package io.jans.configapi.auth;

import io.jans.as.model.common.IntrospectionResponse;
import io.jans.configapi.auth.service.OpenIdService;
import java.io.Serializable;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
@Named("openIdAuthorizationService")
/* loaded from: input_file:io/jans/configapi/auth/OpenIdAuthorizationService.class */
public class OpenIdAuthorizationService extends AuthorizationService implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    Logger log;

    @Inject
    OpenIdService openIdService;

    @Override // io.jans.configapi.auth.AuthorizationService
    public void processAuthorization(String str, ResourceInfo resourceInfo, String str2, String str3) throws Exception {
        if (StringUtils.isBlank(str)) {
            this.log.error("Token is blank !!!");
            throw new WebApplicationException("Token is blank.", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        List<String> requestedScopes = getRequestedScopes(resourceInfo);
        IntrospectionResponse introspectionResponse = this.openIdService.getIntrospectionResponse(str, str.substring("Bearer".length()).trim());
        System.out.println("\n\n OpenIdAuthorizationService::processAuthorization() - introspectionResponse = " + introspectionResponse + "\n\n");
        if (introspectionResponse == null || !introspectionResponse.isActive()) {
            this.log.error("Token is Invalid.");
            throw new WebApplicationException("Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        System.out.println("\n\n OpenIdAuthorizationService::processAuthorization() - introspectionResponse.getScope() = " + introspectionResponse.getScope() + "\n\n");
        if (validateScope(introspectionResponse.getScope(), requestedScopes)) {
            return;
        }
        this.log.error("Insufficient scopes. Required scope: " + requestedScopes + ", token scopes: " + introspectionResponse.getScope());
        throw new WebApplicationException("Insufficient scopes. Required scope", Response.status(Response.Status.UNAUTHORIZED).build());
    }
}
