package org.apache.cxf.rs.security.oauth2.filters;

import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.class */
public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTokenValidator {
    private static final String USERNAME_PROP = "username";
    private Map<String, String> jwtAccessTokenClaimMap;

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public List<String> getSupportedAuthorizationSchemes() {
        return Collections.singletonList("Bearer");
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator
    public AccessTokenValidation validateAccessToken(MessageContext messageContext, String str, String str2, MultivaluedMap<String, String> multivaluedMap) throws OAuthServiceException {
        try {
            return convertClaimsToValidation(super.getJwtToken(str2).getClaims());
        } catch (Exception e) {
            throw new OAuthServiceException(e);
        }
    }

    private AccessTokenValidation convertClaimsToValidation(JwtClaims jwtClaims) {
        Object obj;
        AccessTokenValidation accessTokenValidation = new AccessTokenValidation();
        accessTokenValidation.setInitialValidationSuccessful(true);
        String stringProperty = jwtClaims.getStringProperty("client_id");
        if (stringProperty != null) {
            accessTokenValidation.setClientId(stringProperty);
        }
        if (jwtClaims.getIssuedAt() != null) {
            accessTokenValidation.setTokenIssuedAt(jwtClaims.getIssuedAt().longValue());
        } else {
            accessTokenValidation.setTokenIssuedAt(OAuthUtils.getIssuedAt());
        }
        if (jwtClaims.getExpiryTime() != null) {
            accessTokenValidation.setTokenLifetime(jwtClaims.getExpiryTime().longValue() - accessTokenValidation.getTokenIssuedAt());
        }
        List audiences = jwtClaims.getAudiences();
        if (audiences != null && !audiences.isEmpty()) {
            accessTokenValidation.setAudiences(jwtClaims.getAudiences());
        }
        if (jwtClaims.getIssuer() != null) {
            accessTokenValidation.setTokenIssuer(jwtClaims.getIssuer());
        }
        Object claim = jwtClaims.getClaim("scope");
        if (claim != null) {
            String[] split = claim instanceof String ? claim.toString().split(" ") : (String[]) CastUtils.cast((List) claim).toArray(new String[0]);
            LinkedList linkedList = new LinkedList();
            for (String str : split) {
                if (!StringUtils.isEmpty(str)) {
                    linkedList.add(new OAuthPermission(str.trim()));
                }
            }
            accessTokenValidation.setTokenScopes(linkedList);
        }
        String stringProperty2 = jwtClaims.getStringProperty(JwtTokenUtils.getClaimName("username", "username", this.jwtAccessTokenClaimMap));
        if (stringProperty2 != null) {
            UserSubject userSubject = new UserSubject(stringProperty2);
            if (jwtClaims.getSubject() != null) {
                userSubject.setId(jwtClaims.getSubject());
            }
            accessTokenValidation.setTokenSubject(userSubject);
        } else if (jwtClaims.getSubject() != null) {
            accessTokenValidation.setTokenSubject(new UserSubject(jwtClaims.getSubject()));
        }
        Map<? extends String, ? extends String> cast = CastUtils.cast((Map) jwtClaims.getClaim("extra_properties"));
        if (cast != null) {
            accessTokenValidation.getExtraProps().putAll(cast);
        }
        Map cast2 = CastUtils.cast((Map) jwtClaims.getClaim("cnf"));
        if (cast2 != null && (obj = cast2.get("x5t#S256")) != null) {
            accessTokenValidation.getExtraProps().put("x5t#S256", obj.toString());
        }
        return accessTokenValidation;
    }

    public void setJwtAccessTokenClaimMap(Map<String, String> map) {
        this.jwtAccessTokenClaimMap = map;
    }
}
