package org.xdi.oxauth.uma.ws.rs;

import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.xdi.oxauth.model.error.ErrorResponseFactory;
import org.xdi.oxauth.model.uma.RptIntrospectionResponse;
import org.xdi.oxauth.model.uma.UmaErrorResponseType;
import org.xdi.oxauth.model.uma.UmaPermission;
import org.xdi.oxauth.uma.authorization.UmaRPT;
import org.xdi.oxauth.uma.service.UmaRptService;
import org.xdi.oxauth.uma.service.UmaScopeService;
import org.xdi.oxauth.uma.service.UmaValidationService;
import org.xdi.oxauth.util.ServerUtil;

@Path("/rpt/status")
@Api(value = "/rpt/status", description = "The endpoint at which the host requests the status of an RPT presented to it by a requester. The endpoint is RPT introspection profile implementation defined by UMA specification")
/* loaded from: input_file:org/xdi/oxauth/uma/ws/rs/UmaRptIntrospectionWS.class */
public class UmaRptIntrospectionWS {

    @Inject
    private Logger log;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private UmaRptService rptService;

    @Inject
    private UmaValidationService umaValidationService;

    @Inject
    private UmaScopeService umaScopeService;

    @GET
    @Produces({"application/json"})
    public Response introspectGet(@HeaderParam("Authorization") String str, @QueryParam("token") String str2, @QueryParam("token_type_hint") String str3) {
        return introspect(str, str2, str3);
    }

    @POST
    @Produces({"application/json"})
    public Response introspectPost(@HeaderParam("Authorization") String str, @FormParam("token") String str2, @FormParam("token_type_hint") String str3) {
        return introspect(str, str2, str3);
    }

    private Response introspect(String str, String str2, String str3) {
        try {
            this.umaValidationService.assertHasProtectionScope(str);
            UmaRPT rPTByCode = this.rptService.getRPTByCode(str2);
            if (!isValid(rPTByCode)) {
                return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
            }
            List<UmaPermission> buildStatusResponsePermissions = buildStatusResponsePermissions(rPTByCode);
            RptIntrospectionResponse rptIntrospectionResponse = new RptIntrospectionResponse();
            rptIntrospectionResponse.setActive(true);
            rptIntrospectionResponse.setExpiresAt(rPTByCode.getExpirationDate());
            rptIntrospectionResponse.setIssuedAt(rPTByCode.getCreationDate());
            rptIntrospectionResponse.setPermissions(buildStatusResponsePermissions);
            return Response.status(Response.Status.OK).entity(ServerUtil.asJson(rptIntrospectionResponse)).cacheControl(ServerUtil.cacheControl(true)).build();
        } catch (Exception e) {
            this.log.error("Exception happened", e);
            if (e instanceof WebApplicationException) {
                throw e;
            }
            throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(this.errorResponseFactory.getUmaJsonErrorResponse(UmaErrorResponseType.SERVER_ERROR)).build());
        }
    }

    private boolean isValid(UmaRPT umaRPT) {
        if (umaRPT == null) {
            return false;
        }
        umaRPT.checkExpired();
        return umaRPT.isValid();
    }

    private boolean isValid(org.xdi.oxauth.model.uma.persistence.UmaPermission umaPermission) {
        if (umaPermission == null) {
            return false;
        }
        umaPermission.checkExpired();
        return umaPermission.isValid();
    }

    private List<UmaPermission> buildStatusResponsePermissions(UmaRPT umaRPT) {
        List<org.xdi.oxauth.model.uma.persistence.UmaPermission> rptPermissions;
        ArrayList arrayList = new ArrayList();
        if (umaRPT != null && (rptPermissions = this.rptService.getRptPermissions(umaRPT)) != null && !rptPermissions.isEmpty()) {
            for (org.xdi.oxauth.model.uma.persistence.UmaPermission umaPermission : rptPermissions) {
                if (isValid(umaPermission)) {
                    UmaPermission convert = ServerUtil.convert(umaPermission, this.umaScopeService);
                    if (convert != null) {
                        arrayList.add(convert);
                    }
                } else {
                    this.log.debug("Ignore permission, skip it in response because permission is not valid. Permission dn: {}, rpt dn: {}", umaPermission.getDn(), umaRPT.getDn());
                }
            }
        }
        return arrayList;
    }

    @GET
    @Consumes({"application/json"})
    @ApiOperation("Not allowed")
    @ApiResponses({@ApiResponse(code = 405, message = "Introspection of RPT is not allowed by GET HTTP method.")})
    @Produces({"application/json"})
    public Response requestRptStatusGet(@HeaderParam("Authorization") String str, @FormParam("token") String str2, @FormParam("token_type_hint") String str3) {
        throw new WebApplicationException(Response.status(405).entity("Introspection of RPT is not allowed by GET HTTP method.").build());
    }
}
