package org.wso2.carbon.identity.oauth.endpoint.user.impl;

import org.wso2.carbon.identity.oauth.endpoint.user.UserInfoAccessTokenValidator;
import org.wso2.carbon.identity.oauth.endpoint.user.UserInfoEndpointException;
import org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;

/* loaded from: input_file:oauth2.war:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/user/impl/UserInfoISAccessTokenValidator.class */
public class UserInfoISAccessTokenValidator implements UserInfoAccessTokenValidator {
    @Override // org.wso2.carbon.identity.oauth.endpoint.user.UserInfoAccessTokenValidator
    public OAuth2TokenValidationResponseDTO validateToken(String str) throws UserInfoEndpointException {
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.getClass();
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
        oAuth2AccessToken.setTokenType("bearer");
        oAuth2AccessToken.setIdentifier(str);
        oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
        OAuth2TokenValidationResponseDTO validate = EndpointUtil.getOAuth2TokenValidationService().validate(oAuth2TokenValidationRequestDTO);
        if (!validate.isValid()) {
            throw new UserInfoEndpointException(UserInfoEndpointException.ERROR_CODE_INVALID_TOKEN, "Access token validation failed");
        }
        boolean z = false;
        for (String str2 : validate.getScope()) {
            if ("openid".equals(str2)) {
                z = true;
            }
        }
        if (!z) {
            throw new UserInfoEndpointException(UserInfoEndpointException.ERROR_CODE_INSUFFICIENT_SCOPE, "Access token does not have the openid scope");
        }
        if (validate.getAuthorizedUser() == null) {
            throw new UserInfoEndpointException(UserInfoEndpointException.ERROR_CODE_INVALID_TOKEN, "Access token is not valid. No authorized user found. Invalid grant");
        }
        validate.getClass();
        validate.setAuthorizationContextToken(new OAuth2TokenValidationResponseDTO.AuthorizationContextToken(validate, oAuth2AccessToken.getTokenType(), oAuth2AccessToken.getIdentifier()));
        return validate;
    }
}
