package org.eclipse.edc.connector.transfer.dataplane.api;

import jakarta.ws.rs.GET;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import org.eclipse.edc.connector.transfer.dataplane.spi.security.DataEncrypter;
import org.eclipse.edc.keys.spi.PublicKeyResolver;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.types.TypeManager;
import org.eclipse.edc.spi.types.domain.DataAddress;
import org.eclipse.edc.token.spi.TokenValidationRule;
import org.eclipse.edc.token.spi.TokenValidationService;
import org.eclipse.edc.web.spi.exception.InvalidRequestException;
import org.eclipse.edc.web.spi.exception.NotAuthorizedException;

@Path("/token")
/* loaded from: input_file:org/eclipse/edc/connector/transfer/dataplane/api/ConsumerPullTransferTokenValidationApiController.class */
public class ConsumerPullTransferTokenValidationApiController implements ConsumerPullTransferTokenValidationApi {
    private final TokenValidationService service;
    private final DataEncrypter dataEncrypter;
    private final TypeManager typeManager;
    private final PublicKeyResolver publicKeyResolver;

    public ConsumerPullTransferTokenValidationApiController(TokenValidationService tokenValidationService, DataEncrypter dataEncrypter, TypeManager typeManager, PublicKeyResolver publicKeyResolver) {
        this.service = tokenValidationService;
        this.dataEncrypter = dataEncrypter;
        this.typeManager = typeManager;
        this.publicKeyResolver = publicKeyResolver;
    }

    @Override // org.eclipse.edc.connector.transfer.dataplane.api.ConsumerPullTransferTokenValidationApi
    @Produces({"application/json"})
    @GET
    public DataAddress validate(@HeaderParam("Authorization") String str) {
        return (DataAddress) this.service.validate(str, this.publicKeyResolver, new TokenValidationRule[0]).map(this::extractDataAddressClaim).map(this::toDataAddress).orElseThrow(failure -> {
            return new NotAuthorizedException("Token validation failed: " + failure.getFailureDetail());
        });
    }

    String extractDataAddressClaim(ClaimToken claimToken) {
        Object claim = claimToken.getClaim("dad");
        if (claim instanceof String) {
            return (String) claim;
        }
        throw new InvalidRequestException(String.format("Missing claim `%s` in token", "dad"));
    }

    private DataAddress toDataAddress(String str) {
        return (DataAddress) this.typeManager.readValue(this.dataEncrypter.decrypt(str), DataAddress.class);
    }
}
