDpopJkt(dPoPJwkThumbprint);
            par.getAttributes().setCustomResponseHeaders(str22);
            par.getAttributes().setClaims(str23);
            par.getAttributes().setCustomParameters(this.requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpServletRequest.getQueryString())));
            this.parValidator.validateRequestObject(redirectUriResponse, par, validateClient);
            this.parValidator.validatePkce(par.getAttributes().getCodeChallenge(), par.getAttributes().getCodeChallengeMethod(), str5);
            this.authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
            this.parService.persist(par);
            ParResponse parResponse = new ParResponse();
            parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
            parResponse.setExpiresIn(par.getTtl());
            String asJson = ServerUtil.asJson(parResponse);
            this.log.debug("Created PAR {}", asJson);
            return Response.status(Response.Status.CREATED).entity(asJson).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (WebApplicationException e) {
            if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
                throw this.errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
            }
            if (this.log.isErrorEnabled()) {
                this.log.error(e.getMessage(), e);
            }
            throw e;
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
        }
    }

    @NotNull
    private ErrorResponse createErrorResponseFromRedirectErrorUri(@NotNull URI uri) {
        RedirectUri redirectUri = new RedirectUri(uri.toString());
        redirectUri.parseQueryString(uri.getQuery());
        ErrorResponse errorResponse = new ErrorResponse();
        String responseParameter = redirectUri.getResponseParameter("error");
        String str = (String) Optional.ofNullable(redirectUri.getResponseParameter("error_description")).map(str2 -> {
            return (String) Optional.ofNullable(ThreadContext.get("X-Correlation-Id")).map(str2 -> {
                return str2.concat(" CorrelationId: " + str2);
            }).orElse(str2);
        }).orElse(null);
        errorResponse.setErrorCode(responseParameter);
        errorResponse.setErrorDescription(str);
        return errorResponse;
    }

    private String getRedirectUri(String str, Jwt jwt) {
        if (StringUtils.isNotBlank(str) || jwt == null) {
            return str;
        }
        String claimAsString = jwt.getClaims().getClaimAsString("redirect_uri");
        this.log.trace("redirectUriFromJwt: {}", claimAsString);
        return claimAsString;
    }

    private String getClientId(String str, Jwt jwt) {
        if (StringUtils.isNotBlank(str) || jwt == null) {
            return str;
        }
        String claimAsString = jwt.getClaims().getClaimAsString("client_id");
        this.log.trace("clientIdFromJwt: {}", claimAsString);
        return claimAsString;
    }

    @PUT
    public Response unsupportedPutMethod() {
        this.log.error("PUT method is not allowed");
        throw new WebApplicationException(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("GET Method Not Allowed").build());
    }

    @GET
    public Response unsupportedGetMethod() {
        this.log.error("GET method is not allowed");
        throw new WebApplicationException(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("GET Method Not Allowed").build());
    }

    @HEAD
    public Response unsupportedHeadMethod() {
        this.log.error("HEAD method is not allowed");
        throw new WebApplicationException(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("HEAD Method Not Allowed").build());
    }

    @OPTIONS
    public Response unsupportedOptionsMethod() {
        this.log.error("OPTIONS method is not allowed");
        throw new WebApplicationException(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity("OPTIONS Method Not Allowed").build());
    }
}
