package pl.edu.icm.unity.oauth.as.token.introspection;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.OAuth2Error;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.text.ParseException;
import java.util.Optional;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.token.BaseOAuthResource;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;
import pl.edu.icm.unity.oauth.as.token.introspection.LocalTokenIntrospectionService;
import pl.edu.icm.unity.oauth.as.token.introspection.RemoteTokenIntrospectionService;

@Produces({"application/json"})
@Path(OAuthTokenEndpoint.TOKEN_INTROSPECTION_PATH)
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/introspection/TokenIntrospectionResource.class */
public class TokenIntrospectionResource extends BaseOAuthResource {
    private static final Logger log = Log.getLogger("unity.server.oauth", TokenIntrospectionResource.class);
    private final RemoteTokenIntrospectionService remoteTokenIntrospectionService;
    private final LocalTokenIntrospectionService localTokenIntrospectionService;
    private final String localIssuer;

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/introspection/TokenIntrospectionResource$TokenIntrospectionResourceFactory.class */
    public static class TokenIntrospectionResourceFactory {
        private final RemoteTokenIntrospectionService.RemoteIntrospectionServiceFactory remoteIntrospectionServiceFactory;
        private final LocalTokenIntrospectionService.LocalTokenIntrospectionServiceFactory localIntrospectionServiceFactory;

        @Autowired
        public TokenIntrospectionResourceFactory(LocalTokenIntrospectionService.LocalTokenIntrospectionServiceFactory localTokenIntrospectionServiceFactory, RemoteTokenIntrospectionService.RemoteIntrospectionServiceFactory remoteIntrospectionServiceFactory) {
            this.localIntrospectionServiceFactory = localTokenIntrospectionServiceFactory;
            this.remoteIntrospectionServiceFactory = remoteIntrospectionServiceFactory;
        }

        public TokenIntrospectionResource getTokenIntrospection(OAuthASProperties oAuthASProperties) {
            return new TokenIntrospectionResource(this.remoteIntrospectionServiceFactory.getService(TrustedUpstreamConfigurationParser.getConfig(oAuthASProperties)), this.localIntrospectionServiceFactory.getService(), oAuthASProperties.getValue(OAuthASProperties.ISSUER_URI));
        }
    }

    public TokenIntrospectionResource(RemoteTokenIntrospectionService remoteTokenIntrospectionService, LocalTokenIntrospectionService localTokenIntrospectionService, String str) {
        this.remoteTokenIntrospectionService = remoteTokenIntrospectionService;
        this.localTokenIntrospectionService = localTokenIntrospectionService;
        this.localIssuer = str;
    }

    @POST
    @Path("/")
    public Response introspectToken(@FormParam("token") String str) throws EngineException, JsonProcessingException {
        if (str == null) {
            return makeError(OAuth2Error.INVALID_REQUEST, "Token for introspection was not provided");
        }
        log.debug("Token introspection enquiry for token {}", tokenToLog(str));
        Optional<SignedJWTWithIssuer> tryParseAsSignedJWTToken = tryParseAsSignedJWTToken(str);
        return tryParseAsSignedJWTToken.isPresent() && !tryParseAsSignedJWTToken.get().issuer.equals(this.localIssuer) ? this.remoteTokenIntrospectionService.processRemoteIntrospection(tryParseAsSignedJWTToken.get()) : this.localTokenIntrospectionService.processLocalIntrospection(str);
    }

    private Optional<SignedJWTWithIssuer> tryParseAsSignedJWTToken(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            try {
                return Optional.of(new SignedJWTWithIssuer(parse));
            } catch (ParseException e) {
                log.trace("Unknown issuer of token {}", tokenToLog(parse.serialize()));
                return Optional.empty();
            }
        } catch (ParseException e2) {
            log.trace("Can not parse token {} as signed JWT token", tokenToLog(str));
            return Optional.empty();
        }
    }

    public static JSONObject getInactiveResponse() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("active", false);
        return jSONObject;
    }
}
