package org.keycloak.authorization.protection.introspect;

import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.Map;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider;
import org.keycloak.representations.AccessToken;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/protection/introspect/RPTIntrospectionProvider.class */
public class RPTIntrospectionProvider extends AccessTokenIntrospectionProvider {
    protected static final Logger LOGGER = Logger.getLogger(RPTIntrospectionProvider.class);

    public RPTIntrospectionProvider(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    public Response introspect(String str) {
        ObjectNode createObjectNode;
        LOGGER.debug("Introspecting requesting party token");
        try {
            AccessToken accessToken = toAccessToken(str);
            boolean isActive = isActive(accessToken);
            if (isActive) {
                LOGGER.debug("Token is active");
                AccessToken accessToken2 = new AccessToken();
                accessToken2.type(accessToken.getType());
                accessToken2.expiration(accessToken.getExpiration());
                accessToken2.issuedAt(accessToken.getIssuedAt());
                accessToken2.audience(accessToken.getAudience());
                accessToken2.notBefore(accessToken.getNotBefore());
                accessToken2.setRealmAccess((AccessToken.Access) null);
                accessToken2.setResourceAccess((Map) null);
                createObjectNode = JsonSerialization.createObjectNode(accessToken2);
                createObjectNode.putPOJO("permissions", accessToken.getAuthorization().getPermissions());
            } else {
                LOGGER.debug("Token is not active");
                createObjectNode = JsonSerialization.createObjectNode();
            }
            createObjectNode.put("active", isActive);
            return Response.ok(JsonSerialization.writeValueAsBytes(createObjectNode)).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (Exception e) {
            throw new RuntimeException("Error creating token introspection response.", e);
        }
    }

    private boolean isActive(AccessToken accessToken) {
        AccessToken.Authorization authorization = accessToken.getAuthorization();
        return (!accessToken.isActive() || authorization == null || authorization.getPermissions() == null || authorization.getPermissions().isEmpty()) ? false : true;
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    public void close() {
    }
}
