package io.helidon.microprofile.jwt.auth;

import io.helidon.common.OptionalHelper;
import io.helidon.security.Principal;
import io.helidon.security.SecurityException;
import io.helidon.security.jwt.Jwt;
import io.helidon.security.jwt.JwtException;
import io.helidon.security.jwt.JwtUtil;
import io.helidon.security.jwt.SignedJwt;
import io.helidon.security.util.AbacSupport;
import java.util.Collection;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.json.Json;
import javax.json.JsonNumber;
import javax.json.JsonObject;
import javax.json.JsonString;
import javax.json.JsonValue;
import org.eclipse.microprofile.jwt.ClaimValue;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;

/* loaded from: input_file:io/helidon/microprofile/jwt/auth/JsonWebTokenImpl.class */
public final class JsonWebTokenImpl implements JsonWebToken, Principal {
    private final Jwt jwt;
    private final SignedJwt signed;
    private final String id;
    private final AbacSupport properties;
    private final String name;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.microprofile.jwt.auth.JsonWebTokenImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/microprofile/jwt/auth/JsonWebTokenImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$microprofile$jwt$Claims = new int[Claims.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.raw_token.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.groups.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.aud.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.email_verified.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.phone_number_verified.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$jwt$Claims[Claims.upn.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    private JsonWebTokenImpl(SignedJwt signedJwt) {
        this.jwt = signedJwt.getJwt();
        this.signed = signedJwt;
        AbacSupport.BasicAttributes create = AbacSupport.BasicAttributes.create();
        this.jwt.payloadClaims().forEach((str, jsonValue) -> {
            create.put(str, JwtUtil.toObject(jsonValue));
        });
        this.jwt.email().ifPresent(str2 -> {
            create.put("email", str2);
        });
        this.jwt.emailVerified().ifPresent(bool -> {
            create.put("email_verified", bool);
        });
        this.jwt.locale().ifPresent(locale -> {
            create.put("locale", locale);
        });
        this.jwt.familyName().ifPresent(str3 -> {
            create.put("family_name", str3);
        });
        this.jwt.givenName().ifPresent(str4 -> {
            create.put("given_name", str4);
        });
        this.jwt.fullName().ifPresent(str5 -> {
            create.put("full_name", str5);
        });
        this.properties = create;
        String str6 = (String) this.jwt.subject().orElseThrow(() -> {
            return new JwtException("JWT does not contain subject claim, cannot create principal.");
        });
        OptionalHelper from = OptionalHelper.from(this.jwt.userPrincipal());
        Jwt jwt = this.jwt;
        Objects.requireNonNull(jwt);
        this.name = (String) from.or(jwt::preferredUsername).asOptional().orElse(str6);
        this.id = str6;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsonWebTokenImpl create(SignedJwt signedJwt) {
        return new JsonWebTokenImpl(signedJwt);
    }

    public String getName() {
        return this.name;
    }

    public Set<String> getClaimNames() {
        return this.jwt.payloadClaims().keySet();
    }

    public <T> T getClaim(String str) {
        try {
            return (T) getClaim(Claims.valueOf(str));
        } catch (IllegalArgumentException e) {
            return (T) getJsonValue(str).orElse(null);
        }
    }

    public <T> T getClaim(String str, Class<T> cls) {
        try {
            return JsonValue.class.isAssignableFrom(cls) ? (T) getJsonValue(str).orElse(null) : (T) getClaim(Claims.valueOf(str));
        } catch (IllegalArgumentException e) {
            T t = (T) getJsonValue(str).orElse(null);
            if (t == null || cls == ClaimValue.class || cls == Optional.class || cls.isAssignableFrom(t.getClass())) {
                return t;
            }
            throw new SecurityException("Cannot set instance of " + t.getClass().getName() + " to the field of type " + cls.getName());
        }
    }

    private Object getClaim(Claims claims) {
        switch (AnonymousClass1.$SwitchMap$org$eclipse$microprofile$jwt$Claims[claims.ordinal()]) {
            case 1:
                return this.signed.tokenContent();
            case 2:
                return this.jwt.userGroups().map((v1) -> {
                    return new HashSet(v1);
                }).orElse(null);
            case 3:
                return this.jwt.audience().map((v1) -> {
                    return new HashSet(v1);
                }).orElse(null);
            case 4:
                return this.jwt.emailVerified().orElse(null);
            case 5:
                return this.jwt.phoneNumberVerified().orElse(null);
            case 6:
                return this.jwt.userPrincipal().orElse(null);
            default:
                return getJsonValue(claims.name()).map(jsonValue -> {
                    return convert(claims, jsonValue);
                }).orElse(null);
        }
    }

    private Optional<JsonValue> getJsonValue(String str) {
        return Claims.raw_token.name().equals(str) ? Optional.of(Json.createValue(this.signed.tokenContent())) : OptionalHelper.from(this.jwt.payloadClaim(str)).or(() -> {
            return this.jwt.headerClaim(str);
        }).asOptional();
    }

    private Object convert(Claims claims, JsonValue jsonValue) {
        Class type = claims.getType();
        if (type.equals(String.class) && (jsonValue instanceof JsonString)) {
            return ((JsonString) jsonValue).getString();
        }
        if (type.equals(Long.class)) {
            return jsonValue instanceof JsonNumber ? Long.valueOf(((JsonNumber) jsonValue).longValue()) : jsonValue instanceof JsonString ? Long.valueOf(Long.parseLong(((JsonString) jsonValue).getString())) : Long.valueOf(Long.parseLong(jsonValue.toString()));
        }
        if (!type.equals(JsonObject.class) && (jsonValue instanceof JsonString)) {
            return ((JsonString) jsonValue).getString();
        }
        return jsonValue;
    }

    public Object abacAttributeRaw(String str) {
        return this.properties.abacAttributeRaw(str);
    }

    public Collection<String> abacAttributeNames() {
        return this.properties.abacAttributeNames();
    }

    public String id() {
        return this.id;
    }
}
