package org.artifactory.ui.rest.service.admin.security.openid;

import java.util.Optional;
import org.artifactory.rest.common.service.ArtifactoryRestRequest;
import org.artifactory.rest.common.service.RestResponse;
import org.artifactory.rest.common.service.RestService;
import org.artifactory.security.AuthenticationHelper;
import org.artifactory.security.SingleSignOnService;
import org.jfrog.access.token.JwtAccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Component
/* loaded from: input_file:org/artifactory/ui/rest/service/admin/security/openid/RedirectService.class */
public class RedirectService implements RestService<String> {
    private static final Logger log = LoggerFactory.getLogger(RedirectService.class);
    private final SingleSignOnService singleSignOnService;

    @Autowired
    public RedirectService(SingleSignOnService singleSignOnService) {
        this.singleSignOnService = singleSignOnService;
    }

    public void execute(ArtifactoryRestRequest<String> artifactoryRestRequest, RestResponse restResponse) {
        Authentication authentication = AuthenticationHelper.getAuthentication();
        if (authentication == null) {
            restResponse.error("User is logged out");
            return;
        }
        Optional extractAndVerifyToken = this.singleSignOnService.extractAndVerifyToken((String) artifactoryRestRequest.getImodel());
        if (!extractAndVerifyToken.isPresent()) {
            restResponse.error("Cannot redirect to requested service, access token could not be extracted and verified from request");
            return;
        }
        JwtAccessToken jwtAccessToken = (JwtAccessToken) extractAndVerifyToken.get();
        if (jwtAccessToken.getAudience().size() != 1) {
            restResponse.error("Token audience is unexpected");
            return;
        }
        String obj = authentication.getPrincipal().toString();
        String redirectTargetUrlWithToken = this.singleSignOnService.getRedirectTargetUrlWithToken(obj, this.singleSignOnService.extractAuthenticatedUserInfo(obj, authentication), (String) this.singleSignOnService.extractRedirectUrlFromToken(jwtAccessToken).orElseThrow(() -> {
            return getException("redirect url");
        }), this.singleSignOnService.extractExtraOpenidParameters(jwtAccessToken));
        log.debug("Redirecting user to {}", redirectTargetUrlWithToken);
        restResponse.iModel(RedirectResponse.builder().url(redirectTargetUrlWithToken).build());
    }

    private IllegalArgumentException getException(String str) {
        return new IllegalArgumentException("Missing " + str + " in token payload");
    }
}
