package org.mitre.openid.connect.client.service.impl;

import com.google.common.base.Strings;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.http.client.utils.URIBuilder;
import org.mitre.openid.connect.client.model.IssuerServiceResponse;
import org.mitre.openid.connect.client.service.IssuerService;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;

/* loaded from: input_file:WEB-INF/lib/openid-connect-client-1.3.0.jar:org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.class */
public class ThirdPartyIssuerService implements IssuerService {
    private String accountChooserUrl;
    private Set<String> whitelist = new HashSet();
    private Set<String> blacklist = new HashSet();

    @Override // org.mitre.openid.connect.client.service.IssuerService
    public IssuerServiceResponse getIssuer(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("iss");
        if (Strings.isNullOrEmpty(parameter)) {
            try {
                String stringBuffer = httpServletRequest.getRequestURL().toString();
                URIBuilder uRIBuilder = new URIBuilder(this.accountChooserUrl);
                uRIBuilder.addParameter(OAuth2Utils.REDIRECT_URI, stringBuffer);
                return new IssuerServiceResponse(uRIBuilder.build().toString());
            } catch (URISyntaxException e) {
                throw new AuthenticationServiceException("Account Chooser URL is not valid", e);
            }
        }
        if (!this.whitelist.isEmpty() && !this.whitelist.contains(parameter)) {
            throw new AuthenticationServiceException("Whitelist was nonempty, issuer was not in whitelist: " + parameter);
        }
        if (this.blacklist.contains(parameter)) {
            throw new AuthenticationServiceException("Issuer was in blacklist: " + parameter);
        }
        return new IssuerServiceResponse(parameter, httpServletRequest.getParameter("login_hint"), httpServletRequest.getParameter("target_link_uri"));
    }

    public String getAccountChooserUrl() {
        return this.accountChooserUrl;
    }

    public void setAccountChooserUrl(String str) {
        this.accountChooserUrl = str;
    }

    public Set<String> getWhitelist() {
        return this.whitelist;
    }

    public void setWhitelist(Set<String> set) {
        this.whitelist = set;
    }

    public Set<String> getBlacklist() {
        return this.blacklist;
    }

    public void setBlacklist(Set<String> set) {
        this.blacklist = set;
    }

    @PostConstruct
    public void afterPropertiesSet() {
        if (Strings.isNullOrEmpty(this.accountChooserUrl)) {
            throw new IllegalArgumentException("Account Chooser URL cannot be null or empty");
        }
    }
}
