package org.apache.cxf.rs.security.oauth2.utils;

import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;

/* loaded from: input_file:lib/cxf-shade-9.0.0.jar:org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.class */
public final class JwtTokenUtils {
    private JwtTokenUtils() {
    }

    public static String getClaimName(String str, String str2, Map<String, String> map) {
        String str3 = null;
        if (map != null) {
            str3 = map.get(str);
        }
        return str3 == null ? str2 : str3;
    }

    public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer joseJwtConsumer, String str, ClientRegistrationProvider clientRegistrationProvider, Map<String, String> map) {
        Object obj;
        JwtClaims claims = joseJwtConsumer.getJwtToken(str).getClaims();
        Client client = clientRegistrationProvider.getClient(claims.getStringProperty(getClaimName("client_id", "client_id", map)));
        long longValue = claims.getIssuedAt().longValue();
        BearerAccessToken bearerAccessToken = new BearerAccessToken(client, str, claims.getExpiryTime().longValue() - longValue, longValue);
        List<String> audiences = claims.getAudiences();
        if (audiences != null && !audiences.isEmpty()) {
            bearerAccessToken.setAudiences(claims.getAudiences());
        }
        String issuer = claims.getIssuer();
        if (issuer != null) {
            bearerAccessToken.setIssuer(issuer);
        }
        Object claim = claims.getClaim("scope");
        if (claim != null) {
            String[] split = claim instanceof String ? claim.toString().split(" ") : (String[]) CastUtils.cast((List<?>) claim).toArray(new String[0]);
            LinkedList linkedList = new LinkedList();
            for (String str2 : split) {
                if (!StringUtils.isEmpty(str2)) {
                    linkedList.add(new OAuthPermission(str2.trim()));
                }
            }
            bearerAccessToken.setScopes(linkedList);
        }
        String stringProperty = claims.getStringProperty(getClaimName(OAuthConstants.RESOURCE_OWNER_NAME, OAuthConstants.RESOURCE_OWNER_NAME, map));
        String subject = claims.getSubject();
        if (stringProperty != null) {
            UserSubject userSubject = new UserSubject(stringProperty);
            if (subject != null) {
                userSubject.setId(subject);
            }
            bearerAccessToken.setSubject(userSubject);
        } else if (subject != null) {
            bearerAccessToken.setSubject(new UserSubject(subject));
        }
        String stringProperty2 = claims.getStringProperty(OAuthConstants.GRANT_TYPE);
        if (stringProperty2 != null) {
            bearerAccessToken.setGrantType(stringProperty2);
        }
        String stringProperty3 = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
        if (stringProperty3 != null) {
            bearerAccessToken.setGrantCode(stringProperty3);
        }
        String stringProperty4 = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
        if (stringProperty4 != null) {
            bearerAccessToken.setClientCodeVerifier(stringProperty4);
        }
        String stringProperty5 = claims.getStringProperty("nonce");
        if (stringProperty5 != null) {
            bearerAccessToken.setNonce(stringProperty5);
        }
        Map<? extends String, ? extends String> cast = CastUtils.cast((Map<?, ?>) claims.getClaim("extra_properties"));
        if (cast != null) {
            bearerAccessToken.getExtraProperties().putAll(cast);
            Map cast2 = CastUtils.cast((Map<?, ?>) claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
            if (cast2 != null && (obj = cast2.get("x5t#S256")) != null) {
                bearerAccessToken.getExtraProperties().put("x5t#S256", obj.toString());
            }
        }
        return bearerAccessToken;
    }
}
