package org.forgerock.openidconnect;

import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.json.JsonValue;
import org.forgerock.oauth2.core.AccessToken;
import org.forgerock.oauth2.core.AccessTokenVerifier;
import org.forgerock.oauth2.core.ClientRegistrationStore;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.TokenStore;
import org.forgerock.oauth2.core.exceptions.InvalidTokenException;
import org.forgerock.oauth2.core.exceptions.OAuth2Exception;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidconnect/UserInfoService.class */
public class UserInfoService {
    private final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private final TokenStore tokenStore;
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;
    private final AccessTokenVerifier headerTokenVerifier;
    private final AccessTokenVerifier formTokenVerifier;
    private final ClientRegistrationStore clientRegistrationStore;

    @Inject
    public UserInfoService(TokenStore tokenStore, OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory, @Named("header") AccessTokenVerifier accessTokenVerifier, @Named("form-body") AccessTokenVerifier accessTokenVerifier2, ClientRegistrationStore clientRegistrationStore) {
        this.tokenStore = tokenStore;
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
        this.headerTokenVerifier = accessTokenVerifier;
        this.formTokenVerifier = accessTokenVerifier2;
        this.clientRegistrationStore = clientRegistrationStore;
    }

    public JsonValue getUserInfo(OAuth2Request oAuth2Request) throws OAuth2Exception {
        AccessTokenVerifier.TokenState verify = this.headerTokenVerifier.verify(oAuth2Request);
        AccessTokenVerifier.TokenState verify2 = this.formTokenVerifier.verify(oAuth2Request);
        if (!verify.isValid() && !verify2.isValid()) {
            this.logger.debug("No access token provided for this request.");
            throw new InvalidTokenException();
        }
        if (verify.isValid() && verify2.isValid()) {
            this.logger.debug("Access token provided in both form and header.");
            throw new ServerException("Access Token cannot be provided in both form and header");
        }
        AccessToken readAccessToken = this.tokenStore.readAccessToken(oAuth2Request, verify.isValid() ? verify.getTokenId() : verify2.getTokenId());
        return new JsonValue(this.providerSettingsFactory.get(oAuth2Request).getUserInfo(this.clientRegistrationStore.get(readAccessToken.getClientId(), oAuth2Request), readAccessToken, oAuth2Request).getValues());
    }
}
