package fish.payara.security.openid.domain;

import fish.payara.security.openid.api.AccessToken;
import fish.payara.security.openid.api.JwtClaims;
import fish.payara.security.openid.api.Scope;
import fish.payara.security.openid.controller.JWTValidator;
import fish.payara.security.shaded.nimbusds.jwt.EncryptedJWT;
import fish.payara.security.shaded.nimbusds.jwt.JWT;
import fish.payara.security.shaded.nimbusds.jwt.JWTClaimsSet;
import fish.payara.security.shaded.nimbusds.jwt.JWTParser;
import fish.payara.security.shaded.nimbusds.jwt.SignedJWT;
import fish.payara.security.shaded.nimbusds.jwt.proc.JWTClaimsSetVerifier;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:fish/payara/security/openid/domain/AccessTokenImpl.class */
public class AccessTokenImpl implements AccessToken {
    private final String token;
    private final long tokenMinValidity;
    private final AccessToken.Type type;
    private final JwtClaims jwtClaims;
    private JWT tokenJWT;
    private Map<String, Object> claims;
    private final Long expiresIn;
    private final Scope scope;
    private final long createdAt;

    public AccessTokenImpl(String str, String str2, Long l, String str3, long j) {
        this.token = str2;
        this.tokenMinValidity = j;
        JWTClaimsSet jWTClaimsSet = null;
        try {
            this.tokenJWT = JWTParser.parse(str2);
            jWTClaimsSet = this.tokenJWT.getJWTClaimsSet();
            this.claims = jWTClaimsSet == null ? null : jWTClaimsSet.getClaims();
        } catch (ParseException e) {
        }
        this.jwtClaims = NimbusJwtClaims.ifPresent(jWTClaimsSet);
        this.type = AccessToken.Type.valueOf(str.toUpperCase());
        this.expiresIn = l;
        this.createdAt = System.currentTimeMillis();
        this.scope = Scope.parse(str3);
    }

    private AccessTokenImpl(JWT jwt, JWTClaimsSet jWTClaimsSet, long j) {
        this.token = jwt.getParsedString();
        this.tokenJWT = jwt;
        this.claims = jWTClaimsSet.getClaims();
        this.jwtClaims = NimbusJwtClaims.ifPresent(jWTClaimsSet);
        this.type = AccessToken.Type.BEARER;
        this.expiresIn = null;
        this.createdAt = System.currentTimeMillis();
        this.scope = (Scope) this.jwtClaims.getStringClaim("scope").map(Scope::parse).orElse(null);
        this.tokenMinValidity = j;
    }

    public static AccessTokenImpl forBearerToken(OpenIdConfiguration openIdConfiguration, String str, JWTClaimsSetVerifier jWTClaimsSetVerifier, JWTValidator jWTValidator) throws ParseException {
        JWT parse = JWTParser.parse(str);
        return new AccessTokenImpl(parse, jWTValidator.validateBearerToken(parse, jWTClaimsSetVerifier), openIdConfiguration.getTokenMinValidity());
    }

    public JWT getTokenJWT() {
        return this.tokenJWT;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public boolean isExpired() {
        boolean z;
        if (Objects.nonNull(this.expiresIn)) {
            z = System.currentTimeMillis() + this.tokenMinValidity > this.createdAt + (this.expiresIn.longValue() * 1000);
        } else {
            Date date = (Date) getClaim("exp");
            if (!Objects.nonNull(date)) {
                throw new IllegalStateException("Missing expiration time (exp) claim in access token");
            }
            z = System.currentTimeMillis() + this.tokenMinValidity > date.getTime();
        }
        return z;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public AccessToken.Type getType() {
        return this.type;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public String getToken() {
        return this.token;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public Map<String, Object> getClaims() {
        return this.claims == null ? Collections.emptyMap() : this.claims;
    }

    public void setClaims(Map<String, Object> map) {
        this.claims = map;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public Object getClaim(String str) {
        return getClaims().get(str);
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public Long getExpirationTime() {
        return this.expiresIn;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public Scope getScope() {
        return this.scope;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public boolean isJWT() {
        return this.tokenJWT != null;
    }

    @Override // fish.payara.security.openid.api.AccessToken
    public JwtClaims getJwtClaims() {
        return this.jwtClaims;
    }

    public boolean isEncrypted() {
        return isJWT() && (this.tokenJWT instanceof EncryptedJWT);
    }

    public boolean isSigned() {
        return isJWT() && (this.tokenJWT instanceof SignedJWT);
    }

    public String toString() {
        return this.token;
    }
}
