package com.yahoo.athenz.zts;

import com.yahoo.athenz.auth.token.AccessToken;
import com.yahoo.athenz.auth.token.IdToken;
import com.yahoo.athenz.auth.token.RoleToken;
import com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/zts/ZTSClientTokenCacher.class */
public class ZTSClientTokenCacher {
    private static final Logger LOG = LoggerFactory.getLogger(ZTSClientTokenCacher.class);

    public static void setRoleToken(String str, String str2, String str3) {
        setRoleToken(str, str2);
    }

    public static void setRoleToken(String str, String str2) {
        RoleToken roleToken = new RoleToken(str);
        String domain = roleToken.getDomain();
        String principal = roleToken.getPrincipal();
        int lastIndexOf = principal.lastIndexOf(46);
        if (lastIndexOf == -1) {
            return;
        }
        String substring = principal.substring(0, lastIndexOf);
        String substring2 = principal.substring(lastIndexOf + 1);
        Long valueOf = Long.valueOf(roleToken.getExpiryTime());
        RoleToken expiryTime = new RoleToken().setToken(str).setExpiryTime(valueOf.longValue());
        String roleTokenCacheKey = ZTSClient.getRoleTokenCacheKey(substring, substring2, domain, str2, null);
        if (LOG.isInfoEnabled()) {
            LOG.info("ZTSTokenCache: cache-add key: {} expiry: {}", roleTokenCacheKey, valueOf);
        }
        ZTSClient.ROLE_TOKEN_CACHE.put(roleTokenCacheKey, expiryTime);
    }

    public static void setAccessToken(AccessTokenResponse accessTokenResponse, List<String> list) {
        if (accessTokenResponse == null || accessTokenResponse.getAccess_token() == null) {
            return;
        }
        try {
            AccessToken accessToken = new AccessToken(removeSignature(accessTokenResponse.getAccess_token()), (JwtsSigningKeyResolver) null);
            String audience = accessToken.getAudience();
            String clientId = accessToken.getClientId();
            int lastIndexOf = clientId.lastIndexOf(46);
            if (lastIndexOf == -1) {
                return;
            }
            String substring = clientId.substring(0, lastIndexOf);
            String substring2 = clientId.substring(lastIndexOf + 1);
            AccessTokenResponseCacheEntry accessTokenResponseCacheEntry = new AccessTokenResponseCacheEntry(accessTokenResponse);
            String str = null;
            List confirmProxyPrincpalSpiffeUris = accessToken.getConfirmProxyPrincpalSpiffeUris();
            if (confirmProxyPrincpalSpiffeUris != null) {
                str = String.join(",", confirmProxyPrincpalSpiffeUris);
            }
            String accessTokenCacheKey = ZTSClient.getAccessTokenCacheKey(substring, substring2, audience, list, extractIdTokenServiceName(accessTokenResponse.getId_token()), accessToken.getProxyPrincipal(), accessToken.getAuthorizationDetails(), str);
            if (LOG.isInfoEnabled()) {
                LOG.info("ZTSTokenCache: cache-add key: {} expires-in: {}", accessTokenCacheKey, accessTokenResponse.getExpires_in());
            }
            ZTSClient.ACCESS_TOKEN_CACHE.put(accessTokenCacheKey, accessTokenResponseCacheEntry);
        } catch (Exception e) {
            LOG.error("ZTSTokenCache: unable to parse access token", e);
        }
    }

    private static String extractIdTokenServiceName(String str) {
        if (str == null) {
            return null;
        }
        try {
            String audience = new IdToken(removeSignature(str), (JwtsSigningKeyResolver) null).getAudience();
            if (audience == null) {
                LOG.error("ZTSTokenCache: token has no audience");
                return null;
            }
            int lastIndexOf = audience.lastIndexOf(46);
            if (lastIndexOf != -1) {
                return audience.substring(lastIndexOf + 1);
            }
            LOG.error("ZTSTokenCache: invalid id token audience - {}", audience);
            return null;
        } catch (Exception e) {
            LOG.error("ZTSTokenCache: unable to parse id token", e);
            return null;
        }
    }

    private static String removeSignature(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf == -1 ? str : str.substring(0, lastIndexOf + 1);
    }
}
