package org.forgerock.oauth2.core;

import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.forgerock.json.JsonValue;
import org.forgerock.oauth2.core.AccessTokenVerifier;
import org.forgerock.oauth2.core.exceptions.BadRequestException;
import org.forgerock.oauth2.core.exceptions.ExpiredTokenException;
import org.forgerock.oauth2.core.exceptions.InvalidClientException;
import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.InvalidRequestException;
import org.forgerock.oauth2.core.exceptions.InvalidTokenException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/forgerock/oauth2/core/TokenInfoService.class */
public class TokenInfoService {
    private final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;
    private final AccessTokenVerifier headerTokenVerifier;
    private final AccessTokenVerifier queryTokenVerifier;
    private final ClientRegistrationStore clientRegistrationStore;

    @Inject
    public TokenInfoService(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory, @Named("realm-agnostic-header") AccessTokenVerifier accessTokenVerifier, @Named("realm-agnostic-query-param") AccessTokenVerifier accessTokenVerifier2, ClientRegistrationStore clientRegistrationStore) {
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
        this.headerTokenVerifier = accessTokenVerifier;
        this.queryTokenVerifier = accessTokenVerifier2;
        this.clientRegistrationStore = clientRegistrationStore;
    }

    public JsonValue getTokenInfo(OAuth2Request oAuth2Request) throws InvalidTokenException, InvalidRequestException, ExpiredTokenException, ServerException, BadRequestException, InvalidGrantException, NotFoundException {
        AccessTokenVerifier.TokenState verify = this.headerTokenVerifier.verify(oAuth2Request);
        AccessTokenVerifier.TokenState verify2 = this.queryTokenVerifier.verify(oAuth2Request);
        ensureSingleTokenInRequest(verify, verify2);
        assertTokenIsValid(verify, verify2);
        AccessToken accessToken = (AccessToken) oAuth2Request.getToken(AccessToken.class);
        oAuth2Request.getRequest().getAttributes().put("realm", accessToken.getRealm());
        assertTokenClientExists(accessToken, oAuth2Request);
        this.logger.trace("In Validator resource - got token = " + accessToken);
        HashMap hashMap = new HashMap();
        Map<String, Object> evaluateScope = this.providerSettingsFactory.get(oAuth2Request).evaluateScope(accessToken);
        hashMap.putAll(accessToken.getTokenInfo());
        hashMap.putAll(evaluateScope);
        return new JsonValue(hashMap);
    }

    private void assertTokenIsValid(AccessTokenVerifier.TokenState tokenState, AccessTokenVerifier.TokenState tokenState2) throws InvalidTokenException {
        if (tokenState.isValid() || tokenState2.isValid()) {
            return;
        }
        this.logger.error("Access Token not valid");
        throw new InvalidTokenException();
    }

    private void ensureSingleTokenInRequest(AccessTokenVerifier.TokenState tokenState, AccessTokenVerifier.TokenState tokenState2) throws InvalidRequestException {
        if (tokenState.isValid() && tokenState2.isValid()) {
            this.logger.error("Access Token provided in both query and header in request");
            throw new InvalidRequestException("Access Token cannot be provided in both query and header");
        }
    }

    private void assertTokenClientExists(AccessToken accessToken, OAuth2Request oAuth2Request) throws InvalidTokenException {
        String clientId = accessToken.getClientId();
        try {
            this.clientRegistrationStore.get(clientId, oAuth2Request);
        } catch (InvalidClientException | NotFoundException e) {
            this.logger.error("The client identified by the id: " + clientId + " does not exist");
            throw new InvalidTokenException();
        }
    }
}
