package pl.edu.icm.unity.oauth.as.token;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.common.base.Joiner;
import com.nimbusds.jwt.util.DateUtils;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import java.util.Optional;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.oauth.as.OAuthProcessor;
import pl.edu.icm.unity.oauth.as.OAuthTokenRepository;
import pl.edu.icm.unity.oauth.as.token.BaseTokenResource;

@Produces({"application/json"})
@Path(OAuthTokenEndpoint.TOKEN_INTROSPECTION_PATH)
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/TokenIntrospectionResource.class */
public class TokenIntrospectionResource extends BaseOAuthResource {
    private static final Logger log = Log.getLogger("unity.server.oauth", TokenIntrospectionResource.class);
    private final TokensManagement tokensManagement;
    private final OAuthTokenRepository tokenDAO;

    public TokenIntrospectionResource(TokensManagement tokensManagement, OAuthTokenRepository oAuthTokenRepository) {
        this.tokensManagement = tokensManagement;
        this.tokenDAO = oAuthTokenRepository;
    }

    @POST
    @Path("/")
    public Response introspectToken(@FormParam("token") String str) throws EngineException, JsonProcessingException {
        if (str == null) {
            throw new OAuthErrorException(makeError(OAuth2Error.INVALID_REQUEST, "Token for introspection was not provided"));
        }
        log.debug("Token introspection enquiry for token {}", tokenToLog(str));
        Optional<BaseTokenResource.TokensPair> loadToken = loadToken(str);
        if (loadToken.isPresent()) {
            return getOKResponse(getBearerStyleTokenInfo(loadToken.get()));
        }
        log.debug("Token {} is not present, returning inactive response", tokenToLog(str));
        return getOKResponse(getInactiveResponse());
    }

    private Optional<BaseTokenResource.TokensPair> loadToken(String str) {
        try {
            Token readAccessToken = this.tokenDAO.readAccessToken(str);
            return Optional.of(new BaseTokenResource.TokensPair(readAccessToken, parseInternalToken(readAccessToken)));
        } catch (IllegalArgumentException e) {
            try {
                Token tokenById = this.tokensManagement.getTokenById(OAuthProcessor.INTERNAL_REFRESH_TOKEN, str);
                return Optional.of(new BaseTokenResource.TokensPair(tokenById, parseInternalToken(tokenById)));
            } catch (IllegalArgumentException e2) {
                return Optional.empty();
            }
        }
    }

    private JSONObject getInactiveResponse() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("active", false);
        return jSONObject;
    }

    private JSONObject getBearerStyleTokenInfo(BaseTokenResource.TokensPair tokensPair) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("active", true);
        jSONObject.put(TokenInfoResource.SCOPE, Joiner.on(' ').join(tokensPair.parsedToken.getEffectiveScope()));
        jSONObject.put("client_id", tokensPair.parsedToken.getClientUsername());
        jSONObject.put("token_type", "bearer");
        jSONObject.put(TokenInfoResource.EXPIRATION, Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getExpires())));
        jSONObject.put("iat", Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getCreated())));
        jSONObject.put("nbf", Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getCreated())));
        jSONObject.put(TokenInfoResource.SUBJECT, tokensPair.parsedToken.getSubject());
        jSONObject.put(TokenInfoResource.AUDIENCE, (tokensPair.parsedToken.getAudience() == null || tokensPair.parsedToken.getAudience().size() != 1) ? tokensPair.parsedToken.getAudience() : tokensPair.parsedToken.getAudience().get(0));
        jSONObject.put("iss", tokensPair.parsedToken.getIssuerUri());
        log.debug("Returning token information: {}", jSONObject.toJSONString());
        return jSONObject;
    }

    private Response getOKResponse(JSONObject jSONObject) {
        return toResponse(Response.ok(jSONObject.toJSONString()));
    }
}
