package org.keycloak.services.clientpolicy.executor;

import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.endpoints.request.AuthorizationEndpointRequest;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.context.AuthorizationRequestContext;
import org.keycloak.util.TokenUtil;

/* loaded from: input_file:org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutor.class */
public class SecureSessionEnforceExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfiguration> {
    private static final Logger logger = Logger.getLogger(SecureSessionEnforceExecutor.class);
    private final KeycloakSession session;

    /* renamed from: org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutor$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutor$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent = new int[ClientPolicyEvent.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[ClientPolicyEvent.AUTHORIZATION_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    public SecureSessionEnforceExecutor(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public String getProviderId() {
        return SecureSessionEnforceExecutorFactory.PROVIDER_ID;
    }

    public void executeOnEvent(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$services$clientpolicy$ClientPolicyEvent[clientPolicyContext.getEvent().ordinal()]) {
            case 1:
                AuthorizationRequestContext authorizationRequestContext = (AuthorizationRequestContext) clientPolicyContext;
                executeOnAuthorizationRequest(authorizationRequestContext.getparsedResponseType(), authorizationRequestContext.getAuthorizationEndpointRequest(), authorizationRequestContext.getRedirectUri());
                return;
            default:
                return;
        }
    }

    private void executeOnAuthorizationRequest(OIDCResponseType oIDCResponseType, AuthorizationEndpointRequest authorizationEndpointRequest, String str) throws ClientPolicyException {
        logger.trace("Authz Endpoint - authz request");
        if (TokenUtil.isOIDCRequest(authorizationEndpointRequest.getScope())) {
            if (authorizationEndpointRequest.getNonce() == null) {
                logger.trace("Missing parameter: nonce");
                throw new ClientPolicyException("invalid_request", "Missing parameter: nonce");
            }
        } else if (authorizationEndpointRequest.getState() == null) {
            logger.trace("Missing parameter: state");
            throw new ClientPolicyException("invalid_request", "Missing parameter: state");
        }
        logger.trace("Passed.");
    }
}
