package io.jans.ca.server.op;

import io.jans.as.client.OpenIdConfigurationResponse;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.jwt.Jwt;
import io.jans.ca.common.Command;
import io.jans.ca.common.params.CheckIdTokenParams;
import io.jans.ca.common.response.CheckIdTokenResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.Utils;
import io.jans.ca.server.configuration.model.Rp;
import io.jans.ca.server.op.Validator;
import io.jans.ca.server.service.ServiceProvider;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/CheckIdTokenOperation.class */
public class CheckIdTokenOperation extends BaseOperation<CheckIdTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger(CheckIdTokenOperation.class);

    public CheckIdTokenOperation(Command command, ServiceProvider serviceProvider) {
        super(command, serviceProvider, CheckIdTokenParams.class);
    }

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(CheckIdTokenParams checkIdTokenParams) {
        try {
            OpenIdConfigurationResponse connectDiscoveryResponseByRpId = getDiscoveryService().getConnectDiscoveryResponseByRpId(checkIdTokenParams.getRpId());
            Rp rp = getRp();
            Jwt parse = Jwt.parse(checkIdTokenParams.getIdToken());
            Validator build = new Validator.Builder().discoveryResponse(connectDiscoveryResponseByRpId).idToken(parse).keyService(getPublicOpKeyService()).opClientFactory(getOpClientFactory()).rpServerConfiguration(getJansConfigurationService().find()).rp(rp).build();
            build.validateAccessToken(checkIdTokenParams.getAccessToken(), atHashCheckRequired(rp.getResponseTypes()));
            build.validateAuthorizationCode(checkIdTokenParams.getCode());
            build.validateState(checkIdTokenParams.getState());
            CheckIdTokenResponse checkIdTokenResponse = new CheckIdTokenResponse();
            checkIdTokenResponse.setActive(build.isIdTokenValid(checkIdTokenParams.getNonce()));
            checkIdTokenResponse.setIssuedAt(Utils.date(parse.getClaims().getClaimAsDate("iat")));
            checkIdTokenResponse.setExpiresAt(Utils.date(parse.getClaims().getClaimAsDate("exp")));
            checkIdTokenResponse.setClaims(parse.getClaims().toMap());
            return checkIdTokenResponse;
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), e2);
            throw HttpException.internalError();
        }
    }

    public static boolean atHashCheckRequired(List<String> list) {
        return list.stream().anyMatch(str -> {
            return ResponseType.fromString(str, " ").contains(ResponseType.TOKEN);
        });
    }
}
