package com.authlete.jakarta;

import com.authlete.common.api.AuthleteApi;
import com.authlete.common.assurance.VerifiedClaims;
import com.authlete.common.assurance.constraint.VerifiedClaimsConstraint;
import com.authlete.common.assurance.constraint.VerifiedClaimsContainerConstraint;
import com.authlete.common.dto.StringArray;
import com.authlete.common.dto.UserInfoResponse;
import com.authlete.jakarta.spi.UserInfoRequestHandlerSpi;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.io.Serializable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/authlete/jakarta/UserInfoRequestHandler.class */
public class UserInfoRequestHandler extends BaseHandler {
    private static final String CHALLENGE_ON_MISSING_ACCESS_TOKEN = "Bearer error=\"invalid_token\",error_description=\"An access token must be sent as a Bearer Token. See OpenID Connect Core 1.0, 5.3.1. UserInfo Request for details.\"";
    private final UserInfoRequestHandlerSpi mSpi;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.authlete.jakarta.UserInfoRequestHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/authlete/jakarta/UserInfoRequestHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action = new int[UserInfoResponse.Action.values().length];

        static {
            try {
                $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[UserInfoResponse.Action.INTERNAL_SERVER_ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[UserInfoResponse.Action.BAD_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[UserInfoResponse.Action.UNAUTHORIZED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[UserInfoResponse.Action.FORBIDDEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[UserInfoResponse.Action.OK.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:com/authlete/jakarta/UserInfoRequestHandler$Params.class */
    public static class Params implements Serializable {
        private static final long serialVersionUID = 2;
        private String accessToken;
        private String clientCertificate;
        private String dpop;
        private String htm;
        private String htu;
        private boolean oldIdaFormatUsed;

        public String getAccessToken() {
            return this.accessToken;
        }

        public Params setAccessToken(String str) {
            this.accessToken = str;
            return this;
        }

        public String getClientCertificate() {
            return this.clientCertificate;
        }

        public Params setClientCertificate(String str) {
            this.clientCertificate = str;
            return this;
        }

        public String getDpop() {
            return this.dpop;
        }

        public Params setDpop(String str) {
            this.dpop = str;
            return this;
        }

        public String getHtm() {
            return this.htm;
        }

        public Params setHtm(String str) {
            this.htm = str;
            return this;
        }

        public String getHtu() {
            return this.htu;
        }

        public Params setHtu(String str) {
            this.htu = str;
            return this;
        }

        public boolean isOldIdaFormatUsed() {
            return this.oldIdaFormatUsed;
        }

        public Params setOldIdaFormatUsed(boolean z) {
            this.oldIdaFormatUsed = z;
            return this;
        }
    }

    public UserInfoRequestHandler(AuthleteApi authleteApi, UserInfoRequestHandlerSpi userInfoRequestHandlerSpi) {
        super(authleteApi);
        this.mSpi = userInfoRequestHandlerSpi;
    }

    public Response handle(String str) throws WebApplicationException {
        return handle(new Params().setAccessToken(str));
    }

    public Response handle(Params params) throws WebApplicationException {
        if (params == null || params.getAccessToken() == null) {
            return ResponseUtil.bearerError(Response.Status.BAD_REQUEST, CHALLENGE_ON_MISSING_ACCESS_TOKEN);
        }
        try {
            return process(params);
        } catch (WebApplicationException e) {
            throw e;
        } catch (Throwable th) {
            throw unexpected("Unexpected error in UserInfoRequestHandler", th);
        }
    }

    private Response process(Params params) {
        UserInfoResponse callUserInfo = getApiCaller().callUserInfo(params.getAccessToken(), params.getClientCertificate(), params.getDpop(), params.getHtm(), params.getHtu());
        UserInfoResponse.Action action = callUserInfo.getAction();
        String responseContent = callUserInfo.getResponseContent();
        Map<String, Object> prepareHeaders = prepareHeaders(callUserInfo);
        switch (AnonymousClass1.$SwitchMap$com$authlete$common$dto$UserInfoResponse$Action[action.ordinal()]) {
            case 1:
                return ResponseUtil.bearerError(Response.Status.INTERNAL_SERVER_ERROR, responseContent, prepareHeaders);
            case 2:
                return ResponseUtil.bearerError(Response.Status.BAD_REQUEST, responseContent, prepareHeaders);
            case 3:
                return ResponseUtil.bearerError(Response.Status.UNAUTHORIZED, responseContent, prepareHeaders);
            case 4:
                return ResponseUtil.bearerError(Response.Status.FORBIDDEN, responseContent, prepareHeaders);
            case 5:
                return getUserInfo(params, callUserInfo, prepareHeaders);
            default:
                throw getApiCaller().unknownAction("/api/auth/userinfo", action);
        }
    }

    private static Map<String, Object> prepareHeaders(UserInfoResponse userInfoResponse) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String dpopNonce = userInfoResponse.getDpopNonce();
        if (dpopNonce != null) {
            linkedHashMap.put("DPoP-Nonce", dpopNonce);
        }
        return linkedHashMap;
    }

    private Response getUserInfo(Params params, UserInfoResponse userInfoResponse, Map<String, Object> map) {
        Map<String, Object> collectVerifiedClaims;
        String subject = userInfoResponse.getSubject();
        Map<String, Object> collectClaims = collectClaims(subject, userInfoResponse.getClaims());
        Map<String, Object> collectClaims2 = collectClaims(subject, userInfoResponse.getRequestedClaimsForTx());
        List<Map<String, Object>> list = null;
        if (params.isOldIdaFormatUsed()) {
            collectVerifiedClaims = collectVerifiedClaims_Old(collectClaims, subject, userInfoResponse.getUserInfoClaims());
        } else {
            collectVerifiedClaims = collectVerifiedClaims(collectClaims, subject, userInfoResponse.getUserInfoClaims());
            list = collectVerifiedClaimsForTx(subject, userInfoResponse.getUserInfoClaims(), userInfoResponse.getRequestedVerifiedClaimsForTx());
        }
        try {
            return getApiCaller().userInfoIssue(userInfoResponse.getToken(), collectVerifiedClaims, collectClaims2, list, map);
        } catch (WebApplicationException e) {
            return e.getResponse();
        }
    }

    private Map<String, Object> collectClaims(String str, String[] strArr) {
        Object userClaim;
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        this.mSpi.prepareUserClaims(str, strArr);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str2 : strArr) {
            if (str2 != null && str2.length() != 0) {
                String[] split = str2.split("#", 2);
                String str3 = split[0];
                String str4 = split.length == 2 ? split[1] : null;
                if (str3 != null && str3.length() != 0 && (userClaim = this.mSpi.getUserClaim(str3, str4)) != null) {
                    if (str4 == null) {
                        str2 = str3;
                    }
                    linkedHashMap.put(str2, userClaim);
                }
            }
        }
        if (linkedHashMap.size() == 0) {
            return null;
        }
        return linkedHashMap;
    }

    private Map<String, Object> collectVerifiedClaims_Old(Map<String, Object> map, String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return map;
        }
        VerifiedClaimsConstraint verifiedClaims = VerifiedClaimsContainerConstraint.fromJson(str2).getVerifiedClaims();
        return (!verifiedClaims.exists() || verifiedClaims.isNull()) ? map : embedVerifiedClaims(map, this.mSpi.getVerifiedClaims(str, verifiedClaims));
    }

    private static Map<String, Object> embedVerifiedClaims(Map<String, Object> map, List<VerifiedClaims> list) {
        if (list == null || list.size() == 0) {
            return map;
        }
        if (map == null) {
            map = new LinkedHashMap();
        }
        if (list.size() == 1) {
            map.put("verified_claims", list.get(0));
        } else {
            map.put("verified_claims", list);
        }
        return map;
    }

    private Map<String, Object> collectVerifiedClaims(Map<String, Object> map, String str, String str2) {
        return createVerifiedClaimsCollector().collect(map, str, str2);
    }

    private List<Map<String, Object>> collectVerifiedClaimsForTx(String str, String str2, StringArray[] stringArrayArr) {
        return createVerifiedClaimsCollector().collectForTx(str, str2, stringArrayArr);
    }

    private VerifiedClaimsCollector createVerifiedClaimsCollector() {
        return new VerifiedClaimsCollector((str, obj) -> {
            return this.mSpi.getVerifiedClaims(str, obj);
        });
    }
}
