package org.apereo.cas.uma.web.controllers.claims;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.uma.UmaConfigurationContext;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicket;
import org.apereo.cas.uma.web.controllers.BaseUmaEndpointController;
import org.pac4j.core.profile.UserProfile;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.web.util.UriComponentsBuilder;

@Controller("umaRequestingPartyClaimsCollectionEndpointController")
/* loaded from: input_file:org/apereo/cas/uma/web/controllers/claims/UmaRequestingPartyClaimsCollectionEndpointController.class */
public class UmaRequestingPartyClaimsCollectionEndpointController extends BaseUmaEndpointController {
    public UmaRequestingPartyClaimsCollectionEndpointController(UmaConfigurationContext umaConfigurationContext) {
        super(umaConfigurationContext);
    }

    @GetMapping({"/oauth2.0/rqpClaims"})
    public View getClaims(@RequestParam("client_id") String str, @RequestParam("redirect_uri") String str2, @RequestParam("ticket") String str3, @RequestParam(value = "state", required = false) String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        UserProfile authenticatedProfile = getAuthenticatedProfile(httpServletRequest, httpServletResponse, "uma_protection");
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(getUmaConfigurationContext().getServicesManager(), str);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredOAuthServiceByClientId);
        TicketRegistry ticketRegistry = getUmaConfigurationContext().getTicketRegistry();
        UmaPermissionTicket umaPermissionTicket = (UmaPermissionTicket) ticketRegistry.getTicket(str3, UmaPermissionTicket.class);
        if (umaPermissionTicket == null || umaPermissionTicket.isExpired()) {
            throw new InvalidTicketException(str3);
        }
        umaPermissionTicket.getClaims().putAll(authenticatedProfile.getAttributes());
        ticketRegistry.updateTicket(umaPermissionTicket);
        if (StringUtils.isBlank(str2) || !registeredOAuthServiceByClientId.matches(str2)) {
            throw new UnauthorizedServiceException("Redirect URI is unauthorized for this service definition");
        }
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(str2);
        fromUriString.queryParam("authorization_state", new Object[]{"claims_submitted"});
        if (StringUtils.isNotBlank(str4)) {
            fromUriString.queryParam("state", new Object[]{str4});
        }
        return new RedirectView(fromUriString.toUriString());
    }
}
