package org.wso2.carbon.identity.openidconnect;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.RequestObjectException;
import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.openidconnect.model.RequestObject;

/* loaded from: input_file:org/wso2/carbon/identity/openidconnect/OIDCRequestObjectUtil.class */
public class OIDCRequestObjectUtil {
    private static final Log log = LogFactory.getLog(OIDCRequestObjectUtil.class);
    private static final String REQUEST = "request";
    private static final String REQUEST_URI = "request_uri";
    private static final String REQUEST_PARAM_VALUE_BUILDER = "request_param_value_builder";
    private static final String REQUEST_URI_PARAM_VALUE_BUILDER = "request_uri_param_value_builder";

    public static RequestObject buildRequestObject(OAuthAuthzRequest oAuthAuthzRequest, OAuth2Parameters oAuth2Parameters) throws RequestObjectException {
        RequestObjectBuilder requestObjectBuilder;
        String str;
        if (isRequestParameter(oAuthAuthzRequest)) {
            requestObjectBuilder = getRequestObjectBuilder(REQUEST_PARAM_VALUE_BUILDER);
            str = "request";
        } else {
            if (!isRequestUri(oAuthAuthzRequest)) {
                return null;
            }
            requestObjectBuilder = getRequestObjectBuilder(REQUEST_URI_PARAM_VALUE_BUILDER);
            str = "request_uri";
        }
        if (requestObjectBuilder == null) {
            throw new RequestObjectException("server_error", "Unable to build the OIDC Request Object from:" + str);
        }
        RequestObject buildRequestObject = requestObjectBuilder.buildRequestObject(oAuthAuthzRequest.getParam(str), oAuth2Parameters);
        RequestObjectValidator requestObjectValidator = OAuthServerConfiguration.getInstance().getRequestObjectValidator();
        validateRequestObjectSignature(oAuth2Parameters, buildRequestObject, requestObjectValidator);
        if (!requestObjectValidator.validateRequestObject(buildRequestObject, oAuth2Parameters)) {
            throw new RequestObjectException("invalid_request", "Invalid parameters found in the Request Object.");
        }
        if (log.isDebugEnabled()) {
            log.debug("Successfully build and and validated request Object for: " + str);
        }
        return buildRequestObject;
    }

    public static void validateRequestObjectSignature(OAuth2Parameters oAuth2Parameters, RequestObject requestObject, RequestObjectValidator requestObjectValidator) throws RequestObjectException {
        String clientId = oAuth2Parameters.getClientId();
        try {
            if (!OAuth2Util.getAppInformationByClientId(clientId).isRequestObjectSignatureValidationEnabled()) {
                if (requestObject.isSigned()) {
                    validateSignature(oAuth2Parameters, requestObject, requestObjectValidator);
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Request Object Signature Verification enabled for client_id: " + clientId);
                }
                if (!requestObject.isSigned()) {
                    throw new RequestObjectException("Request object signature validation is enabled but request object is not signed.");
                }
                validateSignature(oAuth2Parameters, requestObject, requestObjectValidator);
            }
        } catch (IdentityOAuth2Exception | InvalidOAuthClientException e) {
            throw new RequestObjectException("Error while retrieving app information for client_id: " + clientId + ". Cannot proceed with signature validation", (Throwable) e);
        }
    }

    private static void validateSignature(OAuth2Parameters oAuth2Parameters, RequestObject requestObject, RequestObjectValidator requestObjectValidator) throws RequestObjectException {
        if (!requestObjectValidator.validateSignature(requestObject, oAuth2Parameters)) {
            throw new RequestObjectException("invalid_request", "Request Object signature verification failed.");
        }
    }

    private static RequestObjectBuilder getRequestObjectBuilder(String str) {
        return OAuthServerConfiguration.getInstance().getRequestObjectBuilders().get(str);
    }

    private static boolean isRequestUri(OAuthAuthzRequest oAuthAuthzRequest) {
        return StringUtils.isNotBlank(oAuthAuthzRequest.getParam("request_uri"));
    }

    private static boolean isRequestParameter(OAuthAuthzRequest oAuthAuthzRequest) {
        return StringUtils.isNotBlank(oAuthAuthzRequest.getParam("request"));
    }
}
