package org.xdi.oxd.server.service;

import com.google.common.base.Strings;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxauth.model.common.IntrospectionResponse;
import org.xdi.oxd.common.ErrorResponseCode;
import org.xdi.oxd.common.ErrorResponseException;
import org.xdi.oxd.common.params.GetClientTokenParams;
import org.xdi.oxd.common.params.GetRpParams;
import org.xdi.oxd.common.params.HasOxdIdParams;
import org.xdi.oxd.common.params.HasProtectionAccessTokenParams;
import org.xdi.oxd.common.params.IParams;
import org.xdi.oxd.common.params.RegisterSiteParams;
import org.xdi.oxd.common.params.SetupClientParams;
import org.xdi.oxd.common.params.UpdateSiteParams;
import org.xdi.oxd.server.Configuration;
import org.xdi.oxd.server.ServerLauncher;
import org.xdi.util.Pair;

/* loaded from: input_file:org/xdi/oxd/server/service/ValidationService.class */
public class ValidationService {
    private static final Logger LOG = LoggerFactory.getLogger(ValidationService.class);

    public void notNull(IParams iParams) {
        if (iParams == null) {
            throw new ErrorResponseException(ErrorResponseCode.INTERNAL_ERROR_NO_PARAMS);
        }
    }

    public void notBlankOxdId(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new ErrorResponseException(ErrorResponseCode.BAD_REQUEST_NO_OXD_ID);
        }
    }

    public void notBlankOpHost(String str) {
        if (Strings.isNullOrEmpty(str)) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_OP_HOST);
        }
    }

    public Pair<Rp, Boolean> validate(IParams iParams) {
        Rp rp;
        Rp rp2;
        Boolean bool = null;
        notNull(iParams);
        if (iParams instanceof HasOxdIdParams) {
            validate((HasOxdIdParams) iParams);
            bool = true;
        }
        if ((iParams instanceof HasProtectionAccessTokenParams) && validate((HasProtectionAccessTokenParams) iParams)) {
            bool = false;
        }
        if (bool != null && !(iParams instanceof RegisterSiteParams)) {
            try {
                String oxdId = ((HasOxdIdParams) iParams).getOxdId();
                if (StringUtils.isNotBlank(oxdId) && (rp2 = ((RpService) ServerLauncher.getInjector().getInstance(RpService.class)).getRp(oxdId)) != null) {
                    return new Pair<>(rp2, bool);
                }
            } catch (ErrorResponseException e) {
            } catch (Exception e2) {
                LOG.error("Failed to invoke license service client update. Message: " + e2.getMessage(), e2);
            }
        }
        if (iParams instanceof GetClientTokenParams) {
            Rp rpByClientId = ((RpService) ServerLauncher.getInjector().getInstance(RpService.class)).getRpByClientId(((GetClientTokenParams) iParams).getClientId());
            if (rpByClientId != null) {
                return new Pair<>(rpByClientId, false);
            }
        }
        if (!(iParams instanceof GetRpParams)) {
            return null;
        }
        GetRpParams getRpParams = (GetRpParams) iParams;
        String oxdId2 = getRpParams.getOxdId();
        if (!StringUtils.isNotBlank(oxdId2)) {
            return null;
        }
        if ((getRpParams.getList() == null || !getRpParams.getList().booleanValue()) && (rp = ((RpService) ServerLauncher.getInjector().getInstance(RpService.class)).getRp(oxdId2)) != null) {
            return new Pair<>(rp, true);
        }
        return null;
    }

    private boolean validate(HasProtectionAccessTokenParams hasProtectionAccessTokenParams) {
        if (hasProtectionAccessTokenParams instanceof SetupClientParams) {
            return false;
        }
        if (hasProtectionAccessTokenParams instanceof UpdateSiteParams) {
            Rp rp = ((RpService) ServerLauncher.getInjector().getInstance(RpService.class)).getRp(hasProtectionAccessTokenParams.getOxdId());
            if (rp.getSetupClient() != null && rp.getSetupClient().booleanValue()) {
                return false;
            }
        }
        Configuration m40get = ((ConfigurationService) ServerLauncher.getInjector().getInstance(ConfigurationService.class)).m40get();
        if (m40get.getProtectCommandsWithAccessToken() != null && !m40get.getProtectCommandsWithAccessToken().booleanValue()) {
            return false;
        }
        String protectionAccessToken = hasProtectionAccessTokenParams.getProtectionAccessToken();
        if (StringUtils.isBlank(protectionAccessToken)) {
            throw new ErrorResponseException(ErrorResponseCode.BLANK_PROTECTION_ACCESS_TOKEN);
        }
        if (hasProtectionAccessTokenParams instanceof RegisterSiteParams) {
            return false;
        }
        Rp rp2 = ((RpService) ServerLauncher.getInjector().getInstance(RpService.class)).getRp(hasProtectionAccessTokenParams.getOxdId());
        if (StringUtils.isBlank(rp2.getSetupClientId())) {
            throw new ErrorResponseException(ErrorResponseCode.NO_SETUP_CLIENT_FOR_OXD_ID);
        }
        IntrospectionResponse introspect = introspect(protectionAccessToken, hasProtectionAccessTokenParams.getOxdId());
        LOG.trace("access_token: " + protectionAccessToken + ", introspection: " + introspect + ", setupClientId: " + rp2.getSetupClientId());
        if (StringUtils.isBlank(introspect.getClientId())) {
            throw new ErrorResponseException(ErrorResponseCode.NO_CLIENT_ID_IN_INTROSPECTION_RESPONSE);
        }
        if (!IntrospectionService.getScopes(introspect).contains("oxd")) {
            throw new ErrorResponseException(ErrorResponseCode.PROTECTION_ACCESS_TOKEN_INSUFFICIENT_SCOPE);
        }
        if (introspect.getClientId().equals(rp2.getSetupClientId())) {
            return true;
        }
        throw new ErrorResponseException(ErrorResponseCode.INVALID_PROTECTION_ACCESS_TOKEN);
    }

    public IntrospectionResponse introspect(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            throw new ErrorResponseException(ErrorResponseCode.BLANK_PROTECTION_ACCESS_TOKEN);
        }
        RpService rpService = (RpService) ServerLauncher.getInjector().getInstance(RpService.class);
        Rp rp = rpService.getRp(str2);
        if (StringUtils.isNotBlank(rp.getSetupOxdId())) {
            str2 = rp.getSetupOxdId();
        }
        LOG.trace("Introspect token with rp: " + rpService.getRp(str2));
        IntrospectionResponse introspectToken = ((IntrospectionService) ServerLauncher.getInjector().getInstance(IntrospectionService.class)).introspectToken(str2, str);
        if (introspectToken.isActive()) {
            return introspectToken;
        }
        LOG.debug("access_token is not active.");
        throw new ErrorResponseException(ErrorResponseCode.INACTIVE_PROTECTION_ACCESS_TOKEN);
    }

    public void validate(HasOxdIdParams hasOxdIdParams) {
        notNull(hasOxdIdParams);
        notBlankOxdId(hasOxdIdParams.getOxdId());
    }

    public Rp validate(Rp rp) {
        if (rp == null) {
            throw new ErrorResponseException(ErrorResponseCode.INVALID_OXD_ID);
        }
        notBlankOxdId(rp.getOxdId());
        notBlankOpHost(rp.getOpHost());
        return rp;
    }
}
