package org.opentmf.security.jwt;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import java.time.Instant;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Stream;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;

@Service
/* loaded from: input_file:org/opentmf/security/jwt/JwtServiceImpl.class */
public class JwtServiceImpl implements JwtService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(JwtServiceImpl.class);
    private static final String TOKEN_VALIDATION_MESSAGE = "Token cannot be null or empty";
    private static final String CLAIM_KEY_VALIDATION_MESSAGE = "Claim key cannot be null or empty";
    private static final String INVALID_TOKEN_MESSAGE = "Invalid token";
    private final JwtDecoder jwtDecoder;

    @Override // org.opentmf.security.jwt.JwtService
    public String getJwtPrincipal(String str) {
        Assert.hasText(str, TOKEN_VALIDATION_MESSAGE);
        return (String) Optional.ofNullable(decodeJwt(str)).map((v0) -> {
            return v0.getSubject();
        }).orElseThrow(() -> {
            return new InvalidBearerTokenException(INVALID_TOKEN_MESSAGE);
        });
    }

    @Override // org.opentmf.security.jwt.JwtService
    public boolean isExpiredToken(Jwt jwt) {
        return ((Boolean) Optional.ofNullable(jwt).map((v0) -> {
            return v0.getExpiresAt();
        }).map(instant -> {
            return Boolean.valueOf(Instant.now().isAfter(instant));
        }).orElse(true)).booleanValue();
    }

    @Override // org.opentmf.security.jwt.JwtService
    public boolean isExpiredToken(String str) {
        return ((Boolean) Optional.ofNullable(parseJwt(str).getExpirationTime()).map((v0) -> {
            return v0.toInstant();
        }).map(instant -> {
            return Boolean.valueOf(Instant.now().isAfter(instant));
        }).orElseThrow(() -> {
            return new InvalidBearerTokenException("Failed to retrieve expiration time from token");
        })).booleanValue();
    }

    @Override // org.opentmf.security.jwt.JwtService
    public Jwt decodeJwt(String str) {
        try {
            return this.jwtDecoder.decode(str);
        } catch (JwtException e) {
            throw new AuthenticationServiceException(e.getMessage(), e);
        } catch (BadJwtException e2) {
            log.debug("Failed to authenticate since the JWT was invalid");
            throw new InvalidBearerTokenException(e2.getMessage(), e2);
        }
    }

    @Override // org.opentmf.security.jwt.JwtService
    public List<SimpleGrantedAuthority> getGrantedAuthorities(String str, String str2) {
        return (List) getClaim(str, jwt -> {
            return JwtUtil.extractNestedClaimValuesAsList(jwt, str2);
        }).map(list -> {
            return list.stream().map(SimpleGrantedAuthority::new).toList();
        }).orElseGet(Collections::emptyList);
    }

    @Override // org.opentmf.security.jwt.JwtService
    public <T> Optional<T> getClaim(String str, Function<Jwt, T> function) {
        Assert.hasText(str, TOKEN_VALIDATION_MESSAGE);
        Assert.notNull(function, "claimResolver cannot be null");
        return Optional.ofNullable(decodeJwt(str)).map(function);
    }

    @Override // org.opentmf.security.jwt.JwtService
    public <T> Optional<T> getJwtClaim(String str, String str2) {
        Assert.hasText(str2, CLAIM_KEY_VALIDATION_MESSAGE);
        Assert.hasText(str, TOKEN_VALIDATION_MESSAGE);
        JWTClaimsSet parseJwt = parseJwt(str);
        log.debug("Retrieving claim: {} from token", str2);
        return Optional.ofNullable(parseJwt.getClaim(str2));
    }

    private JWTClaimsSet parseJwt(String str) {
        try {
            return JWTParser.parse(str).getJWTClaimsSet();
        } catch (ParseException e) {
            log.error("Failed to parse token: {}", e.getMessage());
            throw new InvalidBearerTokenException("Failed to parse token", e);
        }
    }

    @Override // org.opentmf.security.jwt.JwtService
    public List<String> getJwtClaims(String str, String str2) {
        return (List) getJwtClaim(str, str2).map(this::convertClaimToList).orElseGet(Collections::emptyList);
    }

    private List<String> convertClaimToList(Object obj) {
        if (obj instanceof List) {
            return convertListClaimToList((List) obj);
        }
        if (obj instanceof String) {
            return convertStringClaimToList((String) obj);
        }
        throw new IllegalArgumentException("Unsupported claim type: " + obj.getClass().getSimpleName());
    }

    private List<String> convertListClaimToList(List<?> list) {
        Stream<?> stream = list.stream();
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        Stream<?> filter = stream.filter(cls::isInstance);
        Class<String> cls2 = String.class;
        Objects.requireNonNull(String.class);
        return filter.map(cls2::cast).toList();
    }

    private List<String> convertStringClaimToList(String str) {
        return List.of(str);
    }

    @Generated
    public JwtServiceImpl(JwtDecoder jwtDecoder) {
        this.jwtDecoder = jwtDecoder;
    }
}
