package com.authlete.jaxrs;

import com.authlete.common.api.AuthleteApi;
import com.authlete.common.dto.IntrospectionResponse;
import java.io.Serializable;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/authlete/jaxrs/AccessTokenValidator.class */
public class AccessTokenValidator extends BaseHandler {
    private static final String CHALLENGE_ON_MISSING_ACCESS_TOKEN = "Bearer error=\"invalid_token\",error_description=\"An access token is missing.\"";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.authlete.jaxrs.AccessTokenValidator$1, reason: invalid class name */
    /* loaded from: input_file:com/authlete/jaxrs/AccessTokenValidator$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action = new int[IntrospectionResponse.Action.values().length];

        static {
            try {
                $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[IntrospectionResponse.Action.INTERNAL_SERVER_ERROR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[IntrospectionResponse.Action.BAD_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[IntrospectionResponse.Action.UNAUTHORIZED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[IntrospectionResponse.Action.FORBIDDEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[IntrospectionResponse.Action.OK.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:com/authlete/jaxrs/AccessTokenValidator$Params.class */
    public static class Params implements Serializable {
        private static final long serialVersionUID = 1;
        private String accessToken;
        private String[] requiredScopes;
        private String requiredSubject;
        private String clientCertificate;
        private String dpop;
        private String htm;
        private String htu;

        public String getAccessToken() {
            return this.accessToken;
        }

        public Params setAccessToken(String str) {
            this.accessToken = str;
            return this;
        }

        public String[] getRequiredScopes() {
            return this.requiredScopes;
        }

        public Params setRequiredScopes(String[] strArr) {
            this.requiredScopes = strArr;
            return this;
        }

        public String getRequiredSubject() {
            return this.requiredSubject;
        }

        public Params setRequiredSubject(String str) {
            this.requiredSubject = str;
            return this;
        }

        public String getClientCertificate() {
            return this.clientCertificate;
        }

        public Params setClientCertificate(String str) {
            this.clientCertificate = str;
            return this;
        }

        public String getDpop() {
            return this.dpop;
        }

        public Params setDpop(String str) {
            this.dpop = str;
            return this;
        }

        public String getHtm() {
            return this.htm;
        }

        public Params setHtm(String str) {
            this.htm = str;
            return this;
        }

        public String getHtu() {
            return this.htu;
        }

        public Params setHtu(String str) {
            this.htu = str;
            return this;
        }
    }

    public AccessTokenValidator(AuthleteApi authleteApi) {
        super(authleteApi);
    }

    public AccessTokenInfo validate(String str) throws WebApplicationException {
        return validate(new Params().setAccessToken(str));
    }

    public AccessTokenInfo validate(String str, String[] strArr) throws WebApplicationException {
        return validate(new Params().setAccessToken(str).setRequiredScopes(strArr));
    }

    public AccessTokenInfo validate(String str, String[] strArr, String str2, String str3) throws WebApplicationException {
        return validate(new Params().setAccessToken(str).setRequiredScopes(strArr).setRequiredSubject(str2).setClientCertificate(str3));
    }

    public AccessTokenInfo validate(Params params) throws WebApplicationException {
        if (params == null || params.getAccessToken() == null) {
            throw toException(Response.Status.BAD_REQUEST, CHALLENGE_ON_MISSING_ACCESS_TOKEN);
        }
        try {
            return process(params);
        } catch (WebApplicationException e) {
            throw e;
        } catch (Throwable th) {
            throw unexpected("Unexpected error in AccessTokenValidator", th);
        }
    }

    private AccessTokenInfo process(Params params) throws WebApplicationException {
        IntrospectionResponse callIntrospection = getApiCaller().callIntrospection(params.getAccessToken(), params.getRequiredScopes(), params.getRequiredSubject(), params.getClientCertificate(), params.getDpop(), params.getHtm(), params.getHtu());
        IntrospectionResponse.Action action = callIntrospection.getAction();
        String responseContent = callIntrospection.getResponseContent();
        switch (AnonymousClass1.$SwitchMap$com$authlete$common$dto$IntrospectionResponse$Action[action.ordinal()]) {
            case 1:
                throw toException(Response.Status.INTERNAL_SERVER_ERROR, responseContent);
            case 2:
                throw toException(Response.Status.BAD_REQUEST, responseContent);
            case 3:
                throw toException(Response.Status.UNAUTHORIZED, responseContent);
            case 4:
                throw toException(Response.Status.FORBIDDEN, responseContent);
            case 5:
                return new AccessTokenInfo(params.getAccessToken(), callIntrospection);
            default:
                throw getApiCaller().unknownAction("/api/auth/introspection", action);
        }
    }

    private WebApplicationException toException(Response.Status status, String str) {
        return new WebApplicationException(ResponseUtil.bearerError(status, str));
    }
}
