package org.gluu.oxd.server.op;

import com.google.inject.Injector;
import io.dropwizard.util.Strings;
import java.io.IOException;
import org.gluu.oxauth.client.UserInfoClient;
import org.gluu.oxauth.client.UserInfoRequest;
import org.gluu.oxauth.client.UserInfoResponse;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.jwt.JwtClaimName;
import org.gluu.oxd.common.Command;
import org.gluu.oxd.common.ErrorResponseCode;
import org.gluu.oxd.common.Jackson2;
import org.gluu.oxd.common.params.GetUserInfoParams;
import org.gluu.oxd.common.params.HasOxdIdParams;
import org.gluu.oxd.common.response.IOpResponse;
import org.gluu.oxd.common.response.POJOResponse;
import org.gluu.oxd.server.HttpException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxd/server/op/GetUserInfoOperation.class */
public class GetUserInfoOperation extends BaseOperation<GetUserInfoParams> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GetUserInfoOperation.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public GetUserInfoOperation(Command command, Injector injector) {
        super(command, injector, GetUserInfoParams.class);
    }

    @Override // org.gluu.oxd.server.op.IOperation
    public IOpResponse execute(GetUserInfoParams getUserInfoParams) throws IOException {
        getValidationService().validate((HasOxdIdParams) getUserInfoParams);
        UserInfoClient createUserInfoClient = getOpClientFactory().createUserInfoClient(getDiscoveryService().getConnectDiscoveryResponseByOxdId(getUserInfoParams.getOxdId()).getUserInfoEndpoint());
        createUserInfoClient.setExecutor(getHttpService().getClientExecutor());
        createUserInfoClient.setRequest(new UserInfoRequest(getUserInfoParams.getAccessToken()));
        UserInfoResponse exec = createUserInfoClient.exec();
        if (exec.getStatus() == 200) {
            validateSubjectIdentifier(getUserInfoParams.getIdToken(), exec);
        }
        return new POJOResponse(Jackson2.createJsonMapper().readTree(exec.getEntity()));
    }

    public void validateSubjectIdentifier(String str, UserInfoResponse userInfoResponse) {
        try {
            if (getConfigurationService().getConfiguration().getValidateUserInfoWithIdToken().booleanValue() && !Strings.isNullOrEmpty(str)) {
                LOG.trace("Validating subject Identifier (`sub`) of userInfo response.");
                String str2 = userInfoResponse.getClaims().get(JwtClaimName.SUBJECT_IDENTIFIER).get(0);
                Jwt parse = Jwt.parse(str);
                if (parse.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER).equals(str2)) {
                    return;
                }
                LOG.error("UserInfo `sub` value does not matches with `sub` value of ID_TOKEN.\n ID_TOKEN `sub`: {}  \n UserInfo `sub`: {} ", parse.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER), str2);
                throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_IDENTIFIER);
            }
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Error in matching `sub` value of UserInfo with `sub` value of ID_TOKEN.", (Throwable) e2);
            throw new HttpException(ErrorResponseCode.FAILED_TO_VERIFY_SUBJECT_IDENTIFIER);
        }
    }
}
