package io.gravitee.am.management.handlers.management.api.authentication.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.gravitee.am.management.handlers.management.api.model.ErrorEntity;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/authentication/filter/CheckRedirectUriFilter.class */
public class CheckRedirectUriFilter extends GenericFilterBean {
    private String path;
    private String paramName;
    private List<String> allowedUrls;

    @Autowired
    private ObjectMapper objectMapper;

    public CheckRedirectUriFilter() {
    }

    public CheckRedirectUriFilter(String str) {
        this.path = str;
    }

    public void setPath(String str) {
        this.path = str;
    }

    public void setParamName(String str) {
        this.paramName = str;
    }

    public void setAllowedUrls(List<String> list) {
        this.allowedUrls = list;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getPathInfo() == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!httpServletRequest.getPathInfo().endsWith(this.path)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter(this.paramName);
        if (parameter == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.allowedUrls == null || this.allowedUrls.isEmpty()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.allowedUrls.size() == 1 && this.allowedUrls.contains("*")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.allowedUrls.stream().anyMatch(str -> {
            return str.equals(parameter);
        })) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType(MediaType.APPLICATION_JSON.toString());
        httpServletResponse.getWriter().write(this.objectMapper.writeValueAsString(new ErrorEntity("The redirect_uri or target_url MUST match the registered callback URL for this application", 403)));
        httpServletResponse.getWriter().close();
    }
}
