package io.jans.ca.server.op;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import io.jans.as.model.util.Util;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.ExpiredObjectType;
import io.jans.ca.common.params.GetAuthorizationUrlParams;
import io.jans.ca.common.response.GetAuthorizationUrlResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.configuration.model.Rp;
import io.jans.ca.server.service.DiscoveryService;
import io.jans.ca.server.service.StateService;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
@RequestScoped
/* loaded from: input_file:io/jans/ca/server/op/GetAuthorizationUrlOperation.class */
public class GetAuthorizationUrlOperation extends BaseOperation<GetAuthorizationUrlParams> {
    private static final Logger LOG = LoggerFactory.getLogger(GetAuthorizationUrlOperation.class);

    @Inject
    DiscoveryService discoveryService;

    @Inject
    StateService stateService;

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetAuthorizationUrlParams getAuthorizationUrlParams, HttpServletRequest httpServletRequest) throws Exception {
        Rp rp = getRp(getAuthorizationUrlParams);
        String authorizationEndpoint = this.discoveryService.getConnectDiscoveryResponse(rp).getAuthorizationEndpoint();
        ArrayList newArrayList = Lists.newArrayList();
        if (getAuthorizationUrlParams.getScope() != null && !getAuthorizationUrlParams.getScope().isEmpty()) {
            newArrayList.addAll(getAuthorizationUrlParams.getScope());
        } else if (rp.getScope() != null) {
            newArrayList.addAll(rp.getScope());
        }
        if (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) && !Utils.isValidUrl(getAuthorizationUrlParams.getRedirectUri())) {
            throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
        }
        if (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) && !rp.getRedirectUris().contains(getAuthorizationUrlParams.getRedirectUri())) {
            throw new HttpException(ErrorResponseCode.REDIRECT_URI_IS_NOT_REGISTERED);
        }
        ArrayList newArrayList2 = Lists.newArrayList();
        if (getAuthorizationUrlParams.getResponseTypes() == null || getAuthorizationUrlParams.getResponseTypes().isEmpty() || !rp.getResponseTypes().containsAll(getAuthorizationUrlParams.getResponseTypes())) {
            newArrayList2.addAll(rp.getResponseTypes());
        } else {
            newArrayList2.addAll(getAuthorizationUrlParams.getResponseTypes());
        }
        String putState = StringUtils.isNotBlank(getAuthorizationUrlParams.getState()) ? this.stateService.putState(this.stateService.encodeExpiredObject(getAuthorizationUrlParams.getState(), ExpiredObjectType.STATE)) : this.stateService.generateState();
        String str = (((((authorizationEndpoint + "?response_type=" + Utils.joinAndUrlEncode(newArrayList2)) + "&client_id=" + (this.jansConfigurationService.find().getEncodeClientIdInAuthorizationUrl() != null ? this.jansConfigurationService.find().getEncodeClientIdInAuthorizationUrl().booleanValue() : false ? Utils.encode(rp.getClientId()) : rp.getClientId())) + "&redirect_uri=" + (StringUtils.isNotBlank(getAuthorizationUrlParams.getRedirectUri()) ? getAuthorizationUrlParams.getRedirectUri() : rp.getRedirectUri())) + "&scope=" + Utils.joinAndUrlEncode(newArrayList)) + "&state=" + putState) + "&nonce=" + (StringUtils.isNotBlank(getAuthorizationUrlParams.getNonce()) ? this.stateService.putNonce(this.stateService.encodeExpiredObject(getAuthorizationUrlParams.getNonce(), ExpiredObjectType.NONCE)) : this.stateService.generateNonce());
        String trim = Utils.joinAndUrlEncode(acrValues(rp, getAuthorizationUrlParams)).trim();
        if (!Strings.isNullOrEmpty(trim)) {
            str = str + "&acr_values=" + trim;
        }
        if (!Strings.isNullOrEmpty(getAuthorizationUrlParams.getPrompt())) {
            str = str + "&prompt=" + getAuthorizationUrlParams.getPrompt();
        }
        if (!Strings.isNullOrEmpty(getAuthorizationUrlParams.getHostedDomain())) {
            str = str + "&hd=" + getAuthorizationUrlParams.getHostedDomain();
        }
        if (getAuthorizationUrlParams.getCustomParameters() != null && !getAuthorizationUrlParams.getCustomParameters().isEmpty()) {
            str = str + "&custom_response_headers=" + Utils.encode(Util.mapAsString(getAuthorizationUrlParams.getCustomParameters()));
        }
        if (getAuthorizationUrlParams.getParams() != null && !getAuthorizationUrlParams.getParams().isEmpty()) {
            str = str + "&" + Utils.mapAsStringWithEncodedValues(getAuthorizationUrlParams.getParams());
        }
        return new GetAuthorizationUrlResponse(str);
    }

    private List<String> acrValues(Rp rp, GetAuthorizationUrlParams getAuthorizationUrlParams) {
        List<String> acrValues = (getAuthorizationUrlParams.getAcrValues() == null || getAuthorizationUrlParams.getAcrValues().isEmpty()) ? rp.getAcrValues() : getAuthorizationUrlParams.getAcrValues();
        if (acrValues != null) {
            return acrValues;
        }
        LOG.error("acr value is null for site: " + rp);
        return new ArrayList();
    }

    @Override // io.jans.ca.server.op.IOperation
    public Class<GetAuthorizationUrlParams> getParameterClass() {
        return GetAuthorizationUrlParams.class;
    }

    @Override // io.jans.ca.server.op.IOperation
    public String getReturnType() {
        return "application/json";
    }
}
