package org.gluu.oxauth.uma.ws.rs;

import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.gluu.oxauth.model.error.ErrorResponseFactory;
import org.gluu.oxauth.model.uma.RptIntrospectionResponse;
import org.gluu.oxauth.model.uma.UmaErrorResponseType;
import org.gluu.oxauth.model.uma.UmaPermission;
import org.gluu.oxauth.service.ClientService;
import org.gluu.oxauth.service.external.ExternalUmaRptClaimsService;
import org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext;
import org.gluu.oxauth.uma.authorization.UmaPCT;
import org.gluu.oxauth.uma.authorization.UmaRPT;
import org.gluu.oxauth.uma.service.UmaPctService;
import org.gluu.oxauth.uma.service.UmaRptService;
import org.gluu.oxauth.uma.service.UmaScopeService;
import org.gluu.oxauth.uma.service.UmaValidationService;
import org.gluu.oxauth.util.ServerUtil;
import org.gluu.util.StringHelper;
import org.json.JSONObject;
import org.slf4j.Logger;

@Path("/rpt/status")
/* loaded from: input_file:org/gluu/oxauth/uma/ws/rs/UmaRptIntrospectionWS.class */
public class UmaRptIntrospectionWS {

    @Inject
    private Logger log;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private UmaRptService rptService;

    @Inject
    private UmaValidationService umaValidationService;

    @Inject
    private UmaScopeService umaScopeService;

    @Inject
    private UmaPctService pctService;

    @Inject
    private ExternalUmaRptClaimsService externalUmaRptClaimsService;

    @Inject
    private ClientService clientService;

    @GET
    @Produces({"application/json"})
    public Response introspectGet(@HeaderParam("Authorization") String str, @QueryParam("token") String str2, @QueryParam("token_type_hint") String str3, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        return introspect(str, str2, str3, httpServletRequest, httpServletResponse);
    }

    @POST
    @Produces({"application/json"})
    public Response introspectPost(@HeaderParam("Authorization") String str, @FormParam("token") String str2, @FormParam("token_type_hint") String str3, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        return introspect(str, str2, str3, httpServletRequest, httpServletResponse);
    }

    private Response introspect(String str, String str2, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            this.umaValidationService.assertHasProtectionScope(str);
            UmaRPT rPTByCode = this.rptService.getRPTByCode(str2);
            if (!isValid(rPTByCode)) {
                return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
            }
            List<UmaPermission> buildStatusResponsePermissions = buildStatusResponsePermissions(rPTByCode);
            RptIntrospectionResponse rptIntrospectionResponse = new RptIntrospectionResponse();
            rptIntrospectionResponse.setActive(true);
            rptIntrospectionResponse.setExpiresAt(ServerUtil.dateToSeconds(rPTByCode.getExpirationDate()));
            rptIntrospectionResponse.setIssuedAt(ServerUtil.dateToSeconds(rPTByCode.getCreationDate()));
            rptIntrospectionResponse.setPermissions(buildStatusResponsePermissions);
            rptIntrospectionResponse.setClientId(rPTByCode.getClientId());
            rptIntrospectionResponse.setAud(rPTByCode.getClientId());
            rptIntrospectionResponse.setSub(rPTByCode.getUserId());
            List<org.gluu.oxauth.model.uma.persistence.UmaPermission> rptPermissions = this.rptService.getRptPermissions(rPTByCode);
            if (!rptPermissions.isEmpty()) {
                org.gluu.oxauth.model.uma.persistence.UmaPermission next = rptPermissions.iterator().next();
                String str4 = (String) next.getAttributes().get("pct");
                if (StringHelper.isNotEmpty(str4)) {
                    UmaPCT byCode = this.pctService.getByCode(str4);
                    if (byCode != null) {
                        rptIntrospectionResponse.setPctClaims(byCode.getClaims().toMap());
                    } else {
                        this.log.error("Failed to find PCT with code: " + str4 + " which is taken from permission object: " + next.getDn());
                    }
                } else {
                    this.log.trace("PCT code is blank for RPT: " + rPTByCode.getCode());
                }
            }
            JSONObject jSONObject = new JSONObject(ServerUtil.asJson(rptIntrospectionResponse));
            if (this.externalUmaRptClaimsService.externalModify(jSONObject, new ExternalUmaRptClaimsContext(this.clientService.getClient(rPTByCode.getClientId()), httpServletRequest, httpServletResponse))) {
                this.log.trace("Successfully run external RPT Claims script associated with {}", rPTByCode.getClientId());
            } else {
                jSONObject = new JSONObject(ServerUtil.asJson(rptIntrospectionResponse));
                this.log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
            }
            return Response.status(Response.Status.OK).entity(jSONObject.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
        } catch (Exception e) {
            this.log.error("Exception happened", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
        }
    }

    private boolean isValid(UmaRPT umaRPT) {
        if (umaRPT == null) {
            return false;
        }
        umaRPT.checkExpired();
        return umaRPT.isValid();
    }

    private boolean isValid(org.gluu.oxauth.model.uma.persistence.UmaPermission umaPermission) {
        if (umaPermission == null) {
            return false;
        }
        umaPermission.checkExpired();
        return umaPermission.isValid();
    }

    private List<UmaPermission> buildStatusResponsePermissions(UmaRPT umaRPT) {
        List<org.gluu.oxauth.model.uma.persistence.UmaPermission> rptPermissions;
        ArrayList arrayList = new ArrayList();
        if (umaRPT != null && (rptPermissions = this.rptService.getRptPermissions(umaRPT)) != null && !rptPermissions.isEmpty()) {
            for (org.gluu.oxauth.model.uma.persistence.UmaPermission umaPermission : rptPermissions) {
                if (isValid(umaPermission)) {
                    UmaPermission convert = ServerUtil.convert(umaPermission, this.umaScopeService);
                    if (convert != null) {
                        arrayList.add(convert);
                    }
                } else {
                    this.log.debug("Ignore permission, skip it in response because permission is not valid. Permission dn: {}, rpt dn: {}", umaPermission.getDn(), umaRPT.getDn());
                }
            }
        }
        return arrayList;
    }

    @GET
    @Produces({"application/json"})
    @Consumes({"application/json"})
    public Response requestRptStatusGet(@HeaderParam("Authorization") String str, @FormParam("token") String str2, @FormParam("token_type_hint") String str3) {
        throw new WebApplicationException(Response.status(405).type(MediaType.APPLICATION_JSON_TYPE).entity("Introspection of RPT is not allowed by GET HTTP method.").build());
    }
}
