package org.apache.cxf.rs.security.oauth2.filters;

import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.TokenIntrospection;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;

/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.1.5.jar:org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.class */
public class AccessTokenIntrospectionClient implements AccessTokenValidator {
    private WebClient tokenValidatorClient;

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public List<String> getSupportedAuthorizationSchemes() {
        return Collections.singletonList("Bearer");
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public AccessTokenValidation validateAccessToken(MessageContext messageContext, String str, String str2, MultivaluedMap<String, String> multivaluedMap) throws OAuthServiceException {
        WebClient fromClient = WebClient.fromClient(this.tokenValidatorClient, true);
        MetadataMap metadataMap = new MetadataMap();
        metadataMap.putSingle("token", str2);
        try {
            return convertIntrospectionToValidation((TokenIntrospection) fromClient.post(metadataMap, TokenIntrospection.class));
        } catch (WebApplicationException e) {
            throw new OAuthServiceException(e);
        }
    }

    private AccessTokenValidation convertIntrospectionToValidation(TokenIntrospection tokenIntrospection) {
        AccessTokenValidation accessTokenValidation = new AccessTokenValidation();
        accessTokenValidation.setInitialValidationSuccessful(tokenIntrospection.isActive());
        if (tokenIntrospection.getClientId() != null) {
            accessTokenValidation.setClientId(tokenIntrospection.getClientId());
        }
        if (tokenIntrospection.getIat() != null) {
            accessTokenValidation.setTokenIssuedAt(tokenIntrospection.getIat().longValue());
        }
        if (tokenIntrospection.getExp() != null) {
            accessTokenValidation.setTokenLifetime(tokenIntrospection.getExp().longValue() - tokenIntrospection.getIat().longValue());
        }
        if (!StringUtils.isEmpty(tokenIntrospection.getAud())) {
            accessTokenValidation.setAudiences(tokenIntrospection.getAud());
        }
        if (tokenIntrospection.getIss() != null) {
            accessTokenValidation.setTokenIssuer(tokenIntrospection.getIss());
        }
        if (tokenIntrospection.getScope() != null) {
            String[] split = tokenIntrospection.getScope().split(" ");
            LinkedList linkedList = new LinkedList();
            for (String str : split) {
                if (!StringUtils.isEmpty(str)) {
                    linkedList.add(new OAuthPermission(str.trim()));
                }
            }
            accessTokenValidation.setTokenScopes(linkedList);
        }
        return accessTokenValidation;
    }

    public void setTokenValidatorClient(WebClient webClient) {
        this.tokenValidatorClient = webClient;
    }
}
