package org.wso2.carbon.identity.oauth.endpoint.introspection;

import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2IntrospectionResponseDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;

@Produces({"application/json"})
@Path("/introspect")
@Consumes({"application/x-www-form-urlencoded"})
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/introspection/OAuth2IntrospectionEndpoint.class */
public class OAuth2IntrospectionEndpoint {
    private static final Log log = LogFactory.getLog(OAuth2IntrospectionEndpoint.class);
    private static final String DEFAULT_TOKEN_TYPE_HINT = "bearer";
    private static final String DEFAULT_TOKEN_TYPE = "Bearer";
    private static final String JWT_TOKEN_TYPE = "JWT";

    @POST
    public Response introspect(@FormParam("token") String str) {
        return introspect(str, DEFAULT_TOKEN_TYPE_HINT);
    }

    @POST
    public Response introspect(@FormParam("token") String str, @FormParam("token_type_hint") String str2) {
        if (str2 == null) {
            str2 = DEFAULT_TOKEN_TYPE_HINT;
        }
        if (log.isDebugEnabled()) {
            log.debug("Token type hint: " + str2);
        }
        if (StringUtils.isBlank(str)) {
            return Response.status(Response.Status.BAD_REQUEST).entity("{'error': 'Invalid input'}").build();
        }
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setIdentifier(str);
        oAuth2AccessToken.setTokenType(str2);
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        OAuth2IntrospectionResponseDTO buildIntrospectionResponse = ((OAuth2TokenValidationService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(OAuth2TokenValidationService.class)).buildIntrospectionResponse(oAuth2TokenValidationRequestDTO);
        if (buildIntrospectionResponse.getError() != null) {
            if (log.isDebugEnabled()) {
                log.debug("The error why token is made inactive: " + buildIntrospectionResponse.getError());
            }
            return Response.status(Response.Status.OK).entity("{'active':false}").build();
        }
        IntrospectionResponseBuilder expiration = new IntrospectionResponseBuilder().setActive(buildIntrospectionResponse.isActive()).setNotBefore(buildIntrospectionResponse.getNbf()).setScope(buildIntrospectionResponse.getScope()).setUsername(buildIntrospectionResponse.getUsername()).setTokenType("Bearer").setClientId(buildIntrospectionResponse.getClientId()).setIssuedAt(buildIntrospectionResponse.getIat()).setExpiration(buildIntrospectionResponse.getExp());
        if (str2.equalsIgnoreCase(JWT_TOKEN_TYPE)) {
            expiration.setAudience(buildIntrospectionResponse.getAud()).setJwtId(buildIntrospectionResponse.getJti()).setSubject(buildIntrospectionResponse.getSub()).setIssuer(buildIntrospectionResponse.getIss());
        }
        try {
            return Response.ok(expiration.build(), "application/json").status(Response.Status.OK).build();
        } catch (JSONException e) {
            log.error("Error occured while building the json response.", e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("{'error': 'Error occured while building the json response.'}").build();
        }
    }
}
