package org.gluu.oxtrust.service;

import java.io.Serializable;
import javax.ws.rs.core.Response;
import org.gluu.oxtrust.exception.UmaProtectionException;
import org.gluu.oxtrust.ldap.service.ApplianceService;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.log.Log;
import org.xdi.config.oxtrust.ApplicationConfiguration;
import org.xdi.ldap.model.GluuBoolean;
import org.xdi.oxauth.model.uma.RptIntrospectionResponse;
import org.xdi.oxauth.model.uma.wrapper.Token;
import org.xdi.util.Pair;
import org.xdi.util.StringHelper;

@Name("umaAuthenticationService")
@AutoCreate
@Scope(ScopeType.APPLICATION)
/* loaded from: input_file:org/gluu/oxtrust/service/UmaAuthenticationService.class */
public class UmaAuthenticationService implements Serializable {
    private static final long serialVersionUID = -2222131971095468865L;

    @Logger
    private Log log;

    @In
    private UmaProtectionService umaProtectionService;

    @In("#{oxTrustConfiguration.applicationConfiguration}")
    private ApplicationConfiguration applicationConfiguration;

    @In
    private ApplianceService applianceService;
    private final Pair<Boolean, Response> authenticationFailure = new Pair<>(false, (Object) null);
    private final Pair<Boolean, Response> authenticationSuccess = new Pair<>(true, (Object) null);

    public Pair<Boolean, Response> validateRptToken(String str, String str2, String str3) {
        Response prepareRegisterUmaPermissionsResponse;
        if (!isEnabledUmaAuthentication() || str == null || !str.startsWith("Bearer ")) {
            return this.authenticationFailure;
        }
        String substring = str.substring(7);
        try {
            Token patToken = this.umaProtectionService.getPatToken();
            RptIntrospectionResponse statusResponse = this.umaProtectionService.getStatusResponse(patToken, substring);
            if (statusResponse == null) {
                this.log.error("Status response for RPT token: '{0}' is invalid", new Object[]{substring});
                return this.authenticationFailure;
            }
            if (this.umaProtectionService.isRptHasPermissions(statusResponse)) {
                return this.authenticationSuccess;
            }
            if (!StringHelper.isEmpty(this.umaProtectionService.registerUmaPermissions(patToken, str2, str3)) && (prepareRegisterUmaPermissionsResponse = this.umaProtectionService.prepareRegisterUmaPermissionsResponse(patToken, str2, str3)) != null) {
                return new Pair<>(true, prepareRegisterUmaPermissionsResponse);
            }
            return this.authenticationFailure;
        } catch (UmaProtectionException e) {
            this.log.error("Failed to verify RPT token: '{0}'", e, new Object[]{substring});
            return this.authenticationFailure;
        }
    }

    public boolean isEnabledUmaAuthentication() {
        return isScimEnabled() && this.umaProtectionService.isEnabledUmaAuthentication();
    }

    private boolean isScimEnabled() {
        GluuBoolean scimEnabled = this.applianceService.getAppliance().getScimEnabled();
        return GluuBoolean.ENABLED.equals(scimEnabled) || GluuBoolean.TRUE.equals(scimEnabled);
    }
}
