package org.forgerock.openidconnect;

import javax.inject.Inject;
import org.forgerock.oauth2.core.AuthorizeRequestValidator;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.Utils;
import org.forgerock.oauth2.core.exceptions.BadRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidScopeException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.oauth2.core.exceptions.UnsupportedResponseTypeException;
import org.forgerock.util.Reject;

/* loaded from: input_file:org/forgerock/openidconnect/CodeVerifierValidator.class */
public class CodeVerifierValidator implements AuthorizeRequestValidator {
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;

    @Inject
    public CodeVerifierValidator(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory) {
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
    }

    @Override // org.forgerock.oauth2.core.AuthorizeRequestValidator
    public void validateRequest(OAuth2Request oAuth2Request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
        if (this.providerSettingsFactory.get(oAuth2Request).isCodeVerifierRequired() && isAuthCodeRequest(oAuth2Request)) {
            Reject.ifTrue(Utils.isEmpty((String) oAuth2Request.getParameter("code_challenge")), "Missing parameter, 'code_challenge'");
            String str = (String) oAuth2Request.getParameter("code_challenge_method");
            if (str != null) {
                Reject.ifFalse(str.equals("S256") || str.equals("plain"), "Invalid value for code_challenge_method");
            }
        }
    }

    private boolean isAuthCodeRequest(OAuth2Request oAuth2Request) {
        return ((String) oAuth2Request.getParameter("response_type")).equals("code");
    }
}
