package org.gluu.oxtrust.auth.oauth;

import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import org.gluu.oxauth.model.common.IntrospectionResponse;
import org.gluu.oxtrust.auth.IProtectionService;
import org.gluu.oxtrust.service.filter.ProtectedApi;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxtrust/auth/oauth/DefaultOAuthProtectionService.class */
public class DefaultOAuthProtectionService extends BaseOAuthProtectionService {

    @Inject
    private Logger log;

    @Override // org.gluu.oxtrust.auth.oauth.BaseOAuthProtectionService
    public Response processIntrospectionResponse(IntrospectionResponse introspectionResponse, ResourceInfo resourceInfo) {
        Response response = null;
        List<String> requestedScopes = getRequestedScopes(resourceInfo);
        this.log.info("Call requires scopes: {}", requestedScopes);
        List list = (List) Optional.ofNullable(introspectionResponse).map((v0) -> {
            return v0.getScope();
        }).orElse(null);
        if (list == null || !introspectionResponse.isActive() || !list.containsAll(requestedScopes)) {
            this.log.error("{}. Token scopes: {}", "Invalid token or insufficient scopes", list);
            response = IProtectionService.simpleResponse(Response.Status.FORBIDDEN, "Invalid token or insufficient scopes");
        }
        return response;
    }

    private List<String> getRequestedScopes(ResourceInfo resourceInfo) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(getScopesFromAnnotation(resourceInfo.getResourceClass()));
        arrayList.addAll(getScopesFromAnnotation(resourceInfo.getResourceMethod()));
        return arrayList;
    }

    private List<String> getScopesFromAnnotation(AnnotatedElement annotatedElement) {
        return (List) optAnnnotation(annotatedElement, ProtectedApi.class).map((v0) -> {
            return v0.oauthScopes();
        }).map((v0) -> {
            return Arrays.asList(v0);
        }).orElse(Collections.emptyList());
    }

    private static <T extends Annotation> Optional<T> optAnnnotation(AnnotatedElement annotatedElement, Class<T> cls) {
        return Optional.ofNullable(annotatedElement.getAnnotation(cls));
    }
}
