package org.iplass.mtp.impl.auth.oauth;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.iplass.mtp.auth.login.Credential;
import org.iplass.mtp.auth.oauth.definition.CustomTokenIntrospectorDefinition;
import org.iplass.mtp.auth.oauth.definition.OAuthResourceServerDefinition;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.auth.authenticate.token.AuthTokenService;
import org.iplass.mtp.impl.auth.oauth.MetaCustomTokenIntrospector;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthAuthorization;
import org.iplass.mtp.impl.auth.oauth.token.AccessToken;
import org.iplass.mtp.impl.auth.oauth.util.IdTokenConstants;
import org.iplass.mtp.impl.auth.oauth.util.OAuthEndpointConstants;
import org.iplass.mtp.impl.definition.DefinableMetaData;
import org.iplass.mtp.impl.metadata.BaseMetaDataRuntime;
import org.iplass.mtp.impl.metadata.BaseRootMetaData;
import org.iplass.mtp.impl.metadata.MetaDataConfig;
import org.iplass.mtp.impl.util.ObjectUtil;
import org.iplass.mtp.spi.ServiceRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/MetaOAuthResourceServer.class */
public class MetaOAuthResourceServer extends BaseRootMetaData implements DefinableMetaData<OAuthResourceServerDefinition> {
    private static final long serialVersionUID = 1339189788049685788L;
    private static Logger logger = LoggerFactory.getLogger(MetaOAuthResourceServer.class);
    private List<MetaCustomTokenIntrospector> customTokenIntrospectors;

    /* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/MetaOAuthResourceServer$OAuthResourceServerRuntime.class */
    public class OAuthResourceServerRuntime extends BaseMetaDataRuntime {
        private OAuthClientCredentialHandler ch;
        private List<MetaCustomTokenIntrospector.CustomTokenIntrospectorRuntime> customTokenIntrospectorRuntimes;

        private OAuthResourceServerRuntime() {
            this.ch = (OAuthClientCredentialHandler) ServiceRegistry.getRegistry().getService(AuthTokenService.class).getHandler(OAuthClientCredentialHandler.TYPE_RESOURCE_SERVER);
            try {
                if (MetaOAuthResourceServer.this.customTokenIntrospectors != null) {
                    this.customTokenIntrospectorRuntimes = new ArrayList();
                    for (int i = 0; i < MetaOAuthResourceServer.this.customTokenIntrospectors.size(); i++) {
                        this.customTokenIntrospectorRuntimes.add(((MetaCustomTokenIntrospector) MetaOAuthResourceServer.this.customTokenIntrospectors.get(i)).createRuntime(MetaOAuthResourceServer.this.getId(), i));
                    }
                }
            } catch (RuntimeException e) {
                setIllegalStateException(e);
            }
        }

        /* renamed from: getMetaData, reason: merged with bridge method [inline-methods] */
        public MetaOAuthResourceServer m53getMetaData() {
            return MetaOAuthResourceServer.this;
        }

        public Credential generateCredential() {
            return this.ch.generateCredential(MetaOAuthResourceServer.this.getName());
        }

        public boolean validateCredential(Credential credential) {
            return this.ch.validateCredential(credential, MetaOAuthResourceServer.this.getName());
        }

        public void deleteOldCredential() {
            this.ch.deleteOldCredential(MetaOAuthResourceServer.this.getName());
        }

        public Map<String, Object> toResponseMap(RequestContext requestContext, AccessToken accessToken, MetaOAuthAuthorization.OAuthAuthorizationRuntime oAuthAuthorizationRuntime) {
            HashMap hashMap = new HashMap();
            hashMap.put("active", true);
            hashMap.put(OAuthEndpointConstants.PARAM_TOKEN_TYPE, "Bearer");
            if (accessToken.getGrantedScopes() != null) {
                hashMap.put(OAuthEndpointConstants.PARAM_SCOPE, String.join(" ", accessToken.getGrantedScopes()));
            }
            hashMap.put(OAuthEndpointConstants.PARAM_CLIENT_ID, accessToken.getClientId());
            hashMap.put("username", accessToken.getUser().getName());
            hashMap.put(IdTokenConstants.CLAIM_SUB, accessToken.getUser().getOid());
            hashMap.put(IdTokenConstants.CLAIM_EXP, Long.valueOf(accessToken.getExpirationTime()));
            hashMap.put(IdTokenConstants.CLAIM_IAT, Long.valueOf(accessToken.getIssuedAt()));
            hashMap.put("nbf", Long.valueOf(accessToken.getNotBefore()));
            hashMap.put(IdTokenConstants.CLAIM_AUD, MetaOAuthResourceServer.this.getName());
            hashMap.put("iss", oAuthAuthorizationRuntime.issuerId(requestContext));
            if (MetaOAuthResourceServer.this.customTokenIntrospectors != null) {
                for (MetaCustomTokenIntrospector.CustomTokenIntrospectorRuntime customTokenIntrospectorRuntime : this.customTokenIntrospectorRuntimes) {
                    if (!customTokenIntrospectorRuntime.handle(hashMap, requestContext, accessToken)) {
                        if (!MetaOAuthResourceServer.logger.isDebugEnabled()) {
                            return null;
                        }
                        MetaOAuthResourceServer.logger.debug("ResourceServer:" + MetaOAuthResourceServer.this.getName() + "'s " + customTokenIntrospectorRuntime.getMetaData() + " handle fail. accessToken:" + hashMap);
                        return null;
                    }
                }
            }
            return hashMap;
        }
    }

    public List<MetaCustomTokenIntrospector> getCustomTokenIntrospectors() {
        return this.customTokenIntrospectors;
    }

    public void setCustomTokenIntrospectors(List<MetaCustomTokenIntrospector> list) {
        this.customTokenIntrospectors = list;
    }

    public void applyConfig(OAuthResourceServerDefinition oAuthResourceServerDefinition) {
        this.name = oAuthResourceServerDefinition.getName();
        this.description = oAuthResourceServerDefinition.getDescription();
        this.displayName = oAuthResourceServerDefinition.getDisplayName();
        if (oAuthResourceServerDefinition.getCustomTokenIntrospectors() == null) {
            this.customTokenIntrospectors = null;
            return;
        }
        this.customTokenIntrospectors = new ArrayList();
        for (CustomTokenIntrospectorDefinition customTokenIntrospectorDefinition : oAuthResourceServerDefinition.getCustomTokenIntrospectors()) {
            MetaCustomTokenIntrospector createInstance = MetaCustomTokenIntrospector.createInstance(customTokenIntrospectorDefinition);
            createInstance.applyConfig(customTokenIntrospectorDefinition);
            this.customTokenIntrospectors.add(createInstance);
        }
    }

    /* renamed from: currentConfig, reason: merged with bridge method [inline-methods] */
    public OAuthResourceServerDefinition m52currentConfig() {
        OAuthResourceServerDefinition oAuthResourceServerDefinition = new OAuthResourceServerDefinition();
        oAuthResourceServerDefinition.setName(this.name);
        oAuthResourceServerDefinition.setDescription(this.description);
        oAuthResourceServerDefinition.setDisplayName(this.displayName);
        if (this.customTokenIntrospectors != null) {
            oAuthResourceServerDefinition.setCustomTokenIntrospectors(new ArrayList());
            Iterator<MetaCustomTokenIntrospector> it = this.customTokenIntrospectors.iterator();
            while (it.hasNext()) {
                oAuthResourceServerDefinition.getCustomTokenIntrospectors().add(it.next().currentConfig());
            }
        }
        return oAuthResourceServerDefinition;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: copy, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public MetaOAuthResourceServer m51copy() {
        return (MetaOAuthResourceServer) ObjectUtil.deepCopy(this);
    }

    /* renamed from: createRuntime, reason: merged with bridge method [inline-methods] */
    public OAuthResourceServerRuntime m50createRuntime(MetaDataConfig metaDataConfig) {
        return new OAuthResourceServerRuntime();
    }
}
