package org.cloudfoundry.identity.uaa.oauth;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper;
import org.cloudfoundry.identity.uaa.oauth.token.IntrospectionClaims;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.stereotype.Controller;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.12.1.jar:org/cloudfoundry/identity/uaa/oauth/IntrospectEndpoint.class */
public class IntrospectEndpoint {
    protected final Log logger = LogFactory.getLog(getClass());
    private ResourceServerTokenServices resourceServerTokenServices;

    @RequestMapping(value = {"/introspect"}, method = {RequestMethod.POST})
    @ResponseBody
    public IntrospectionClaims introspect(@RequestParam("token") String str) {
        IntrospectionClaims introspectionClaims = new IntrospectionClaims();
        try {
            OAuth2AccessToken readAccessToken = this.resourceServerTokenServices.readAccessToken(str);
            if (readAccessToken.isExpired()) {
                introspectionClaims.setActive(false);
                return introspectionClaims;
            }
            this.resourceServerTokenServices.loadAuthentication(str);
            IntrospectionClaims claimsForToken = getClaimsForToken(readAccessToken.getValue());
            claimsForToken.setActive(true);
            return claimsForToken;
        } catch (InvalidTokenException e) {
            introspectionClaims.setActive(false);
            return introspectionClaims;
        }
    }

    @RequestMapping({"/introspect"})
    @ResponseBody
    public IntrospectionClaims methodNotSupported(HttpServletRequest httpServletRequest) throws HttpRequestMethodNotSupportedException {
        throw new HttpRequestMethodNotSupportedException(httpServletRequest.getMethod());
    }

    private IntrospectionClaims getClaimsForToken(String str) {
        try {
            return (IntrospectionClaims) JsonUtils.readValue(JwtHelper.decode(str).getClaims(), IntrospectionClaims.class);
        } catch (JsonUtils.JsonUtilException e) {
            this.logger.error("Can't parse introspection claims in token. Is it a valid JSON?");
            throw new InvalidTokenException("Cannot read token claims", e);
        }
    }

    public void setTokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        this.resourceServerTokenServices = resourceServerTokenServices;
    }
}
