package org.iplass.mtp.impl.auth.oauth.command;

import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.iplass.mtp.auth.login.Credential;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.webapi.WebApi;
import org.iplass.mtp.impl.auth.authenticate.builtin.web.BasicAuthUtil;
import org.iplass.mtp.impl.auth.authenticate.builtin.web.WWWAuthenticateException;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthAuthorization;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthResourceServer;
import org.iplass.mtp.impl.auth.oauth.OAuthAuthorizationService;
import org.iplass.mtp.impl.auth.oauth.OAuthClientService;
import org.iplass.mtp.impl.auth.oauth.OAuthConstants;
import org.iplass.mtp.impl.auth.oauth.OAuthResourceServerService;
import org.iplass.mtp.impl.auth.oauth.token.AccessToken;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.webapi.WebApiRequestConstants;
import org.iplass.mtp.webapi.definition.MethodType;
import org.iplass.mtp.webapi.definition.RequestType;
import org.iplass.mtp.webapi.definition.StateType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebApi(name = "oauth/introspect", accepts = {RequestType.REST_FORM}, methods = {MethodType.POST}, checkXRequestedWithHeader = false, privilaged = true, state = StateType.STATELESS, responseType = "application/json")
@CommandClass(name = "mtp/oauth/IntrospectCommand", displayName = "OAuth2.0 Introspection Endpoint")
/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/command/IntrospectCommand.class */
public class IntrospectCommand implements Command {
    static final String PARAM_TOKEN = "token";
    static final String PARAM_TOKEN_TYPE_HINT = "token_type_hint";
    static final String STAT_SUCCESS = "SUCCESS";
    private static Logger logger = LoggerFactory.getLogger(IntrospectCommand.class);
    private OAuthAuthorizationService authService = (OAuthAuthorizationService) ServiceRegistry.getRegistry().getService(OAuthAuthorizationService.class);
    private OAuthClientService clientService = (OAuthClientService) ServiceRegistry.getRegistry().getService(OAuthClientService.class);
    private OAuthResourceServerService rsService = (OAuthResourceServerService) ServiceRegistry.getRegistry().getService(OAuthResourceServerService.class);

    public String execute(RequestContext requestContext) {
        requestContext.setAttribute(WebApiRequestConstants.DEFAULT_RESULT, Response.ok().type(MediaType.APPLICATION_JSON_TYPE.withCharset("UTF-8")).entity(introspect(requestContext, requestContext.getParam(PARAM_TOKEN), validateResourceServer(requestContext))));
        return "SUCCESS";
    }

    private Object introspect(RequestContext requestContext, String str, MetaOAuthResourceServer.OAuthResourceServerRuntime oAuthResourceServerRuntime) {
        MetaOAuthClient.OAuthClientRuntime runtimeByName;
        MetaOAuthAuthorization.OAuthAuthorizationRuntime authorizationServer;
        Map<String, Object> responseMap;
        try {
            AccessToken accessToken = this.authService.getAccessTokenStore().getAccessToken(str);
            if (accessToken != null && accessToken.getExpiresIn() > 0 && (runtimeByName = this.clientService.getRuntimeByName(accessToken.getClientId())) != null && (authorizationServer = runtimeByName.getAuthorizationServer()) != null && (responseMap = oAuthResourceServerRuntime.toResponseMap(requestContext, accessToken, authorizationServer)) != null) {
                return responseMap;
            }
            return inactiveResponseEntity();
        } catch (RuntimeException e) {
            if (logger.isDebugEnabled()) {
                logger.error(e.toString(), e);
            } else {
                logger.error(e.toString());
            }
            return inactiveResponseEntity();
        }
    }

    private MetaOAuthResourceServer.OAuthResourceServerRuntime validateResourceServer(RequestContext requestContext) {
        Credential clientCredential = CommandUtil.clientCredential(requestContext);
        if (clientCredential == null) {
            throw new WebApplicationException(CommandUtil.buildErrorResponse(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
        }
        MetaOAuthResourceServer.OAuthResourceServerRuntime runtimeByName = this.rsService.getRuntimeByName(clientCredential.getId());
        if (runtimeByName != null && runtimeByName.validateCredential(clientCredential)) {
            return runtimeByName;
        }
        if (clientCredential.getAuthenticationFactor(BasicAuthUtil.AUTH_SCHEME_BASIC) != null) {
            throw new WWWAuthenticateException(BasicAuthUtil.AUTH_SCHEME_BASIC, null, CommandUtil.errorMsg(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
        }
        throw new WebApplicationException(CommandUtil.buildErrorResponse(OAuthConstants.ERROR_INVALID_CLIENT, null, null));
    }

    private Object inactiveResponseEntity() {
        HashMap hashMap = new HashMap();
        hashMap.put("active", false);
        return hashMap;
    }
}
