package org.forgerock.oauth2.core;

import com.google.common.base.Joiner;
import java.util.Map;
import javax.inject.Inject;
import org.forgerock.json.JsonPointer;
import org.forgerock.json.JsonValue;
import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.forgerock.openam.oauth2.OAuth2UrisFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/oauth2/core/OAuth2TokenIntrospectionHandler.class */
public class OAuth2TokenIntrospectionHandler implements TokenIntrospectionHandler {
    private static final Joiner SCOPE_JOINER = Joiner.on(' ');
    private static final JsonPointer CNF_POINTER = new JsonPointer("cnf");
    private final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private final TokenStore tokenStore;
    private final OAuth2UrisFactory urisFactory;

    @Inject
    public OAuth2TokenIntrospectionHandler(TokenStore tokenStore, OAuth2UrisFactory oAuth2UrisFactory) {
        this.tokenStore = tokenStore;
        this.urisFactory = oAuth2UrisFactory;
    }

    @Override // org.forgerock.oauth2.core.TokenIntrospectionHandler
    public JsonValue introspect(OAuth2Request oAuth2Request, String str, String str2, String str3) throws ServerException, NotFoundException {
        IntrospectableToken introspectableToken = getIntrospectableToken(oAuth2Request, str2, str3);
        if (introspectableToken == null || introspectableToken.isExpired()) {
            return null;
        }
        if (introspectableToken.getClientId().equals(str) && introspectableToken.getRealm().equals(oAuth2Request.getParameter("realm"))) {
            return renderOAuth2Token(oAuth2Request, introspectableToken);
        }
        this.logger.warn("Token {} didn't belong to client {}", oAuth2Request.getParameter("token"), str);
        return null;
    }

    private JsonValue renderOAuth2Token(OAuth2Request oAuth2Request, IntrospectableToken introspectableToken) throws ServerException, NotFoundException {
        Map.Entry[] entryArr = new Map.Entry[8];
        entryArr[0] = JsonValue.field("active", true);
        entryArr[1] = JsonValue.field("scope", SCOPE_JOINER.join(introspectableToken.getScope()));
        entryArr[2] = JsonValue.field("client_id", introspectableToken.getClientId());
        entryArr[3] = JsonValue.field("user_id", introspectableToken.getResourceOwnerId());
        entryArr[4] = JsonValue.field("token_type", introspectableToken instanceof AccessToken ? "access_token" : "refresh_token");
        entryArr[5] = JsonValue.field("exp", introspectableToken.getExpiryTime() == -1 ? null : Long.valueOf(introspectableToken.getExpiryTime() / 1000));
        entryArr[6] = JsonValue.field("sub", introspectableToken.getResourceOwnerId());
        entryArr[7] = JsonValue.field("iss", this.urisFactory.get(oAuth2Request).getIssuer());
        JsonValue json = JsonValue.json(JsonValue.object(entryArr));
        if (introspectableToken instanceof AccessToken) {
            JsonValue confirmationKey = ((AccessToken) introspectableToken).getConfirmationKey();
            if (confirmationKey.isNotNull()) {
                json.putPermissive(CNF_POINTER, confirmationKey.getObject());
            }
        }
        return json;
    }

    protected IntrospectableToken getIntrospectableToken(OAuth2Request oAuth2Request, String str, String str2) throws ServerException, NotFoundException {
        IntrospectableToken introspectableToken = null;
        if (0 == 0 && (str == null || "access_token".equals(str))) {
            try {
                introspectableToken = this.tokenStore.readAccessToken(oAuth2Request, str2);
            } catch (InvalidGrantException e) {
                this.logger.debug("Couldn't find access token with ID {}", str2, e);
            }
        }
        if (introspectableToken == null && (str == null || "refresh_token".equals(str))) {
            try {
                introspectableToken = this.tokenStore.readRefreshToken(oAuth2Request, str2);
            } catch (InvalidGrantException e2) {
                this.logger.debug("Couldn't find refresh token with ID {}", str2, e2);
            }
        }
        return introspectableToken;
    }

    @Override // org.forgerock.oauth2.core.TokenIntrospectionHandler
    public Integer priority() {
        return 10;
    }
}
