package pl.edu.icm.unity.oauth.as.token.introspection;

import com.google.common.base.Joiner;
import com.nimbusds.jwt.util.DateUtils;
import java.util.Optional;
import javax.ws.rs.core.Response;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.oauth.as.OAuthToken;
import pl.edu.icm.unity.oauth.as.token.BaseOAuthResource;
import pl.edu.icm.unity.oauth.as.token.BaseTokenResource;
import pl.edu.icm.unity.oauth.as.token.TokenInfoResource;
import pl.edu.icm.unity.oauth.as.token.access.OAuthAccessTokenRepository;
import pl.edu.icm.unity.oauth.as.token.access.OAuthRefreshTokenRepository;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/introspection/LocalTokenIntrospectionService.class */
class LocalTokenIntrospectionService {
    private static final Logger log = Log.getLogger("unity.server.oauth", LocalTokenIntrospectionService.class);
    private final OAuthAccessTokenRepository accessTokenRespository;
    private final OAuthRefreshTokenRepository refreshTokenRepository;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/introspection/LocalTokenIntrospectionService$LocalTokenIntrospectionServiceFactory.class */
    public static class LocalTokenIntrospectionServiceFactory {
        private final OAuthAccessTokenRepository accessTokenRespository;
        private final OAuthRefreshTokenRepository refreshTokenRepository;

        @Autowired
        public LocalTokenIntrospectionServiceFactory(OAuthAccessTokenRepository oAuthAccessTokenRepository, OAuthRefreshTokenRepository oAuthRefreshTokenRepository) {
            this.accessTokenRespository = oAuthAccessTokenRepository;
            this.refreshTokenRepository = oAuthRefreshTokenRepository;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public LocalTokenIntrospectionService getService() {
            return new LocalTokenIntrospectionService(this.accessTokenRespository, this.refreshTokenRepository);
        }
    }

    LocalTokenIntrospectionService(OAuthAccessTokenRepository oAuthAccessTokenRepository, OAuthRefreshTokenRepository oAuthRefreshTokenRepository) {
        this.accessTokenRespository = oAuthAccessTokenRepository;
        this.refreshTokenRepository = oAuthRefreshTokenRepository;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Response processLocalIntrospection(String str) {
        log.debug("Localy token introspection, token {}", BaseOAuthResource.tokenToLog(str));
        return (Response) loadToken(str).map(tokensPair -> {
            return getOKResponse(getBearerStyleTokenInfo(tokensPair));
        }).orElse(getTokenNotPresentResponse(str));
    }

    private Response getTokenNotPresentResponse(String str) {
        log.debug("Token {} is not present, returning inactive response", BaseOAuthResource.tokenToLog(str));
        return getOKResponse(TokenIntrospectionResource.getInactiveResponse());
    }

    private Optional<BaseTokenResource.TokensPair> loadToken(String str) {
        try {
            Token readAccessToken = this.accessTokenRespository.readAccessToken(str);
            return Optional.of(new BaseTokenResource.TokensPair(readAccessToken, BaseOAuthResource.parseInternalToken(readAccessToken)));
        } catch (IllegalArgumentException e) {
            log.trace("Can not find access token", e);
            try {
                Token readRefreshToken = this.refreshTokenRepository.readRefreshToken(str);
                return Optional.of(new BaseTokenResource.TokensPair(readRefreshToken, BaseOAuthResource.parseInternalToken(readRefreshToken)));
            } catch (IllegalArgumentException e2) {
                log.trace("Can not find refresh token", e);
                return Optional.empty();
            }
        }
    }

    private JSONObject getBearerStyleTokenInfo(BaseTokenResource.TokensPair tokensPair) {
        OAuthToken oAuthToken = tokensPair.parsedToken;
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("active", true);
        jSONObject.put(TokenInfoResource.SCOPE, Joiner.on(' ').join(oAuthToken.getEffectiveScope()));
        jSONObject.put("client_id", oAuthToken.getClientUsername());
        jSONObject.put("token_type", "bearer");
        jSONObject.put(TokenInfoResource.EXPIRATION, Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getExpires())));
        jSONObject.put("iat", Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getCreated())));
        jSONObject.put("nbf", Long.valueOf(DateUtils.toSecondsSinceEpoch(tokensPair.tokenSrc.getCreated())));
        jSONObject.put(TokenInfoResource.SUBJECT, oAuthToken.getSubject());
        jSONObject.put(TokenInfoResource.AUDIENCE, getTokenAudience(oAuthToken));
        jSONObject.put("iss", oAuthToken.getIssuerUri());
        log.debug("Returning token information: {}", jSONObject.toJSONString());
        return jSONObject;
    }

    private Object getTokenAudience(OAuthToken oAuthToken) {
        return (oAuthToken.getAudience() == null || oAuthToken.getAudience().size() != 1) ? oAuthToken.getAudience() : oAuthToken.getAudience().get(0);
    }

    private Response getOKResponse(JSONObject jSONObject) {
        return BaseOAuthResource.toResponse(Response.ok(jSONObject.toJSONString()));
    }
}
