package net.krotscheck.kangaroo.authz.oauth2.resource;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.math.BigInteger;
import java.util.Optional;
import javax.annotation.security.PermitAll;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2AuthScheme;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2BearerToken;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Client;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Principal;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.common.hibernate.transaction.Transactional;
import net.krotscheck.kangaroo.util.ObjectUtil;
import org.hibernate.Session;

@Transactional
@Api(tags = {"OAuth2"})
@Path("/introspect")
@PermitAll
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/IntrospectionService.class */
public final class IntrospectionService {
    private final Session session;
    private final SecurityContext securityContext;

    @Inject
    public IntrospectionService(Session session, SecurityContext securityContext) {
        this.session = session;
        this.securityContext = securityContext;
    }

    @Consumes({"application/x-www-form-urlencoded"})
    @O2Client(permitPublic = false)
    @ApiOperation("OAuth2 Introspection endpoint.")
    @POST
    @Produces({"application/json"})
    @O2BearerToken
    public Response introspectionRequest(@FormParam("token") @ApiParam(type = "string") BigInteger bigInteger) {
        OAuthToken oAuthToken;
        O2Principal o2Principal = (O2Principal) ObjectUtil.safeCast(this.securityContext.getUserPrincipal(), O2Principal.class).orElseThrow(RFC6749.AccessDeniedException::new);
        if (O2AuthScheme.valueOf(o2Principal.getScheme()).equals(O2AuthScheme.BearerToken)) {
            oAuthToken = (OAuthToken) Optional.ofNullable(o2Principal.getOAuthToken()).filter(oAuthToken2 -> {
                return oAuthToken2.getId().equals(bigInteger);
            }).orElse(null);
        } else {
            Client context = o2Principal.getContext();
            oAuthToken = (OAuthToken) Optional.ofNullable(bigInteger).map(bigInteger2 -> {
                return (OAuthToken) this.session.get(OAuthToken.class, bigInteger2);
            }).filter(oAuthToken3 -> {
                return oAuthToken3.getClient().getApplication().equals(context.getApplication());
            }).orElse(null);
        }
        return Response.ok((IntrospectionResponseEntity) Optional.ofNullable(oAuthToken).map(IntrospectionResponseEntity::new).orElse(new IntrospectionResponseEntity())).build();
    }
}
