package org.apache.cxf.rs.security.oidc.rp;

import java.net.URI;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.utils.FormUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;

@Priority(1000)
@PreMatching
/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.class */
public class OidcRpAuthenticationFilter implements ContainerRequestFilter {

    @Context
    private MessageContext mc;
    private ClientTokenContextManager stateManager;
    private String redirectUri;

    public void filter(ContainerRequestContext containerRequestContext) {
        if (checkSecurityContext(containerRequestContext)) {
            return;
        }
        containerRequestContext.abortWith(Response.seeOther(this.redirectUri.startsWith("/") ? UriBuilder.fromUri((String) this.mc.get("http.base.path")).path(this.redirectUri).build(new Object[0]) : this.redirectUri.startsWith("http") ? URI.create(this.redirectUri) : containerRequestContext.getUriInfo().getBaseUriBuilder().path(this.redirectUri).build(new Object[0])).header("Cache-Control", "no-cache, no-store").header("Pragma", "no-cache").build());
    }

    protected boolean checkSecurityContext(ContainerRequestContext containerRequestContext) {
        OidcClientTokenContext oidcClientTokenContext = (OidcClientTokenContext) this.stateManager.getClientTokenContext(this.mc);
        if (oidcClientTokenContext == null) {
            return false;
        }
        OidcClientTokenContextImpl oidcClientTokenContextImpl = new OidcClientTokenContextImpl();
        oidcClientTokenContextImpl.setToken(oidcClientTokenContext.getToken());
        oidcClientTokenContextImpl.setIdToken(oidcClientTokenContext.getIdToken());
        oidcClientTokenContextImpl.setUserInfo(oidcClientTokenContext.getUserInfo());
        oidcClientTokenContextImpl.setState(toRequestState(containerRequestContext));
        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, oidcClientTokenContextImpl);
        containerRequestContext.setSecurityContext(new OidcSecurityContext(oidcClientTokenContextImpl));
        return true;
    }

    private MultivaluedMap<String, String> toRequestState(ContainerRequestContext containerRequestContext) {
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putAll(containerRequestContext.getUriInfo().getQueryParameters(true));
        if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(containerRequestContext.getMediaType())) {
            FormUtils.populateMapFromString(metadataMap, JAXRSUtils.getCurrentMessage(), FormUtils.readBody(containerRequestContext.getEntityStream(), "UTF-8"), "UTF-8", true);
        }
        return metadataMap;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }

    public void setStateManager(ClientTokenContextManager clientTokenContextManager) {
        this.stateManager = clientTokenContextManager;
    }
}
