package org.apereo.cas.support.oauth.web;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.support.oauth.ticket.accesstoken.AccessToken;
import org.apereo.cas.support.oauth.util.OAuthUtils;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller("profileController")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/OAuth20ProfileController.class */
public class OAuth20ProfileController extends BaseOAuthWrapperController {
    private static final String ID = "id";
    private static final String ATTRIBUTES = "attributes";

    @RequestMapping(path = {"/oauth2.0/profile"}, produces = {"application/json"})
    protected ResponseEntity<String> handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        httpServletResponse.setContentType("application/json");
        String parameter = httpServletRequest.getParameter("access_token");
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isNotBlank(header) && header.toLowerCase().startsWith(String.valueOf("Bearer".toLowerCase()) + ' ')) {
                parameter = header.substring("Bearer".length() + 1);
            }
        }
        this.logger.debug("{}: {}", "access_token", parameter);
        if (StringUtils.isBlank(parameter)) {
            this.logger.error("Missing {}", "access_token");
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(1);
            linkedMultiValueMap.add("error", "missing_accessToken");
            return new ResponseEntity<>(OAuthUtils.jsonify(linkedMultiValueMap), HttpStatus.UNAUTHORIZED);
        }
        AccessToken ticket = this.ticketRegistry.getTicket(parameter, AccessToken.class);
        if (ticket != null && !ticket.isExpired()) {
            return new ResponseEntity<>(OAuthUtils.jsonify(writeOutProfileResponse(ticket.getAuthentication(), ticket.getAuthentication().getPrincipal())), HttpStatus.OK);
        }
        this.logger.error("Expired access token: {}", "access_token");
        LinkedMultiValueMap linkedMultiValueMap2 = new LinkedMultiValueMap(1);
        linkedMultiValueMap2.add("error", "expired_accessToken");
        return new ResponseEntity<>(OAuthUtils.jsonify(linkedMultiValueMap2), HttpStatus.UNAUTHORIZED);
    }

    protected Map<String, Object> writeOutProfileResponse(Authentication authentication, Principal principal) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(ID, principal.getId());
        hashMap.put(ATTRIBUTES, principal.getAttributes());
        return hashMap;
    }
}
