package io.jans.ca.server.op;

import io.jans.as.client.JwkClient;
import io.jans.as.client.OpenIdConfigurationResponse;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jws.RSASigner;
import io.jans.as.model.jwt.Jwt;
import io.jans.ca.common.params.CheckAccessTokenParams;
import io.jans.ca.common.response.CheckAccessTokenResponse;
import io.jans.ca.common.response.IOpResponse;
import io.jans.ca.server.service.DiscoveryService;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/ca/server/op/CheckAccessTokenOperation.class */
public class CheckAccessTokenOperation extends BaseOperation<CheckAccessTokenParams> {
    private static final Logger LOG = LoggerFactory.getLogger(CheckAccessTokenOperation.class);

    @Inject
    DiscoveryService discoveryService;

    @Override // io.jans.ca.server.op.IOperation
    public IOpResponse execute(CheckAccessTokenParams checkAccessTokenParams, HttpServletRequest httpServletRequest) throws Exception {
        OpenIdConfigurationResponse connectDiscoveryResponseByRpId = this.discoveryService.getConnectDiscoveryResponseByRpId(checkAccessTokenParams.getRpId());
        String idToken = checkAccessTokenParams.getIdToken();
        String accessToken = checkAccessTokenParams.getAccessToken();
        Jwt parse = Jwt.parse(idToken);
        Date claimAsDate = parse.getClaims().getClaimAsDate("iat");
        Date claimAsDate2 = parse.getClaims().getClaimAsDate("exp");
        CheckAccessTokenResponse checkAccessTokenResponse = new CheckAccessTokenResponse();
        checkAccessTokenResponse.setActive(isAccessTokenValid(accessToken, parse, connectDiscoveryResponseByRpId));
        checkAccessTokenResponse.setIssuedAt(claimAsDate);
        checkAccessTokenResponse.setExpiresAt(claimAsDate2);
        return checkAccessTokenResponse;
    }

    @Override // io.jans.ca.server.op.IOperation
    public Class<CheckAccessTokenParams> getParameterClass() {
        return CheckAccessTokenParams.class;
    }

    @Override // io.jans.ca.server.op.IOperation
    public String getReturnType() {
        return "application/json";
    }

    private boolean isAccessTokenValid(String str, Jwt jwt, OpenIdConfigurationResponse openIdConfigurationResponse) {
        try {
            return new RSASigner(SignatureAlgorithm.fromString(jwt.getHeader().getClaimAsString("alg")), JwkClient.getRSAPublicKey(openIdConfigurationResponse.getJwksUri(), jwt.getHeader().getClaimAsString("kid"))).validateAccessToken(str, jwt);
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            return false;
        }
    }
}
