package org.keycloak.authorization.protection.introspect;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.node.ObjectNode;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.keys.Attributes;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/protection/introspect/RPTIntrospectionProvider.class */
public class RPTIntrospectionProvider extends AccessTokenIntrospectionProvider {
    protected static final Logger LOGGER = Logger.getLogger(RPTIntrospectionProvider.class);

    /* loaded from: input_file:org/keycloak/authorization/protection/introspect/RPTIntrospectionProvider$UmaPermissionRepresentation.class */
    public static class UmaPermissionRepresentation extends Permission {
        public UmaPermissionRepresentation(Permission permission) {
            setResourceId(permission.getResourceId());
            setResourceName(permission.getResourceName());
            setScopes(permission.getScopes());
        }

        @JsonProperty("resource_id")
        public String getUmaResourceId() {
            return getResourceId();
        }

        @JsonProperty("resource_scopes")
        public Set<String> getUmaResourceScopes() {
            return getScopes();
        }
    }

    public RPTIntrospectionProvider(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    public Response introspect(String str) {
        ObjectNode createObjectNode;
        LOGGER.debug("Introspecting requesting party token");
        try {
            AccessToken verifyAccessToken = verifyAccessToken(str);
            if (verifyAccessToken != null) {
                AccessToken accessToken = new AccessToken();
                accessToken.id(verifyAccessToken.getId());
                accessToken.setAcr(verifyAccessToken.getAcr());
                accessToken.type(verifyAccessToken.getType());
                accessToken.expiration(verifyAccessToken.getExpiration());
                accessToken.issuedAt(verifyAccessToken.getIssuedAt());
                accessToken.audience(verifyAccessToken.getAudience());
                accessToken.notBefore(verifyAccessToken.getNotBefore());
                accessToken.setRealmAccess((AccessToken.Access) null);
                accessToken.setResourceAccess((Map) null);
                createObjectNode = JsonSerialization.createObjectNode(accessToken);
                AccessToken.Authorization authorization = verifyAccessToken.getAuthorization();
                if (authorization != null) {
                    createObjectNode.putPOJO("permissions", authorization.getPermissions() != null ? (Collection) authorization.getPermissions().stream().map(UmaPermissionRepresentation::new).collect(Collectors.toSet()) : Collections.emptyList());
                }
            } else {
                createObjectNode = JsonSerialization.createObjectNode();
            }
            createObjectNode.put(Attributes.ACTIVE_KEY, verifyAccessToken != null);
            return Response.ok(JsonSerialization.writeValueAsBytes(createObjectNode)).type(MediaType.APPLICATION_JSON_TYPE).build();
        } catch (Exception e) {
            throw new RuntimeException("Error creating token introspection response.", e);
        }
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    public void close() {
    }
}
