package io.camunda.zeebe.auth.impl;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.camunda.zeebe.auth.api.AuthorizationDecoder;
import io.camunda.zeebe.auth.api.JwtAuthorizationBuilder;
import io.camunda.zeebe.util.exception.UnrecoverableException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/zeebe/auth/impl/JwtAuthorizationDecoder.class */
public class JwtAuthorizationDecoder implements JwtAuthorizationBuilder<JwtAuthorizationDecoder, Algorithm, DecodedJWT>, AuthorizationDecoder<Map<String, Object>> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JwtAuthorizationDecoder.class);
    private String issuer = JwtAuthorizationBuilder.DEFAULT_ISSUER;
    private String audience = JwtAuthorizationBuilder.DEFAULT_AUDIENCE;
    private String subject = JwtAuthorizationBuilder.DEFAULT_SUBJECT;
    private Algorithm signingAlgorithm = Algorithm.none();
    private final Set<String> claims = new HashSet();
    private String jwtToken;

    public JwtAuthorizationDecoder(String str) {
        this.jwtToken = str;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.camunda.zeebe.auth.api.JwtAuthorizationBuilder
    public JwtAuthorizationDecoder withSubject(String str) {
        this.subject = str;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.camunda.zeebe.auth.api.JwtAuthorizationBuilder
    public JwtAuthorizationDecoder withIssuer(String str) {
        this.issuer = str;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.camunda.zeebe.auth.api.JwtAuthorizationBuilder
    public JwtAuthorizationDecoder withAudience(String str) {
        this.audience = str;
        return this;
    }

    @Override // io.camunda.zeebe.auth.api.JwtAuthorizationBuilder
    public JwtAuthorizationDecoder withSigningAlgorithm(Algorithm algorithm) {
        this.signingAlgorithm = algorithm;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.camunda.zeebe.auth.api.JwtAuthorizationBuilder
    public DecodedJWT build() {
        return validateJwtToken();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.camunda.zeebe.auth.api.AuthorizationDecoder
    public Map<String, Object> decode() {
        DecodedJWT build = withClaim(Authorization.AUTHORIZED_TENANTS).build();
        HashMap hashMap = new HashMap();
        hashMap.put(Authorization.AUTHORIZED_TENANTS, build.getClaim(Authorization.AUTHORIZED_TENANTS).asList(String.class));
        if (build.getClaims().containsKey(Authorization.AUTHORIZED_USER_KEY)) {
            hashMap.put(Authorization.AUTHORIZED_USER_KEY, build.getClaim(Authorization.AUTHORIZED_USER_KEY).asLong());
        }
        if (build.getClaims().containsKey(Authorization.AUTHORIZED_ANONYMOUS_USER)) {
            hashMap.put(Authorization.AUTHORIZED_ANONYMOUS_USER, build.getClaim(Authorization.AUTHORIZED_ANONYMOUS_USER).asBoolean());
        }
        hashMap.putAll((Map) build.getClaims().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith(Authorization.USER_TOKEN_CLAIM_PREFIX);
        }).filter(entry2 -> {
            return !((Claim) entry2.getValue()).isNull();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry3 -> {
            return ((Claim) entry3.getValue()).as(Object.class);
        })));
        return hashMap;
    }

    public JwtAuthorizationDecoder withClaim(String str) {
        this.claims.add(str);
        return this;
    }

    public JwtAuthorizationDecoder withJwtToken(String str) {
        this.jwtToken = str;
        return this;
    }

    private DecodedJWT validateJwtToken() {
        try {
            return JWT.require(this.signingAlgorithm).withIssuer(this.issuer).withAudience(this.audience).withSubject(this.subject).ignoreIssuedAt().build().verify(this.jwtToken);
        } catch (JWTVerificationException | NullPointerException e) {
            LOGGER.error("Authorization data unavailable: {}", e.getMessage());
            throw new UnrecoverableException("Authorization data unavailable: " + e.getMessage(), e);
        }
    }
}
