package com.bornium.security.oauth2openid.server.endpoints;

import com.bornium.http.Exchange;
import com.bornium.http.Response;
import com.bornium.security.oauth2openid.Constants;
import com.bornium.security.oauth2openid.server.ServerServices;
import com.bornium.security.oauth2openid.token.Token;
import java.util.HashMap;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/oauth2-openid-1.2.0.jar:com/bornium/security/oauth2openid/server/endpoints/UserinfoEndpoint.class */
public class UserinfoEndpoint extends Endpoint {
    public UserinfoEndpoint(ServerServices serverServices) {
        super(serverServices, Constants.ENDPOINT_USERINFO);
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public void invokeOn(Exchange exchange) throws Exception {
        if (exchange.getRequest().getHeader().getValue("Authorization") == null) {
            this.log.debug("Header 'Authorization' is missing.");
            exchange.setResponse(answerWithBody(401, "", ""));
            exchange.getResponse().getHeader().append("WWW-Authenticate", "Bearer realm=\"token\"");
            return;
        }
        String[] split = exchange.getRequest().getHeader().getValue("Authorization").split(Pattern.quote(" "));
        if (split.length != 2) {
            this.log.debug("Authorization header is badly formatted.");
            exchange.setResponse(answerWithError(401, Constants.ERROR_INVALID_TOKEN));
            return;
        }
        if (!Constants.PARAMETER_VALUE_BEARER.equals(split[0])) {
            this.log.debug("Authorization type is not 'Bearer'.");
            exchange.setResponse(answerWithError(401, Constants.ERROR_INVALID_TOKEN));
            return;
        }
        String str = split[1];
        if (!this.serverServices.getTokenManager().getAccessTokens().tokenExists(str)) {
            this.log.debug("Authorization token is unknown.");
            exchange.setResponse(answerWithError(401, Constants.ERROR_INVALID_TOKEN));
            return;
        }
        Token token = this.serverServices.getTokenManager().getAccessTokens().getToken(str);
        if (token.isExpired()) {
            this.log.debug("Authorization token is expired.");
            exchange.setResponse(answerWithError(401, Constants.ERROR_INVALID_TOKEN));
            return;
        }
        HashMap hashMap = new HashMap();
        Set<String> validUserinfoClaimsFromToken = getValidUserinfoClaimsFromToken(token);
        validUserinfoClaimsFromToken.add(this.serverServices.getProvidedServices().getSubClaimName());
        hashMap.putAll(Parameters.stripNullParams(this.serverServices.getProvidedServices().getUserDataProvider().getClaims(token.getUsername(), validUserinfoClaimsFromToken)));
        exchange.setResponse(okWithJSONBody(hashMap));
    }

    private Response createErrorResponse(String str) {
        Response answerWithBody = answerWithBody(401, "", "");
        answerWithBody.getHeader().append("WWW-Authenticate", "Bearer realm=\"token\", error=" + str);
        return answerWithBody;
    }

    @Override // com.bornium.security.oauth2openid.server.endpoints.Endpoint
    public String getScope(Exchange exchange) throws Exception {
        return null;
    }
}
