package org.apereo.cas.support.oauth.web;

import java.util.Collection;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20Constants;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationRequestValidator;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/OAuth20HandlerInterceptorAdapter.class */
public class OAuth20HandlerInterceptorAdapter implements AsyncHandlerInterceptor {
    protected final HandlerInterceptor requiresAuthenticationAccessTokenInterceptor;
    protected final HandlerInterceptor requiresAuthenticationAuthorizeInterceptor;
    private final Collection<AccessTokenGrantRequestExtractor> accessTokenGrantRequestExtractors;
    private final ServicesManager servicesManager;
    private final SessionStore sessionStore;
    private final Set<OAuth20AuthorizationRequestValidator> oauthAuthorizationRequestValidators;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        return requestRequiresAuthentication(httpServletRequest, httpServletResponse) ? this.requiresAuthenticationAccessTokenInterceptor.preHandle(httpServletRequest, httpServletResponse, obj) : isDeviceTokenRequest(httpServletRequest, httpServletResponse) ? this.requiresAuthenticationAuthorizeInterceptor.preHandle(httpServletRequest, httpServletResponse, obj) : !isAuthorizationRequest(httpServletRequest, httpServletResponse) || this.requiresAuthenticationAuthorizeInterceptor.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    protected boolean clientNeedAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        OAuthRegisteredService registeredOAuthServiceByClientId;
        String str = (String) OAuth20Utils.getClientIdAndClientSecret(new JEEContext(httpServletRequest, httpServletResponse), this.sessionStore).getLeft();
        if (str.isEmpty() || (registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, str)) == null) {
            return true;
        }
        return OAuth20Utils.doesServiceNeedAuthentication(registeredOAuthServiceByClientId);
    }

    protected boolean isRevokeTokenRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return doesUriMatchPattern(httpServletRequest.getRequestURI(), OAuth20Constants.REVOCATION_URL);
    }

    protected boolean isAccessTokenRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return doesUriMatchPattern(httpServletRequest.getRequestURI(), String.format("(%s|%s)", OAuth20Constants.ACCESS_TOKEN_URL, "token"));
    }

    protected boolean isDeviceTokenRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return doesUriMatchPattern(httpServletRequest.getRequestURI(), String.format("(%s)", OAuth20Constants.DEVICE_AUTHZ_URL));
    }

    protected boolean requestRequiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isRevokeTokenRequest(httpServletRequest, httpServletResponse)) {
            return clientNeedAuthentication(httpServletRequest, httpServletResponse);
        }
        boolean isAccessTokenRequest = isAccessTokenRequest(httpServletRequest, httpServletResponse);
        Optional<AccessTokenGrantRequestExtractor> extractAccessTokenGrantRequest = extractAccessTokenGrantRequest(httpServletRequest);
        if (isAccessTokenRequest) {
            return extractAccessTokenGrantRequest.isPresent() && extractAccessTokenGrantRequest.get().getResponseType() != OAuth20ResponseTypes.DEVICE_CODE;
        }
        if (extractAccessTokenGrantRequest.isPresent()) {
            return extractAccessTokenGrantRequest.get().requestMustBeAuthenticated();
        }
        return false;
    }

    private Optional<AccessTokenGrantRequestExtractor> extractAccessTokenGrantRequest(HttpServletRequest httpServletRequest) {
        return this.accessTokenGrantRequestExtractors.stream().filter(accessTokenGrantRequestExtractor -> {
            return accessTokenGrantRequestExtractor.supports(httpServletRequest);
        }).findFirst();
    }

    protected boolean isAuthorizationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (doesUriMatchPattern(httpServletRequest.getRequestURI(), OAuth20Constants.AUTHORIZE_URL)) {
            return isValidAuthorizeRequest(new JEEContext(httpServletRequest, httpServletResponse));
        }
        return false;
    }

    protected boolean doesUriMatchPattern(String str, String str2) {
        return Pattern.compile("/" + str2 + "(/)*$").matcher(str).find();
    }

    protected boolean isValidAuthorizeRequest(JEEContext jEEContext) {
        OAuth20AuthorizationRequestValidator orElse = this.oauthAuthorizationRequestValidators.stream().filter(oAuth20AuthorizationRequestValidator -> {
            return oAuth20AuthorizationRequestValidator.supports(jEEContext);
        }).findFirst().orElse(null);
        if (orElse == null) {
            return false;
        }
        return orElse.validate(jEEContext);
    }

    @Generated
    public OAuth20HandlerInterceptorAdapter(HandlerInterceptor handlerInterceptor, HandlerInterceptor handlerInterceptor2, Collection<AccessTokenGrantRequestExtractor> collection, ServicesManager servicesManager, SessionStore sessionStore, Set<OAuth20AuthorizationRequestValidator> set) {
        this.requiresAuthenticationAccessTokenInterceptor = handlerInterceptor;
        this.requiresAuthenticationAuthorizeInterceptor = handlerInterceptor2;
        this.accessTokenGrantRequestExtractors = collection;
        this.servicesManager = servicesManager;
        this.sessionStore = sessionStore;
        this.oauthAuthorizationRequestValidators = set;
    }
}
