package io.jans.ca.server.op;

import com.google.common.base.Strings;
import io.jans.as.client.UserInfoClient;
import io.jans.as.client.UserInfoRequest;
import io.jans.as.client.UserInfoResponse;
import io.jans.as.model.jwt.Jwt;
import io.jans.ca.common.Command;
import io.jans.ca.common.ErrorResponseCode;
import io.jans.ca.common.Jackson2;
import io.jans.ca.common.params.GetUserInfoParams;
import io.jans.ca.common.params.HasRpIdParams;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.common.response.POJOResponse;
import io.jans.ca.server.HttpException;
import io.jans.ca.server.persistence.service.MainPersistenceService;
import io.jans.ca.server.service.DiscoveryService;
import io.jans.ca.server.service.HttpService;
import io.jans.ca.server.service.ServiceProvider;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/GetUserInfoOperation.class */
public class GetUserInfoOperation extends BaseOperation<GetUserInfoParams> {
    private static final Logger LOG = LoggerFactory.getLogger(GetUserInfoOperation.class);
    DiscoveryService discoveryService;
    MainPersistenceService jansConfigurationService;
    OpClientFactoryImpl opClientFactory;
    HttpService httpService;

    public GetUserInfoOperation(Command command, ServiceProvider serviceProvider) {
        super(command, serviceProvider, GetUserInfoParams.class);
        this.discoveryService = serviceProvider.getDiscoveryService();
        this.jansConfigurationService = serviceProvider.getJansConfigurationService();
        this.opClientFactory = this.discoveryService.getOpClientFactory();
        this.httpService = this.discoveryService.getHttpService();
    }

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(GetUserInfoParams getUserInfoParams) throws IOException {
        getValidationService().validate((HasRpIdParams) getUserInfoParams);
        UserInfoClient createUserInfoClient = this.opClientFactory.createUserInfoClient(this.discoveryService.getConnectDiscoveryResponseByRpId(getUserInfoParams.getRpId()).getUserInfoEndpoint());
        createUserInfoClient.setExecutor(this.httpService.getClientEngine());
        createUserInfoClient.setRequest(new UserInfoRequest(getUserInfoParams.getAccessToken()));
        UserInfoResponse exec = createUserInfoClient.exec();
        if (exec.getStatus() == 200) {
            validateSubjectIdentifier(getUserInfoParams.getIdToken(), exec);
        }
        return new POJOResponse(Jackson2.createJsonMapper().readTree(exec.getEntity()));
    }

    public void validateSubjectIdentifier(String str, UserInfoResponse userInfoResponse) {
        try {
            if (this.jansConfigurationService.find().getValidateUserInfoWithIdToken().booleanValue() && !Strings.isNullOrEmpty(str)) {
                LOG.trace("Validating subject Identifier (`sub`) of userInfo response.");
                String str2 = (String) userInfoResponse.getClaims().get("sub");
                Jwt parse = Jwt.parse(str);
                if (parse.getClaims().getClaimAsString("sub").equals(str2)) {
                    return;
                }
                LOG.error("UserInfo `sub` value does not matches with `sub` value of ID_TOKEN.\n ID_TOKEN `sub`: {}  \n UserInfo `sub`: {} ", parse.getClaims().getClaimAsString("sub"), str2);
                throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_IDENTIFIER);
            }
        } catch (HttpException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Error in matching `sub` value of UserInfo with `sub` value of ID_TOKEN.", e2);
            throw new HttpException(ErrorResponseCode.FAILED_TO_VERIFY_SUBJECT_IDENTIFIER);
        }
    }
}
