package org.cloudfoundry.identity.uaa.oauth;

import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.1.0.jar:org/cloudfoundry/identity/uaa/oauth/DisableIdTokenResponseTypeFilter.class */
public class DisableIdTokenResponseTypeFilter extends OncePerRequestFilter {
    public static final String CONFIG = "oauth.id_token.disable";
    public static final String ID_TOKEN = "id_token";
    protected static Log logger = LogFactory.getLog(DisableIdTokenResponseTypeFilter.class);
    private boolean active;
    private final List<String> paths;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.1.0.jar:org/cloudfoundry/identity/uaa/oauth/DisableIdTokenResponseTypeFilter$RemoveIdTokenParameterValueWrapper.class */
    public class RemoveIdTokenParameterValueWrapper extends HttpServletRequestWrapper {
        public RemoveIdTokenParameterValueWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public String getParameter(String str) {
            return OAuth2Utils.RESPONSE_TYPE.equals(str) ? removeIdTokenValue(super.getParameter(str)) : super.getParameter(str);
        }

        public Map<String, String[]> getParameterMap() {
            Map<String, String[]> parameterMap = super.getParameterMap();
            if (parameterMap.containsKey(OAuth2Utils.RESPONSE_TYPE)) {
                HashMap hashMap = new HashMap(parameterMap);
                hashMap.put(OAuth2Utils.RESPONSE_TYPE, getParameterValues(OAuth2Utils.RESPONSE_TYPE));
                parameterMap = hashMap;
            }
            return parameterMap;
        }

        public String[] getParameterValues(String str) {
            String[] parameterValues = super.getParameterValues(str);
            if (OAuth2Utils.RESPONSE_TYPE.equals(str)) {
                for (int i = 0; parameterValues != null && i < parameterValues.length; i++) {
                    parameterValues[i] = removeIdTokenValue(parameterValues[i]);
                }
            }
            return parameterValues;
        }

        private String removeIdTokenValue(String str) {
            return (StringUtils.hasText(str) && str.contains(DisableIdTokenResponseTypeFilter.ID_TOKEN)) ? str.replace(DisableIdTokenResponseTypeFilter.ID_TOKEN, "").trim() : str;
        }
    }

    public DisableIdTokenResponseTypeFilter(boolean z, List<String> list) {
        this.paths = list;
        this.active = z;
    }

    public boolean isIdTokenDisabled() {
        return this.active;
    }

    public void setIdTokenDisabled(boolean z) {
        this.active = z;
    }

    protected boolean applyPath(String str) {
        if (this.paths == null || this.paths.size() == 0 || str == null) {
            return false;
        }
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        for (String str2 : this.paths) {
            if (antPathMatcher.isPattern(str2)) {
                if (antPathMatcher.match(str2, str)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        logger.debug("Processing id_token disable filter");
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        logger.debug(String.format("pre id_token disable:%s pathinfo:%s request_uri:%s response_type:%s", Boolean.valueOf(isIdTokenDisabled()), httpServletRequest2.getPathInfo(), httpServletRequest.getRequestURI(), httpServletRequest2.getParameter(OAuth2Utils.RESPONSE_TYPE)));
        if (isIdTokenDisabled() && (applyPath(httpServletRequest.getPathInfo()) || applyPath(httpServletRequest.getRequestURI()))) {
            httpServletRequest2 = new RemoveIdTokenParameterValueWrapper(httpServletRequest);
        }
        logger.debug(String.format("post id_token disable:%s pathinfo:%s request_uri:%s response_type:%s", Boolean.valueOf(isIdTokenDisabled()), httpServletRequest2.getPathInfo(), httpServletRequest.getRequestURI(), httpServletRequest2.getParameter(OAuth2Utils.RESPONSE_TYPE)));
        filterChain.doFilter(httpServletRequest2, httpServletResponse);
    }
}
