package org.forgerock.http.oauth2.resolver;

import java.io.Closeable;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.forgerock.http.Handler;
import org.forgerock.http.oauth2.AccessTokenException;
import org.forgerock.http.oauth2.AccessTokenInfo;
import org.forgerock.http.oauth2.AccessTokenResolver;
import org.forgerock.http.oauth2.OAuth2Error;
import org.forgerock.http.protocol.Entity;
import org.forgerock.http.protocol.Form;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Responses;
import org.forgerock.http.protocol.Status;
import org.forgerock.json.JsonValue;
import org.forgerock.json.JsonValueException;
import org.forgerock.json.JsonValueFunctions;
import org.forgerock.services.context.Context;
import org.forgerock.util.Function;
import org.forgerock.util.Utils;
import org.forgerock.util.annotations.VisibleForTesting;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;
import org.forgerock.util.time.TimeService;

/* loaded from: input_file:org/forgerock/http/oauth2/resolver/OpenAmAccessTokenResolver.class */
public class OpenAmAccessTokenResolver implements AccessTokenResolver {
    private final Handler client;
    private final String tokenInfoEndpoint;
    private final Function<JsonValue, AccessTokenInfo, AccessTokenException> accessToken;

    @VisibleForTesting
    /* loaded from: input_file:org/forgerock/http/oauth2/resolver/OpenAmAccessTokenResolver$TokenInfoParser.class */
    static class TokenInfoParser implements Function<JsonValue, AccessTokenInfo, AccessTokenException> {
        private final TimeService time;

        TokenInfoParser(TimeService timeService) {
            this.time = timeService;
        }

        public AccessTokenInfo apply(JsonValue jsonValue) throws AccessTokenException {
            try {
                long longValue = jsonValue.get("expires_in").required().asLong().longValue();
                return new AccessTokenInfo(jsonValue, jsonValue.get("access_token").required().asString(), (Set) jsonValue.get(OAuth2Error.F_SCOPE).required().as(JsonValueFunctions.setOf(String.class)), getExpirationTime(longValue));
            } catch (JsonValueException | NullPointerException e) {
                throw new AccessTokenException("Cannot build AccessToken from the given JSON: invalid format", e);
            }
        }

        private long getExpirationTime(long j) {
            return this.time.now() + TimeUnit.MILLISECONDS.convert(j, TimeUnit.SECONDS);
        }
    }

    public OpenAmAccessTokenResolver(Handler handler, TimeService timeService, String str) {
        this(handler, new TokenInfoParser(timeService), str);
    }

    private OpenAmAccessTokenResolver(Handler handler, Function<JsonValue, AccessTokenInfo, AccessTokenException> function, String str) {
        this.client = handler;
        this.accessToken = function;
        this.tokenInfoEndpoint = str;
    }

    @Override // org.forgerock.http.oauth2.AccessTokenResolver
    public Promise<AccessTokenInfo, AccessTokenException> resolve(Context context, String str) {
        try {
            Request request = new Request();
            request.setMethod("GET");
            request.setUri(new URI(this.tokenInfoEndpoint));
            Form form = new Form();
            form.add("access_token", str);
            form.toRequestQuery(request);
            return this.client.handle(context, request).then(onResult(), Responses.noopExceptionFunction());
        } catch (URISyntaxException e) {
            return Promises.newExceptionPromise(new AccessTokenException(String.format("The token_info endpoint %s could not be accessed because it is a malformed URI", this.tokenInfoEndpoint), e));
        }
    }

    private Function<Response, AccessTokenInfo, AccessTokenException> onResult() {
        return new Function<Response, AccessTokenInfo, AccessTokenException>() { // from class: org.forgerock.http.oauth2.resolver.OpenAmAccessTokenResolver.1
            public AccessTokenInfo apply(Response response) throws AccessTokenException {
                if (OpenAmAccessTokenResolver.this.isResponseEmpty(response)) {
                    throw new AccessTokenException("Authorization Server did not return any AccessToken");
                }
                JsonValue asJson = OpenAmAccessTokenResolver.this.asJson(response.getEntity());
                if (OpenAmAccessTokenResolver.this.isOk(response)) {
                    return (AccessTokenInfo) asJson.as(OpenAmAccessTokenResolver.this.accessToken);
                }
                if (asJson.isDefined(OAuth2Error.F_ERROR)) {
                    throw new AccessTokenException(String.format("Authorization Server returned an error (error: %s, description: %s)", asJson.get(OAuth2Error.F_ERROR).asString(), asJson.get(OAuth2Error.F_ERROR_DESCRIPTION).asString()));
                }
                throw new AccessTokenException("AccessToken returned by the AuthorizationServer has a problem");
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isResponseEmpty(Response response) {
        return response == null || response.getEntity() == null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isOk(Response response) {
        return Status.OK.equals(response.getStatus());
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public JsonValue asJson(Entity entity) throws AccessTokenException {
        try {
            try {
                JsonValue jsonValue = new JsonValue(entity.getJson());
                Utils.closeSilently(new Closeable[]{entity});
                return jsonValue;
            } catch (IOException e) {
                throw new AccessTokenException("Cannot read response content as JSON", e);
            }
        } catch (Throwable th) {
            Utils.closeSilently(new Closeable[]{entity});
            throw th;
        }
    }
}
