package org.apereo.cas.oidc.util;

import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.Pac4jUtils;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.jasig.cas.client.util.URIBuilder;
import org.pac4j.cas.client.CasClient;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.UserProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/apereo/cas/oidc/util/OidcAuthorizationRequestSupport.class */
public class OidcAuthorizationRequestSupport {
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcAuthorizationRequestSupport.class);
    private final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
    private final TicketRegistrySupport ticketRegistrySupport;

    public OidcAuthorizationRequestSupport(CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, TicketRegistrySupport ticketRegistrySupport) {
        this.ticketGrantingTicketCookieGenerator = cookieRetrievingCookieGenerator;
        this.ticketRegistrySupport = ticketRegistrySupport;
    }

    public static Set<String> getOidcPromptFromAuthorizationRequest(String str) {
        Assert.notNull(str, "URL cannot be null");
        return (Set) new URIBuilder(str).getQueryParams().stream().filter(basicNameValuePair -> {
            return "prompt".equals(basicNameValuePair.getName());
        }).map(basicNameValuePair2 -> {
            return basicNameValuePair2.getValue().split(" ");
        }).flatMap((v0) -> {
            return Arrays.stream(v0);
        }).collect(Collectors.toSet());
    }

    public static Set<String> getOidcPromptFromAuthorizationRequest(WebContext webContext) {
        return getOidcPromptFromAuthorizationRequest(webContext.getFullRequestURL());
    }

    public static Optional<Long> getOidcMaxAgeFromAuthorizationRequest(WebContext webContext) {
        Optional findFirst = new URIBuilder(webContext.getFullRequestURL()).getQueryParams().stream().filter(basicNameValuePair -> {
            return "max_age".equals(basicNameValuePair.getName());
        }).findFirst();
        return findFirst.isPresent() ? Optional.of(Long.valueOf(NumberUtils.toLong(((URIBuilder.BasicNameValuePair) findFirst.get()).getValue(), -1L))) : Optional.empty();
    }

    public static Optional<UserProfile> isAuthenticationProfileAvailable(WebContext webContext) {
        return Pac4jUtils.getPac4jProfileManager(webContext).get(true);
    }

    public Optional<Authentication> isCasAuthenticationAvailable(WebContext webContext) {
        Authentication authenticationFrom;
        J2EContext j2EContext = (J2EContext) webContext;
        if (j2EContext != null) {
            String retrieveCookieValue = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(j2EContext.getRequest());
            if (StringUtils.isNotBlank(retrieveCookieValue) && (authenticationFrom = this.ticketRegistrySupport.getAuthenticationFrom(retrieveCookieValue)) != null) {
                return Optional.of(authenticationFrom);
            }
        }
        return Optional.empty();
    }

    public boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, ZonedDateTime zonedDateTime) {
        Optional<Long> oidcMaxAgeFromAuthorizationRequest = getOidcMaxAgeFromAuthorizationRequest(webContext);
        if (!oidcMaxAgeFromAuthorizationRequest.isPresent() || oidcMaxAgeFromAuthorizationRequest.get().longValue() <= 0) {
            return false;
        }
        long epochSecond = ZonedDateTime.now().toEpochSecond();
        long epochSecond2 = zonedDateTime.toEpochSecond();
        long j = epochSecond - epochSecond2;
        if (j <= oidcMaxAgeFromAuthorizationRequest.get().longValue()) {
            return false;
        }
        LOGGER.info("Authentication is too old: [{}] and was created [{}] seconds ago.", Long.valueOf(epochSecond2), Long.valueOf(j));
        return true;
    }

    public boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, Authentication authentication) {
        return isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, authentication.getAuthenticationDate());
    }

    public boolean isCasAuthenticationOldForMaxAgeAuthorizationRequest(WebContext webContext, UserProfile userProfile) {
        Object attribute = userProfile.getAttribute("authenticationDate");
        if (attribute == null) {
            return false;
        }
        return isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, ZonedDateTime.parse(attribute.toString()));
    }

    public void configureClientForMaxAgeAuthorizationRequest(CasClient casClient, WebContext webContext, Authentication authentication) {
        if (isCasAuthenticationOldForMaxAgeAuthorizationRequest(webContext, authentication)) {
            casClient.getConfiguration().setRenew(true);
        }
    }

    public static void configureClientForPromptLoginAuthorizationRequest(CasClient casClient, WebContext webContext) {
        if (getOidcPromptFromAuthorizationRequest(webContext).contains("login")) {
            casClient.getConfiguration().setRenew(true);
        }
    }

    public static void configureClientForPromptNoneAuthorizationRequest(CasClient casClient, WebContext webContext) {
        if (getOidcPromptFromAuthorizationRequest(webContext).contains("none")) {
            casClient.getConfiguration().setRenew(false);
            casClient.getConfiguration().setGateway(true);
        }
    }
}
