package org.xdi.oxd.server.service;

import com.google.common.base.Strings;
import org.apache.commons.lang.StringUtils;
import org.jboss.resteasy.client.ProxyFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.client.service.IntrospectionService;
import org.xdi.oxauth.model.common.IntrospectionResponse;
import org.xdi.oxd.common.ErrorResponseCode;
import org.xdi.oxd.common.ErrorResponseException;
import org.xdi.oxd.common.params.HasOxdIdParams;
import org.xdi.oxd.common.params.HasProtectionAccessTokenParams;
import org.xdi.oxd.common.params.IParams;
import org.xdi.oxd.server.Configuration;
import org.xdi.oxd.server.ServerLauncher;

/* loaded from: input_file:org/xdi/oxd/server/service/ValidationService.class */
public class ValidationService {
    private static final Logger LOG = LoggerFactory.getLogger(ValidationService.class);

    public void notNull(IParams iParams) {
        if (iParams == null) {
            throw new ErrorResponseException(ErrorResponseCode.INTERNAL_ERROR_NO_PARAMS);
        }
    }

    public void notBlankOxdId(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_NO_OXD_ID);
        }
    }

    public void notBlankOpHost(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_OP_HOST);
        }
    }

    public void validate(IParams iParams) {
        notNull(iParams);
        if (iParams instanceof HasOxdIdParams) {
            validate((HasOxdIdParams) iParams);
        }
        if (iParams instanceof HasProtectionAccessTokenParams) {
            validate((HasProtectionAccessTokenParams) iParams);
        }
    }

    private void validate(HasProtectionAccessTokenParams hasProtectionAccessTokenParams) {
        Configuration m33get = ((ConfigurationService) ServerLauncher.getInjector().getInstance(ConfigurationService.class)).m33get();
        if (m33get.getProtectCommandsWithAccessToken() == null || m33get.getProtectCommandsWithAccessToken().booleanValue() || !StringUtils.isBlank(hasProtectionAccessTokenParams.getProtectionAccessToken())) {
            String protectionAccessToken = hasProtectionAccessTokenParams.getProtectionAccessToken();
            if (StringUtils.isBlank(protectionAccessToken)) {
                throw new ErrorResponseException(ErrorResponseCode.BLANK_PROTECTION_ACCESS_TOKEN);
            }
            RpService rpService = (RpService) ServerLauncher.getInjector().getInstance(RpService.class);
            DiscoveryService discoveryService = (DiscoveryService) ServerLauncher.getInjector().getInstance(DiscoveryService.class);
            UmaTokenService umaTokenService = (UmaTokenService) ServerLauncher.getInjector().getInstance(UmaTokenService.class);
            HttpService httpService = (HttpService) ServerLauncher.getInjector().getInstance(HttpService.class);
            Rp rp = rpService.getRp(hasProtectionAccessTokenParams.getOxdId());
            if (StringUtils.isBlank(rp.getSetupOxdId())) {
                throw new ErrorResponseException(ErrorResponseCode.NO_SETUP_CLIENT_FOR_OXD_ID);
            }
            Rp rp2 = rpService.getRp(rp.getSetupOxdId());
            LOG.trace("SetupRP: " + rp2);
            if (rp2 == null || StringUtils.isBlank(rp2.getClientId())) {
                throw new ErrorResponseException(ErrorResponseCode.NO_SETUP_CLIENT_FOR_OXD_ID);
            }
            IntrospectionResponse introspectToken = ((IntrospectionService) ProxyFactory.create(IntrospectionService.class, discoveryService.getConnectDiscoveryResponseByOxdId(hasProtectionAccessTokenParams.getOxdId()).getIntrospectionEndpoint(), httpService.getClientExecutor())).introspectToken("Bearer " + umaTokenService.getPat(hasProtectionAccessTokenParams.getOxdId()).getToken(), protectionAccessToken);
            LOG.trace("access_token: " + protectionAccessToken + ", introspection: " + introspectToken + ", setupClientId: " + rp2.getClientId());
            if (!introspectToken.getClientId().equals(rp2.getClientId())) {
                throw new ErrorResponseException(ErrorResponseCode.INVALID_PROTECTION_ACCESS_TOKEN);
            }
        }
    }

    public void validate(HasOxdIdParams hasOxdIdParams) {
        notNull(hasOxdIdParams);
        notBlankOxdId(hasOxdIdParams.getOxdId());
    }

    public Rp validate(Rp rp) {
        if (rp == null) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_OXD_ID);
        }
        notBlankOxdId(rp.getOxdId());
        notBlankOpHost(rp.getOpHost());
        return rp;
    }
}
