package net.n2oapp.security.admin.auth.server;

import java.util.Iterator;
import java.util.Set;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.util.CollectionUtils;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:net/n2oapp/security/admin/auth/server/RedirectResolverImpl.class */
public class RedirectResolverImpl implements RedirectResolver {
    public String resolveRedirect(String str, ClientDetails clientDetails) throws OAuth2Exception {
        Set authorizedGrantTypes = clientDetails.getAuthorizedGrantTypes();
        if (authorizedGrantTypes == null || authorizedGrantTypes.isEmpty()) {
            throw new InvalidGrantException("A client must have at least one authorized grant type.");
        }
        if (authorizedGrantTypes.stream().noneMatch(str2 -> {
            return Set.of("authorization_code", "implicit").contains(str2);
        })) {
            throw new InvalidGrantException("A redirect_uri can only be used by implicit or authorization_code grant types.");
        }
        Set registeredRedirectUri = clientDetails.getRegisteredRedirectUri();
        if (CollectionUtils.isEmpty(registeredRedirectUri)) {
            throw new InvalidRequestException("At least one redirect_uri must be registered with the client.");
        }
        Iterator it = registeredRedirectUri.iterator();
        while (it.hasNext()) {
            if (match(str, (String) it.next())) {
                return str;
            }
        }
        throw new RedirectMismatchException("Invalid redirect: " + str + " does not match one of the registered values.");
    }

    protected boolean match(String str, String str2) {
        if (str != null && str2 != null && str2.endsWith("*") && str.startsWith(str2.substring(0, str2.indexOf("*")))) {
            return true;
        }
        UriComponents build = UriComponentsBuilder.fromUriString(str).build();
        String scheme = build.getScheme() != null ? build.getScheme() : "";
        String host = build.getHost() != null ? build.getHost() : "";
        String path = build.getPath() != null ? build.getPath() : "";
        UriComponents build2 = UriComponentsBuilder.fromUriString(str2).build();
        String scheme2 = build2.getScheme() != null ? build2.getScheme() : "";
        String host2 = build2.getHost() != null ? build2.getHost() : "";
        return ("*".equals(scheme2) || scheme2.equals(scheme)) && ("*".equals(host2) || host2.equals(host)) && (build2.getPath() != null ? build2.getPath() : "").equals(path);
    }
}
