package leap.oauth2.rs.token;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.http.ContentTypes;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpRequest;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.lang.json.JsonValue;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.OAuth2InternalServerException;
import leap.oauth2.OAuth2Params;
import leap.oauth2.rs.OAuth2ResServerConfig;

/* loaded from: input_file:leap/oauth2/rs/token/RemoteBearerResAccessTokenStore.class */
public class RemoteBearerResAccessTokenStore implements ResBearerAccessTokenStore {
    private static final Log log = LogFactory.get(RemoteBearerResAccessTokenStore.class);

    @Inject
    protected OAuth2ResServerConfig config;

    @Inject
    protected HttpClient httpClient;

    public void setHttpClient(HttpClient httpClient) {
        this.httpClient = httpClient;
    }

    @Override // leap.oauth2.rs.token.ResAccessTokenStore
    public Result<ResAccessTokenDetails> loadAccessTokenDetails(ResAccessToken resAccessToken) {
        if (null == this.config.getRemoteTokenInfoEndpointUrl()) {
            throw new IllegalStateException("The tokenInfoEndpointUrl must not be configured when use remote authz server");
        }
        HttpRequest addQueryParam = this.httpClient.request(this.config.getRemoteTokenInfoEndpointUrl()).addQueryParam(OAuth2Params.ACCESS_TOKEN, resAccessToken.getToken());
        if (null != this.config.getResourceServerId()) {
            addQueryParam.addHeader("Authorization", "Basic " + Base64.encode(this.config.getResourceServerId() + ":" + this.config.getResourceServerSecret()));
        }
        HttpResponse httpResponse = addQueryParam.get();
        if (!ContentTypes.APPLICATION_JSON_TYPE.isCompatible(httpResponse.getContentType())) {
            throw new OAuth2InternalServerException("Invalid response from auth server");
        }
        String string = httpResponse.getString();
        log.debug("Received response : {}", new Object[]{string});
        try {
            JsonValue parse = JSON.parse(string);
            if (!parse.isMap()) {
                throw new OAuth2InternalServerException("Invalid response from auth server : not a json map");
            }
            Map<String, Object> asMap = parse.asMap();
            String str = (String) asMap.get(OAuth2Params.ERROR);
            if (Strings.isEmpty(str)) {
                return Result.of(createAccessTokenDetails(asMap));
            }
            log.info("{} : {}", new Object[]{str, asMap.get(OAuth2Params.ERROR_DESCRIPTION)});
            return Result.empty();
        } catch (Exception e) {
            log.error(e);
            return Result.empty();
        }
    }

    @Override // leap.oauth2.rs.token.ResAccessTokenStore
    public void removeAccessToken(ResAccessToken resAccessToken) {
    }

    protected ResAccessTokenDetails createAccessTokenDetails(Map<String, Object> map) {
        SimpleResAccessTokenDetails simpleResAccessTokenDetails = new SimpleResAccessTokenDetails();
        simpleResAccessTokenDetails.setClientId((String) map.remove(OAuth2Params.CLIENT_ID));
        simpleResAccessTokenDetails.setUserId((String) map.remove("user_id"));
        simpleResAccessTokenDetails.setCreated(System.currentTimeMillis());
        simpleResAccessTokenDetails.setExpiresIn(((Integer) map.remove("expires_in")).intValue() * 1000);
        simpleResAccessTokenDetails.setScope((String) map.remove(OAuth2Params.SCOPE));
        return simpleResAccessTokenDetails;
    }
}
