package com.networknt.oauth.handler;

import com.networknt.client.ClientConfig;
import com.networknt.config.JsonMapper;
import com.networknt.handler.LightHttpHandler;
import com.networknt.monad.Result;
import com.networknt.oauth.common.ClientUtil;
import com.networknt.oauth.common.OAuth2Constants;
import com.networknt.security.JwtConfig;
import com.networknt.utility.CodeVerifierUtil;
import com.networknt.utility.Constants;
import com.networknt.utility.UuidUtil;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import io.undertow.util.StatusCodes;
import java.util.Deque;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/handler/ProviderIdCodeGetHandler.class */
public class ProviderIdCodeGetHandler implements LightHttpHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) ProviderIdCodeGetHandler.class);
    static final String CLIENT_NOT_FOUND = "ERR12014";
    static final String INVALID_CODE_CHALLENGE_METHOD = "ERR12033";
    static final String CODE_CHALLENGE_TOO_SHORT = "ERR12034";
    static final String CODE_CHALLENGE_TOO_LONG = "ERR12035";
    static final String INVALID_CODE_CHALLENGE_FORMAT = "ERR12036";

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (logger.isTraceEnabled()) {
            logger.trace("ProviderIdCodeGetHandler is called");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Deque<String>> entry : httpServerExchange.getQueryParameters().entrySet()) {
            String key = entry.getKey();
            Iterator<String> it = entry.getValue().iterator();
            if (it.hasNext()) {
                hashMap.put(key, it.next());
                if (logger.isTraceEnabled()) {
                    logger.trace("param name = {} value = {}", key, hashMap.get(key));
                }
            }
        }
        String str = (String) hashMap.get(JwtConfig.PROVIDER_ID);
        String str2 = (String) hashMap.get("client_id");
        String str3 = (String) hashMap.get("remember");
        Result<String> clientByProviderClientId = ClientUtil.getClientByProviderClientId(str, str2);
        if (clientByProviderClientId.isFailure()) {
            logger.error("failed to get the client: {}", clientByProviderClientId.getError());
            setExchangeStatus(httpServerExchange, clientByProviderClientId.getError());
            httpServerExchange.endExchange();
            return;
        }
        String result = clientByProviderClientId.getResult();
        if (result == null) {
            setExchangeStatus(httpServerExchange, CLIENT_NOT_FOUND, str2);
            httpServerExchange.endExchange();
            return;
        }
        String uuidToBase64 = UuidUtil.uuidToBase64(UuidUtil.getUUID());
        SecurityContext securityContext = httpServerExchange.getSecurityContext();
        String name = securityContext.getAuthenticatedAccount().getPrincipal().getName();
        Set<String> roles = securityContext.getAuthenticatedAccount().getRoles();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("authCode", uuidToBase64);
        hashMap2.put(JwtConfig.PROVIDER_ID, str);
        hashMap2.put("userId", name);
        if (roles != null && !roles.isEmpty()) {
            hashMap2.put(Constants.ROLES, String.join(" ", roles));
        }
        String str4 = (String) hashMap.get("scope");
        if (str4 != null) {
            hashMap2.put("scope", str4);
        }
        Map<String, Object> string2Map = JsonMapper.string2Map(result);
        hashMap2.put("host", string2Map.get("host"));
        String str5 = (String) hashMap.get(ClientConfig.REDIRECT_URI);
        if (str5 == null) {
            str5 = (String) string2Map.get("redirectUri");
            if (logger.isDebugEnabled()) {
                logger.debug("Get redirectUri from the client {}", str5);
            }
        }
        hashMap2.put("redirectUri", str5);
        String str6 = (String) hashMap.get(OAuth2Constants.CODE_CHALLENGE);
        String str7 = (String) hashMap.get(OAuth2Constants.CODE_CHALLENGE_METHOD);
        if (str6 != null) {
            if (str7 == null) {
                str7 = CodeVerifierUtil.CODE_CHALLENGE_METHOD_PLAIN;
            } else if (!str7.equals(CodeVerifierUtil.CODE_CHALLENGE_METHOD_S256) && !str7.equals(CodeVerifierUtil.CODE_CHALLENGE_METHOD_PLAIN)) {
                setExchangeStatus(httpServerExchange, INVALID_CODE_CHALLENGE_METHOD, str7);
                httpServerExchange.endExchange();
                return;
            }
            if (str6.length() < 43) {
                setExchangeStatus(httpServerExchange, CODE_CHALLENGE_TOO_SHORT, str6);
                httpServerExchange.endExchange();
                return;
            } else if (str6.length() > 128) {
                setExchangeStatus(httpServerExchange, CODE_CHALLENGE_TOO_LONG, str6);
                httpServerExchange.endExchange();
                return;
            } else if (!CodeVerifierUtil.VALID_CODE_CHALLENGE_PATTERN.matcher(str6).matches()) {
                setExchangeStatus(httpServerExchange, INVALID_CODE_CHALLENGE_FORMAT, str6);
                httpServerExchange.endExchange();
                return;
            } else {
                hashMap2.put(OAuth2Constants.CODE_CHALLENGE, str6);
                hashMap2.put(OAuth2Constants.CODE_CHALLENGE_METHOD, str7);
            }
        }
        hashMap2.put("remember", str3 != null ? str3 : "N");
        ClientUtil.createAuthCode(hashMap2);
        String str8 = str5 + "?code=" + uuidToBase64;
        String str9 = (String) hashMap.get("state");
        if (str9 != null) {
            str8 = str8 + "&state=" + str9;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("redirectUri = {}", str8);
        }
        httpServerExchange.setStatusCode(StatusCodes.FOUND);
        httpServerExchange.getResponseHeaders().put(Headers.LOCATION, str8);
        httpServerExchange.endExchange();
    }
}
