package org.forgerock.openidconnect;

import javax.inject.Inject;
import org.forgerock.oauth2.core.AuthorizeRequestValidator;
import org.forgerock.oauth2.core.OAuth2ProviderSettings;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.exceptions.BadRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidScopeException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/forgerock/openidconnect/ClaimsParameterValidator.class */
public class ClaimsParameterValidator implements AuthorizeRequestValidator {
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;

    @Inject
    public ClaimsParameterValidator(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory) {
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
    }

    @Override // org.forgerock.oauth2.core.AuthorizeRequestValidator
    public void validateRequest(OAuth2Request oAuth2Request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
        String str;
        OAuth2ProviderSettings oAuth2ProviderSettings = this.providerSettingsFactory.get(oAuth2Request);
        String str2 = (String) oAuth2Request.getParameter("claims");
        if (oAuth2ProviderSettings.getClaimsParameterSupported() && str2 != null) {
            try {
                JSONObject jSONObject = null;
                try {
                    jSONObject = new JSONObject(str2).getJSONObject("userinfo");
                } catch (Exception e) {
                }
                if (jSONObject != null && (str = (String) oAuth2Request.getParameter("response_type")) != null && str.trim().equals("id_token")) {
                    throw new BadRequestException("Must request an access token when providing userinfo in claims parameter.");
                }
            } catch (JSONException e2) {
                throw new BadRequestException("Invalid JSON in supplied claims parameter.");
            }
        }
    }
}
