package org.forgerock.opendj.rest2ldap.authz;

import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.HashSet;
import java.util.concurrent.TimeUnit;
import org.forgerock.http.Handler;
import org.forgerock.http.oauth2.AccessTokenException;
import org.forgerock.http.oauth2.AccessTokenInfo;
import org.forgerock.http.oauth2.AccessTokenResolver;
import org.forgerock.http.protocol.Entity;
import org.forgerock.http.protocol.Form;
import org.forgerock.http.protocol.Headers;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Responses;
import org.forgerock.http.protocol.Status;
import org.forgerock.json.JsonValue;
import org.forgerock.json.JsonValueException;
import org.forgerock.opendj.rest2ldap.Rest2ldapMessages;
import org.forgerock.services.context.Context;
import org.forgerock.util.Function;
import org.forgerock.util.Reject;
import org.forgerock.util.encode.Base64;
import org.forgerock.util.promise.Promise;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/opendj/rest2ldap/authz/Rfc7662AccessTokenResolver.class */
public final class Rfc7662AccessTokenResolver implements AccessTokenResolver {
    private static final String RFC_7662_FORM_TOKEN_FIELD = "token";
    private static final String RFC_7662_FORM_TOKEN_TYPE_HINT_FIELD = "token_type_hint";
    private static final String RFC_7662_FORM_TOKEN_TYPE_HINT_ACCESS_TOKEN = "access_token";
    private static final String RFC_7662_RESPONSE_SCOPE_FIELD = "scope";
    private static final String RFC_7662_RESPONSE_EXPIRE_TIME_FIELD = "exp";
    private static final String RFC_7662_RESPONSE_ACTIVE_FIELD = "active";
    private final Handler httpClient;
    private final URI introspectionEndPointURI;
    private final String clientAppId;
    private final String clientAppSecret;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Rfc7662AccessTokenResolver(Handler handler, URI uri, String str, String str2) {
        this.httpClient = (Handler) Reject.checkNotNull(handler);
        this.introspectionEndPointURI = (URI) Reject.checkNotNull(uri);
        this.clientAppId = (String) Reject.checkNotNull(str);
        this.clientAppSecret = (String) Reject.checkNotNull(str2);
    }

    @Override // org.forgerock.http.oauth2.AccessTokenResolver
    public Promise<AccessTokenInfo, AccessTokenException> resolve(Context context, String str) {
        Request uri = new Request().setUri(this.introspectionEndPointURI);
        Headers headers = uri.getHeaders();
        headers.put("Accept", (Object) "application/json");
        headers.put("Authorization", (Object) ("Basic " + Base64.encode((this.clientAppId + ":" + this.clientAppSecret).getBytes())));
        Form form = new Form();
        form.add(RFC_7662_FORM_TOKEN_FIELD, str);
        form.add(RFC_7662_FORM_TOKEN_TYPE_HINT_FIELD, RFC_7662_FORM_TOKEN_TYPE_HINT_ACCESS_TOKEN);
        form.toRequestEntity(uri);
        return this.httpClient.handle(context, uri).then(buildAccessToken(str), Responses.noopExceptionFunction());
    }

    private Function<Response, AccessTokenInfo, AccessTokenException> buildAccessToken(final String str) {
        return new Function<Response, AccessTokenInfo, AccessTokenException>() { // from class: org.forgerock.opendj.rest2ldap.authz.Rfc7662AccessTokenResolver.1
            /* JADX WARN: Failed to calculate best type for var: r7v1 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Failed to calculate best type for var: r8v0 ??
            java.lang.NullPointerException
             */
            /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
            	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
            	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
            	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
            	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
            	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
            	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
            	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
            	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
            	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
            	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
             */
            /* JADX WARN: Not initialized variable reg: 7, insn: 0x008d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:29:0x008d */
            /* JADX WARN: Not initialized variable reg: 8, insn: 0x0091: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:31:0x0091 */
            /* JADX WARN: Type inference failed for: r7v1, types: [org.forgerock.http.protocol.Entity] */
            /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
            @Override // org.forgerock.util.Function
            public AccessTokenInfo apply(Response response) throws AccessTokenException {
                Status status = response.getStatus();
                if (!Status.OK.equals(status)) {
                    throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_RFC7662_RETURNED_ERROR.get(status), response.getCause());
                }
                try {
                    try {
                        Entity entity = response.getEntity();
                        Throwable th = null;
                        JsonValue asJson = Rfc7662AccessTokenResolver.this.asJson(entity);
                        if (!asJson.get(Rfc7662AccessTokenResolver.RFC_7662_RESPONSE_ACTIVE_FIELD).defaultTo(Boolean.FALSE).asBoolean().booleanValue()) {
                            throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_RFC7662_TOKEN_NOT_ACTIVE.get());
                        }
                        AccessTokenInfo buildAccessTokenFromJson = Rfc7662AccessTokenResolver.this.buildAccessTokenFromJson(asJson, str);
                        if (entity != null) {
                            if (0 != 0) {
                                try {
                                    entity.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                entity.close();
                            }
                        }
                        return buildAccessTokenFromJson;
                    } finally {
                    }
                } catch (JsonValueException e) {
                    throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_RFC7662_INVALID_JSON_TOKEN.get(e.getMessage()), e);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AccessTokenInfo buildAccessTokenFromJson(JsonValue jsonValue, String str) {
        return new AccessTokenInfo(jsonValue, str, new HashSet(Arrays.asList(jsonValue.get("scope").required().asString().trim().split(" +"))), TimeUnit.SECONDS.toMillis(jsonValue.get(RFC_7662_RESPONSE_EXPIRE_TIME_FIELD).required().asLong().longValue()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public JsonValue asJson(Entity entity) throws AccessTokenException {
        try {
            return new JsonValue(entity.getJson());
        } catch (IOException e) {
            throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_RFC7662_CANNOT_READ_RESPONSE.get(), e);
        }
    }
}
