package com.predic8.membrane.core.interceptor.oauth2.request;

import com.bornium.security.oauth2openid.Constants;
import com.fasterxml.jackson.core.JsonGenerator;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.MimeType;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.TokenAuthorizationHeader;
import com.predic8.membrane.core.interceptor.oauth2.parameter.ClaimsParameter;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.0.1.jar:com/predic8/membrane/core/interceptor/oauth2/request/UserinfoRequest.class */
public class UserinfoRequest extends ParameterizedRequest {
    private TokenAuthorizationHeader authHeader;
    private HashMap<String, String> sessionProperties;

    public UserinfoRequest(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor, Exchange exchange) throws Exception {
        super(oAuth2AuthorizationServerInterceptor, exchange);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response checkForMissingParameters() throws Exception {
        this.authHeader = new TokenAuthorizationHeader(this.exc.getRequest());
        return !this.authHeader.isSet() ? buildWwwAuthenticateErrorResponse(Response.badRequest(), Constants.ERROR_INVALID_REQUEST) : new NoResponse();
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response processWithParameters() throws Exception {
        if (!this.authHeader.isValid() || !this.authServer.getSessionFinder().hasSessionForToken(this.authHeader.getToken())) {
            return buildWwwAuthenticateErrorResponse(Response.unauthorized(), Constants.ERROR_INVALID_TOKEN);
        }
        this.sessionProperties = new HashMap<>(this.authServer.getSessionFinder().getSessionForToken(this.authHeader.getToken()).getUserAttributes());
        this.authServer.getTokenGenerator().getUsername(this.authHeader.getToken());
        return new NoResponse();
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.request.ParameterizedRequest
    protected Response getResponse() throws Exception {
        return Response.ok().body(getUserDataAsJson(this.sessionProperties)).contentType(MimeType.APPLICATION_JSON_UTF8).build();
    }

    protected String getUserDataAsJson(Map<String, String> map) throws IOException {
        String json;
        HashMap hashMap = new HashMap();
        if (map.get("scope") != null) {
            if (OAuth2Util.isOpenIdScope(map.get("scope"))) {
                hashMap.putAll(getClaimsFromClaimsParameter(map));
            }
            hashMap.putAll(getClaimsFromScopes(map));
        }
        synchronized (this.jsonGen) {
            JsonGenerator resetAndGet = this.jsonGen.resetAndGet();
            resetAndGet.writeStartObject();
            for (String str : hashMap.keySet()) {
                resetAndGet.writeObjectField(str, hashMap.get(str));
            }
            resetAndGet.writeEndObject();
            json = this.jsonGen.getJson();
        }
        return json;
    }

    private Map<String, String> getClaimsFromClaimsParameter(Map<String, String> map) {
        return this.authServer.getClaimList().getClaimsFromSession(map, new ClaimsParameter(this.authServer.getClaimList().getSupportedClaims(), map.get("claims")).getUserinfoClaims());
    }

    private Map<String, String> getClaimsFromScopes(Map<String, String> map) {
        String[] split = map.get("scope").split(" ");
        HashSet<String> hashSet = new HashSet<>();
        for (String str : split) {
            hashSet.addAll(this.authServer.getClaimList().getClaimsForScope(str));
        }
        return this.authServer.getClaimList().getClaimsFromSession(map, hashSet);
    }
}
