package io.jans.as.server.service;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.session.EndSessionErrorResponseType;
import io.jans.as.model.util.QueryStringDecoder;
import io.jans.as.model.util.Util;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.json.JSONArray;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/service/RedirectionUriService.class */
public class RedirectionUriService {
    private static final Logger log = LoggerFactory.getLogger(RedirectionUriService.class);

    @Inject
    private ClientService clientService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private LocalResponseCache localResponseCache;

    public String validateRedirectionUri(String str, String str2) {
        Client client = this.clientService.getClient(str);
        if (client == null) {
            return null;
        }
        return validateRedirectionUri(client, str2);
    }

    public List<String> getSectorRedirectUris(String str) {
        ArrayList newArrayList = Lists.newArrayList();
        if (StringUtils.isBlank(str)) {
            return newArrayList;
        }
        List<String> sectorRedirectUris = this.localResponseCache.getSectorRedirectUris(str);
        if (sectorRedirectUris != null) {
            return sectorRedirectUris;
        }
        jakarta.ws.rs.client.Client newClient = ClientBuilder.newClient();
        try {
            Response invoke = newClient.target(str).request().buildGet().invoke();
            if (invoke.getStatus() != 200) {
                return newArrayList;
            }
            String str2 = (String) invoke.readEntity(String.class);
            newClient.close();
            JSONArray jSONArray = new JSONArray(str2);
            for (int i = 0; i < jSONArray.length(); i++) {
                newArrayList.add(jSONArray.getString(i));
            }
            this.localResponseCache.putSectorRedirectUris(str, newArrayList);
            return newArrayList;
        } finally {
            newClient.close();
        }
    }

    public String validateRedirectionUri(@NotNull Client client, String str) {
        try {
            String sectorIdentifierUri = client.getSectorIdentifierUri();
            String[] redirectUris = client.getRedirectUris();
            if (StringUtils.isNotBlank(sectorIdentifierUri)) {
                redirectUris = (String[]) getSectorRedirectUris(sectorIdentifierUri).toArray(new String[0]);
            }
            if (StringUtils.isBlank(str) && redirectUris != null && redirectUris.length == 1) {
                log.trace("First redirect_uri is returned.");
                return redirectUris[0];
            }
            if (StringUtils.isNotBlank(str)) {
                if (redirectUris != null) {
                    log.trace("Validating redirection URI: clientIdentifier = {}, redirectionUri = {}, found = {}", new Object[]{client.getClientId(), str, Integer.valueOf(redirectUris.length)});
                    if (isUriEqual(str, redirectUris)) {
                        log.trace("Redirect URI 'equals' found, clientId = {}, redirectionUri = {}", client.getClientId(), str);
                        return str;
                    }
                    log.trace("RedirectionUri didn't match with any of the client redirect uris, clientId = {}, redirectionUri = {}", client.getClientId(), str);
                }
                if (BooleanUtils.isTrue(this.appConfiguration.getRedirectUrisRegexEnabled())) {
                    if (str.matches(client.getAttributes().getRedirectUrisRegex())) {
                        log.trace("RedirectionUri is allowed by regexp, clientId = {}, redirectionUri = {}, regexp = {}", new Object[]{client.getClientId(), str, client.getAttributes().getRedirectUrisRegex()});
                        return str;
                    }
                    log.trace("RedirectionUri didn't match with client regular expression, clientId = {}, redirectionUri = {}", client.getClientId(), str);
                }
            } else {
                log.warn("RedirectionUri is blank, clientId = {}", client.getClientId());
            }
            return null;
        } catch (Exception e) {
            log.error(String.format("Problems validating redirection uri, clientId = %s, redirectionUri = %s", client.getClientId(), str), e);
            return null;
        }
    }

    public static boolean isUriEqual(String str, String[] strArr) {
        String uriWithoutParams = uriWithoutParams(str);
        for (String str2 : strArr) {
            log.debug("Comparing {} == {}", str2, str);
            if (str2.equals(str)) {
                return true;
            }
            String uriWithoutParams2 = uriWithoutParams(str2);
            Map<String, String> params = getParams(str2);
            if (uriWithoutParams2.equals(uriWithoutParams) && params.size() == 0 && getParams(str).size() == 0) {
                return true;
            }
            if (uriWithoutParams2.equals(uriWithoutParams) && params.size() > 0 && compareParams(str, str2)) {
                return true;
            }
        }
        return false;
    }

    public String validatePostLogoutRedirectUri(String str, String str2) {
        boolean isNullOrEmpty = Util.isNullOrEmpty(str2);
        Client client = this.clientService.getClient(str);
        if (client != null) {
            String[] postLogoutRedirectUris = client.getPostLogoutRedirectUris();
            log.debug("Validating post logout redirect URI: clientId = {}, postLogoutRedirectUri = {}", str, str2);
            return validatePostLogoutRedirectUri(str2, postLogoutRedirectUris);
        }
        if (isNullOrEmpty) {
            return null;
        }
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_ASSOCIATED_WITH_CLIENT, "`post_logout_redirect_uri` is not added to associated client.");
    }

    public String validatePostLogoutRedirectUri(SessionId sessionId, String str) {
        if (sessionId == null) {
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, EndSessionErrorResponseType.SESSION_NOT_PASSED, "Session object is not found.");
        }
        if (Strings.isNullOrEmpty(str)) {
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_PASSED, "`post_logout_redirect_uri` is empty.");
        }
        Set<Client> client = sessionId.getPermissionGrantedMap() != null ? this.clientService.getClient((Collection<String>) sessionId.getPermissionGrantedMap().getClientIds(true), true) : Sets.newHashSet();
        log.trace("Validating post logout redirect URI: postLogoutRedirectUri = {}", str);
        Iterator<Client> it = client.iterator();
        while (it.hasNext()) {
            String validatePostLogoutRedirectUri = validatePostLogoutRedirectUri(str, it.next().getPostLogoutRedirectUris());
            if (StringUtils.isNotBlank(validatePostLogoutRedirectUri)) {
                return validatePostLogoutRedirectUri;
            }
        }
        throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, EndSessionErrorResponseType.POST_LOGOUT_URI_NOT_ASSOCIATED_WITH_CLIENT, "Unable to validate `post_logout_redirect_uri`");
    }

    public String validatePostLogoutRedirectUri(String str, String[] strArr) {
        return BooleanUtils.isTrue(this.appConfiguration.getAllowPostLogoutRedirectWithoutValidation()) ? str : (strArr == null || !StringUtils.isNotBlank(str)) ? (strArr == null || strArr.length != 1) ? "" : strArr[0] : isUriEqual(str, strArr) ? str : "";
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.Map] */
    public static Map<String, String> getParams(String str) {
        int indexOf;
        HashMap hashMap = new HashMap();
        if (str != null && (indexOf = str.indexOf("?")) != -1) {
            hashMap = QueryStringDecoder.decode(str.substring(indexOf + 1));
        }
        return hashMap;
    }

    public static String uriWithoutParams(String str) {
        int indexOf;
        return (str == null || (indexOf = str.indexOf("?")) == -1) ? str : str.substring(0, indexOf);
    }

    public static boolean compareParams(String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return false;
        }
        return getParams(str).equals(getParams(str2));
    }
}
