package com.nimbusds.common.oauth2;

import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.BearerTokenError;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/nimbusds/common/oauth2/MasterAccessTokenValidator.class */
public interface MasterAccessTokenValidator {
    public static final ErrorResponse MISSING_BEARER_TOKEN = new ErrorResponse(BearerTokenError.MISSING_TOKEN.getHTTPStatusCode(), BearerTokenError.MISSING_TOKEN.toWWWAuthenticateHeader(), "missing_token", "Unauthorized: Missing Bearer access token");
    public static final ErrorResponse INVALID_BEARER_TOKEN = new ErrorResponse(BearerTokenError.INVALID_TOKEN.getHTTPStatusCode(), BearerTokenError.INVALID_TOKEN.toWWWAuthenticateHeader(), BearerTokenError.INVALID_TOKEN.getCode(), "Unauthorized: Invalid Bearer access token");
    public static final ErrorResponse WEB_API_DISABLED = new ErrorResponse(403, null, "web_api_disabled", "Forbidden: Web API disabled");

    /* loaded from: input_file:com/nimbusds/common/oauth2/MasterAccessTokenValidator$ErrorResponse.class */
    public static class ErrorResponse {
        private final int statusCode;
        private final String wwwAuthHeader;
        private final String body;

        public ErrorResponse(int i, String str, String str2, String str3) {
            this.statusCode = i;
            this.wwwAuthHeader = str;
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("error", str2);
            jSONObject.put("error_description", str3);
            this.body = jSONObject.toJSONString();
        }

        public WebApplicationException toWebAppException() {
            Response.ResponseBuilder status = Response.status(this.statusCode);
            if (this.wwwAuthHeader != null) {
                status.header("WWW-Authenticate", this.wwwAuthHeader);
            }
            return new WebApplicationException(status.entity(this.body).type("application/json").build());
        }

        public void apply(HttpServletResponse httpServletResponse) throws IOException {
            httpServletResponse.setStatus(this.statusCode);
            if (this.wwwAuthHeader != null) {
                httpServletResponse.setHeader("WWW-Authenticate", this.wwwAuthHeader);
            }
            if (this.body != null) {
                httpServletResponse.setContentType("application/json");
                httpServletResponse.getWriter().print(this.body);
            }
        }
    }

    static byte[] computeSHA256(BearerAccessToken bearerAccessToken, byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            return messageDigest.digest(bearerAccessToken.getValue().getBytes(StandardCharsets.UTF_8));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    boolean accessIsDisabled();

    Logger getLogger();

    void setLogger(Logger logger);

    boolean isValid(BearerAccessToken bearerAccessToken);

    void validateBearerAccessToken(String str) throws WebApplicationException;

    boolean validateBearerAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException;
}
