package pl.edu.icm.unity.oauth.rp.verificator;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import eu.unicore.util.httpclient.ServerHostnameCheckingMode;
import java.net.URL;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.oauth.as.token.TokenInfoResource;
import pl.edu.icm.unity.oauth.client.HttpRequestConfigurer;
import pl.edu.icm.unity.oauth.rp.OAuthRPProperties;

/* loaded from: input_file:pl/edu/icm/unity/oauth/rp/verificator/UnityTokenVerificator.class */
public class UnityTokenVerificator implements TokenVerificatorProtocol {
    private static final Logger log = Log.getLogger("unity.server.oauth", UnityTokenVerificator.class);
    private OAuthRPProperties config;

    public UnityTokenVerificator(OAuthRPProperties oAuthRPProperties) {
        this.config = oAuthRPProperties;
    }

    @Override // pl.edu.icm.unity.oauth.rp.verificator.TokenVerificatorProtocol
    public TokenStatus checkToken(BearerAccessToken bearerAccessToken) throws Exception {
        HTTPRequest hTTPRequest = new HTTPRequest(HTTPRequest.Method.GET, new URL(this.config.getValue(OAuthRPProperties.VERIFICATION_ENDPOINT)));
        new HttpRequestConfigurer().secureRequest(hTTPRequest, this.config.getValidator(), this.config.getEnumValue("httpClientHostnameChecking", ServerHostnameCheckingMode.class));
        hTTPRequest.setAuthorization(bearerAccessToken.toAuthorizationHeader());
        HTTPResponse send = hTTPRequest.send();
        if (send.getStatusCode() != 200) {
            if (log.isTraceEnabled()) {
                log.trace("Access token is invalid, HTTP status is: " + send.getStatusCode());
            }
            return new TokenStatus();
        }
        if (log.isTraceEnabled()) {
            log.trace("Received tokens's status:\n" + send.getContent());
        }
        if (send.getEntityContentType() == null || !ContentType.APPLICATION_JSON.matches(send.getEntityContentType())) {
            throw new AuthenticationException("Token status query was successful but it has non-JSON content type: " + send.getEntityContentType());
        }
        JSONObject contentAsJSONObject = send.getContentAsJSONObject();
        Date date = null;
        Scope scope = new Scope();
        String str = null;
        for (Map.Entry entry : contentAsJSONObject.entrySet()) {
            if (entry.getValue() != null) {
                if (TokenInfoResource.EXPIRATION.equals(entry.getKey())) {
                    date = new Date(Long.parseLong(entry.getValue().toString()) * 1000);
                } else if (TokenInfoResource.SCOPE.equals(entry.getKey())) {
                    Iterator it = ((List) entry.getValue()).iterator();
                    while (it.hasNext()) {
                        scope.add((String) it.next());
                    }
                } else if (TokenInfoResource.SUBJECT.equals(entry.getKey())) {
                    str = entry.getValue().toString();
                }
            }
        }
        if (date == null || !new Date().after(date)) {
            return new TokenStatus(true, date, scope, str);
        }
        log.trace("The token information states that the token expired at " + date);
        return new TokenStatus();
    }
}
