package io.jans.configapi.auth;

import com.google.auth.http.AuthHttpConstants;
import io.jans.as.model.common.IntrospectionResponse;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.configapi.auth.service.OpenIdService;
import io.jans.configapi.auth.util.AuthUtil;
import io.jans.configapi.auth.util.JwtUtil;
import java.io.Serializable;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
@Named("openIdAuthorizationService")
/* loaded from: input_file:io/jans/configapi/auth/OpenIdAuthorizationService.class */
public class OpenIdAuthorizationService extends AuthorizationService implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    Logger log;

    @Inject
    AuthUtil authUtil;

    @Inject
    JwtUtil jwtUtil;

    @Inject
    OpenIdService openIdService;

    @Override // io.jans.configapi.auth.AuthorizationService
    public void processAuthorization(String str, String str2, ResourceInfo resourceInfo, String str3, String str4) throws Exception {
        this.log.debug("oAuth  Authorization parameters , token:{}, issuer:{}, resourceInfo:{}, method: {}, path: {} ", str, str2, resourceInfo, str3, str4);
        if (StringUtils.isBlank(str)) {
            this.log.error("Token is blank !!!");
            throw new WebApplicationException("Token is blank.", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        this.log.info("Get requested scopes");
        List<String> requestedScopes = getRequestedScopes(resourceInfo);
        this.log.trace("oAuth  Authorization Resource details, resourceInfo: {}, resourceScopes: {} ", resourceInfo, requestedScopes);
        this.log.info("Validate issuer");
        if (StringUtils.isNotBlank(str2) && !this.authUtil.isValidIssuer(str2)) {
            throw new WebApplicationException("Header Issuer is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        this.log.info("Verify if JWT");
        String trim = str.substring(AuthHttpConstants.BEARER.length()).trim();
        boolean isJwt = this.jwtUtil.isJwt(trim);
        this.log.debug(" Is Jwt Token isJwtToken = " + isJwt);
        if (isJwt) {
            try {
                this.log.info("Since token is JWT Validate it");
                this.jwtUtil.parse(trim);
                this.jwtUtil.validateToken(trim, requestedScopes);
                return;
            } catch (InvalidJwtException e) {
                this.log.error("oAuth Invalid Jwt " + str + " - Exception is " + e);
                throw new WebApplicationException("Jwt Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
            }
        }
        this.log.info("\n Since token is NOT JWT hence introspecting it as Reference token \n");
        IntrospectionResponse introspectionResponse = this.openIdService.getIntrospectionResponse(str, str.substring(AuthHttpConstants.BEARER.length()).trim(), str2);
        this.log.trace("oAuth  Authorization introspectionResponse = " + introspectionResponse);
        if (introspectionResponse == null || !introspectionResponse.isActive()) {
            this.log.error("Token is Invalid.");
            throw new WebApplicationException("Token is Invalid.", Response.status(Response.Status.UNAUTHORIZED).build());
        }
        this.log.info("Validate token scopes");
        if (validateScope(introspectionResponse.getScope(), requestedScopes)) {
            return;
        }
        this.log.error("Insufficient scopes. Required scope: " + requestedScopes + ", token scopes: " + introspectionResponse.getScope());
        throw new WebApplicationException("Insufficient scopes. Required scope", Response.status(Response.Status.UNAUTHORIZED).build());
    }
}
