package io.strimzi.kafka.oauth.common;

import com.fasterxml.jackson.databind.JsonNode;
import com.nimbusds.jose.JWSObject;
import io.strimzi.kafka.oauth.validator.ValidationException;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import org.slf4j.Logger;

/* loaded from: input_file:io/strimzi/kafka/oauth/common/TokenIntrospection.class */
public class TokenIntrospection {
    private static final NimbusPayloadTransformer TRANSFORMER = new NimbusPayloadTransformer();

    public static TokenInfo introspectAccessToken(String str, PrincipalExtractor principalExtractor) {
        try {
            try {
                JsonNode jsonNode = (JsonNode) JWSObject.parse(str).getPayload().toType(TRANSFORMER);
                if (principalExtractor == null) {
                    principalExtractor = new PrincipalExtractor();
                }
                String principal = principalExtractor.getPrincipal(jsonNode);
                if (principal == null) {
                    principal = principalExtractor.getSub(jsonNode);
                }
                return new TokenInfo(jsonNode, str, principal);
            } catch (Exception e) {
                throw new ValidationException("Failed to read payload from JWT access token", e);
            }
        } catch (Exception e2) {
            throw new ValidationException("Failed to parse JWT token", e2);
        }
    }

    public static void debugLogJWT(Logger logger, String str) {
        try {
            JWSObject parse = JWSObject.parse(str);
            logger.debug("Token: {}", parse.getPayload());
            try {
                JsonNode jsonNode = ((JsonNode) parse.getPayload().toType(TRANSFORMER)).get(TokenInfo.EXP);
                if (jsonNode == null) {
                    logger.debug("Access token has no expiry set.");
                } else {
                    logger.debug("Access token expires at (UTC): " + (jsonNode.isNumber() ? LocalDateTime.ofEpochSecond(jsonNode.asInt(), 0, ZoneOffset.UTC).format(DateTimeFormatter.ISO_DATE_TIME) : "invalid value: [" + jsonNode.asText() + "]"));
                }
            } catch (Exception e) {
                logger.debug("[IGNORED] Failed to parse JWT token's payload", e);
            }
        } catch (Exception e2) {
            logger.debug("[IGNORED] Token doesn't seem to be JWT token: " + LogUtil.mask(str), e2);
        }
    }
}
