package org.cloudfoundry.identity.uaa.oauth;

import com.fasterxml.jackson.core.type.TypeReference;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.3.1.jar:org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpoint.class */
public class CheckTokenEndpoint implements InitializingBean {
    private ResourceServerTokenServices resourceServerTokenServices;
    protected final Log logger = LogFactory.getLog(getClass());
    private WebResponseExceptionTranslator exceptionTranslator = new DefaultWebResponseExceptionTranslator();

    public void setTokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        this.resourceServerTokenServices = resourceServerTokenServices;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.resourceServerTokenServices, "tokenServices must be set");
    }

    @RequestMapping({"/check_token"})
    @ResponseBody
    public Map<String, ?> checkToken(@RequestParam("token") String str) {
        OAuth2AccessToken readAccessToken = this.resourceServerTokenServices.readAccessToken(str);
        if (readAccessToken == null) {
            throw new InvalidTokenException("Token was not recognised");
        }
        if (readAccessToken.isExpired()) {
            throw new InvalidTokenException("Token has expired");
        }
        try {
            this.resourceServerTokenServices.loadAuthentication(str);
            return getClaimsForToken(str);
        } catch (AuthenticationException e) {
            throw new InvalidTokenException(e.getMessage());
        }
    }

    private Map<String, Object> getClaimsForToken(String str) {
        try {
            try {
                return (Map) JsonUtils.readValue(JwtHelper.decode(str).getClaims(), new TypeReference<Map<String, Object>>() { // from class: org.cloudfoundry.identity.uaa.oauth.CheckTokenEndpoint.1
                });
            } catch (JsonUtils.JsonUtilException e) {
                throw new IllegalStateException("Cannot read token claims", e);
            }
        } catch (Throwable th) {
            throw new InvalidTokenException("Invalid token (could not decode): " + str);
        }
    }

    @ExceptionHandler({InvalidTokenException.class})
    public ResponseEntity<OAuth2Exception> handleException(Exception exc) throws Exception {
        this.logger.info("Handling error: " + exc.getClass().getSimpleName() + ", " + exc.getMessage());
        return this.exceptionTranslator.translate(new InvalidTokenException(exc.getMessage()) { // from class: org.cloudfoundry.identity.uaa.oauth.CheckTokenEndpoint.2
            @Override // org.springframework.security.oauth2.common.exceptions.InvalidTokenException, org.springframework.security.oauth2.common.exceptions.ClientAuthenticationException, org.springframework.security.oauth2.common.exceptions.OAuth2Exception
            public int getHttpErrorCode() {
                return 400;
            }
        });
    }
}
