package fish.payara.security.openid.controller;

import fish.payara.security.openid.OpenIdUtil;
import fish.payara.security.openid.api.OpenIdConstant;
import fish.payara.security.openid.api.OpenIdState;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import fish.payara.security.openid.domain.OpenIdNonce;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.security.enterprise.AuthenticationStatus;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;

@ApplicationScoped
/* loaded from: input_file:fish/payara/security/openid/controller/AuthenticationController.class */
public class AuthenticationController {

    @Inject
    private StateController stateController;

    @Inject
    private NonceController nonceController;

    @Inject
    private OpenIdConfiguration configuration;
    private static final Logger LOGGER = Logger.getLogger(AuthenticationController.class.getName());

    public AuthenticationStatus authenticateUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UriBuilder queryParam = UriBuilder.fromUri(this.configuration.getProviderMetadata().getAuthorizationEndpoint()).queryParam("scope", this.configuration.getScopes()).queryParam(OpenIdConstant.RESPONSE_TYPE, this.configuration.getResponseType()).queryParam(OpenIdConstant.CLIENT_ID, this.configuration.getClientId()).queryParam(OpenIdConstant.REDIRECT_URI, this.configuration.buildRedirectURI(httpServletRequest));
        OpenIdState openIdState = new OpenIdState();
        queryParam.queryParam("state", openIdState.getValue());
        this.stateController.store(openIdState, this.configuration, httpServletRequest, httpServletResponse);
        if (this.configuration.isUseNonce()) {
            OpenIdNonce openIdNonce = new OpenIdNonce();
            queryParam.queryParam("nonce", this.nonceController.getNonceHash(openIdNonce));
            this.nonceController.store(openIdNonce, this.configuration, httpServletRequest, httpServletResponse);
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getResponseMode())) {
            queryParam.queryParam(OpenIdConstant.RESPONSE_MODE, this.configuration.getResponseMode());
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getDisplay())) {
            queryParam.queryParam(OpenIdConstant.DISPLAY, this.configuration.getDisplay());
        }
        if (!OpenIdUtil.isEmpty(this.configuration.getPrompt())) {
            queryParam.queryParam(OpenIdConstant.PROMPT, this.configuration.getPrompt());
        }
        this.configuration.getExtraParameters().forEach((str, list) -> {
            list.forEach(str -> {
                queryParam.queryParam(str, str);
            });
        });
        String aSCIIString = queryParam.build(new Object[0]).toASCIIString();
        LOGGER.log(Level.FINEST, "Redirecting for authentication to {0}", aSCIIString);
        try {
            httpServletResponse.sendRedirect(aSCIIString);
            return AuthenticationStatus.SEND_CONTINUE;
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }
}
