package com.networknt.oauth.code.handler;

import com.networknt.client.ClientConfig;
import com.networknt.config.JsonMapper;
import com.networknt.handler.LightHttpHandler;
import com.networknt.monad.Result;
import com.networknt.oauth.cache.ClientUtil;
import com.networknt.oauth.cache.OAuth2Constants;
import com.networknt.utility.CodeVerifierUtil;
import com.networknt.utility.Constants;
import com.networknt.utility.Util;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.ForwardedHandler;
import io.undertow.util.Headers;
import java.util.Deque;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/code/handler/Oauth2CodeGetHandler.class */
public class Oauth2CodeGetHandler extends CodeAuditHandler implements LightHttpHandler {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) Oauth2CodeGetHandler.class);
    static final String CLIENT_NOT_FOUND = "ERR12014";
    static final String INVALID_CODE_CHALLENGE_METHOD = "ERR12033";
    static final String CODE_CHALLENGE_TOO_SHORT = "ERR12034";
    static final String CODE_CHALLENGE_TOO_LONG = "ERR12035";
    static final String INVALID_CODE_CHALLENGE_FORMAT = "ERR12036";

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Deque<String>> entry : httpServerExchange.getQueryParameters().entrySet()) {
            String key = entry.getKey();
            Iterator<String> it = entry.getValue().iterator();
            if (it.hasNext()) {
                hashMap.put(key, it.next());
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("params", hashMap);
        }
        String str = (String) hashMap.get("client_id");
        String str2 = (String) hashMap.get("remember");
        Result<String> clientById = ClientUtil.getClientById(str);
        if (clientById.isFailure()) {
            logger.error("failed to get the client: " + clientById.getError());
            setExchangeStatus(httpServerExchange, clientById.getError());
            processAudit(httpServerExchange);
            return;
        }
        String result = clientById.getResult();
        if (result == null) {
            setExchangeStatus(httpServerExchange, CLIENT_NOT_FOUND, str);
            processAudit(httpServerExchange);
            return;
        }
        String uuid = Util.getUUID();
        SecurityContext securityContext = httpServerExchange.getSecurityContext();
        String name = securityContext.getAuthenticatedAccount().getPrincipal().getName();
        Set<String> roles = securityContext.getAuthenticatedAccount().getRoles();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("authCode", uuid);
        hashMap2.put("userId", name);
        if (roles != null && !roles.isEmpty()) {
            hashMap2.put(Constants.ROLES_STRING, String.join(" ", roles));
        }
        String str3 = (String) hashMap.get("scope");
        if (str3 != null) {
            hashMap2.put("scope", str3);
        }
        Map<String, Object> string2Map = JsonMapper.string2Map(result);
        hashMap2.put(ForwardedHandler.HOST, string2Map.get(ForwardedHandler.HOST));
        String str4 = (String) hashMap.get(ClientConfig.REDIRECT_URI);
        if (str4 == null) {
            str4 = (String) string2Map.get("redirectUri");
            if (logger.isDebugEnabled()) {
                logger.debug("Get redirectUri from the client " + str4);
            }
        }
        hashMap2.put("redirectUri", str4);
        String str5 = (String) hashMap.get(OAuth2Constants.CODE_CHALLENGE);
        String str6 = (String) hashMap.get(OAuth2Constants.CODE_CHALLENGE_METHOD);
        if (str5 != null) {
            if (str6 == null) {
                str6 = CodeVerifierUtil.CODE_CHALLENGE_METHOD_PLAIN;
            } else if (!str6.equals(CodeVerifierUtil.CODE_CHALLENGE_METHOD_S256) && !str6.equals(CodeVerifierUtil.CODE_CHALLENGE_METHOD_PLAIN)) {
                setExchangeStatus(httpServerExchange, INVALID_CODE_CHALLENGE_METHOD, str6);
                processAudit(httpServerExchange);
                return;
            }
            if (str5.length() < 43) {
                setExchangeStatus(httpServerExchange, CODE_CHALLENGE_TOO_SHORT, str5);
                processAudit(httpServerExchange);
                return;
            } else if (str5.length() > 128) {
                setExchangeStatus(httpServerExchange, CODE_CHALLENGE_TOO_LONG, str5);
                processAudit(httpServerExchange);
                return;
            } else if (!CodeVerifierUtil.VALID_CODE_CHALLENGE_PATTERN.matcher(str5).matches()) {
                setExchangeStatus(httpServerExchange, INVALID_CODE_CHALLENGE_FORMAT, str5);
                processAudit(httpServerExchange);
                return;
            } else {
                hashMap2.put(OAuth2Constants.CODE_CHALLENGE, str5);
                hashMap2.put(OAuth2Constants.CODE_CHALLENGE_METHOD, str6);
            }
        }
        hashMap2.put("remember", str2 != null ? str2 : "N");
        ClientUtil.createAuthCode(hashMap2);
        String str7 = str4 + "?code=" + uuid;
        String str8 = (String) hashMap.get("state");
        if (str8 != null) {
            str7 = str7 + "&state=" + str8;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("redirectUri = " + str7);
        }
        httpServerExchange.setStatusCode(302);
        httpServerExchange.getResponseHeaders().put(Headers.LOCATION, str7);
        httpServerExchange.endExchange();
        processAudit(httpServerExchange);
    }
}
