package org.cloudfoundry.identity.uaa.oauth;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.9.0.jar:org/cloudfoundry/identity/uaa/oauth/AuthorizePromptNoneEntryPoint.class */
public class AuthorizePromptNoneEntryPoint implements AuthenticationEntryPoint {
    private static Log logger = LogFactory.getLog(AuthorizePromptNoneEntryPoint.class);
    private final AuthenticationFailureHandler failureHandler;
    private final ClientDetailsService clientDetailsService;
    private final RedirectResolver redirectResolver;

    public AuthorizePromptNoneEntryPoint(AuthenticationFailureHandler authenticationFailureHandler, ClientDetailsService clientDetailsService, RedirectResolver redirectResolver) {
        this.failureHandler = authenticationFailureHandler;
        this.clientDetailsService = clientDetailsService;
        this.redirectResolver = redirectResolver;
    }

    @Override // org.springframework.security.web.AuthenticationEntryPoint
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter("client_id");
        String parameter2 = httpServletRequest.getParameter(OAuth2Utils.REDIRECT_URI);
        String[] strArr = (String[]) Optional.ofNullable(httpServletRequest.getParameter(OAuth2Utils.RESPONSE_TYPE)).map(str -> {
            return str.split(" ");
        }).orElse(new String[0]);
        if (!StringUtils.hasText(parameter)) {
            logger.debug("[prompt=none] Missing client_id parameter");
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            return;
        }
        try {
            ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(parameter);
            if (((Set) Optional.ofNullable(loadClientByClientId.getRegisteredRedirectUri()).orElse(Collections.EMPTY_SET)).size() == 0 && !StringUtils.hasText(parameter2)) {
                logger.debug("[prompt=none] Missing redirect_uri");
                httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
                return;
            }
            try {
                String resolveRedirect = this.redirectResolver.resolveRedirect(parameter2, loadClientByClientId);
                this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
                String str2 = "code";
                httpServletResponse.sendRedirect(Arrays.stream(strArr).noneMatch(str2::equalsIgnoreCase) ? UaaUrlUtils.addFragmentComponent(resolveRedirect, "error=login_required") : UaaUrlUtils.addQueryParameter(resolveRedirect, "error", "login_required"));
            } catch (RedirectMismatchException e) {
                logger.debug("[prompt=none] Invalid redirect " + parameter2 + " did not match one of the registered values");
                httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            }
        } catch (ClientRegistrationException e2) {
            logger.debug("[prompt=none] Unable to look up client for client_id=" + parameter, e2);
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
        }
    }
}
