package com.day.crx.security.token.impl;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.oauth.jwt.JwsValidator;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
import javax.jcr.Credentials;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/crx/security/token/impl/TokenProviderImpl.class */
class TokenProviderImpl implements TokenProvider {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private CredentialsSupport credentialsSupport;
    private JwsValidator jwsValidator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/day/crx/security/token/impl/TokenProviderImpl$TokenInfoImpl.class */
    public final class TokenInfoImpl implements TokenInfo {
        private String token;
        private final String userId;

        public TokenInfoImpl(String str) throws CryptoException {
            this.userId = str;
            this.token = TokenAuthenticationHandler.buildEncapsulatedToken(str);
        }

        public TokenInfoImpl(String str, String str2) throws CryptoException {
            this.userId = str;
            this.token = str2;
        }

        public String getUserId() {
            return this.userId;
        }

        public String getToken() {
            return this.token;
        }

        public boolean isExpired(long j) {
            return !TokenProviderImpl.this.jwsValidator.validate(this.token);
        }

        public boolean resetExpiration(long j) {
            return false;
        }

        public boolean remove() {
            return true;
        }

        public boolean matches(TokenCredentials tokenCredentials) {
            return TokenProviderImpl.this.jwsValidator.validate(this.token);
        }

        public Map<String, String> getPrivateAttributes() {
            return ImmutableMap.of();
        }

        public Map<String, String> getPublicAttributes() {
            return ImmutableMap.of();
        }
    }

    public TokenProviderImpl(CredentialsSupport credentialsSupport, JwsValidator jwsValidator) {
        this.credentialsSupport = credentialsSupport;
        this.jwsValidator = jwsValidator;
    }

    public boolean doCreateToken(Credentials credentials) {
        Object obj;
        Credentials extractCredentials = extractCredentials(credentials);
        return (extractCredentials == null || (obj = this.credentialsSupport.getAttributes(extractCredentials).get(".token")) == null || !obj.toString().isEmpty()) ? false : true;
    }

    public TokenInfo createToken(Credentials credentials) {
        Credentials extractCredentials = extractCredentials(credentials);
        String userId = extractCredentials != null ? this.credentialsSupport.getUserId(extractCredentials) : null;
        TokenInfo tokenInfo = null;
        if (userId != null) {
            tokenInfo = createToken(userId, this.credentialsSupport.getAttributes(extractCredentials));
            if (tokenInfo != null && !this.credentialsSupport.setAttributes(extractCredentials, ImmutableMap.of(".token", tokenInfo.getToken()))) {
                this.log.debug("Cannot set token attribute to " + extractCredentials);
            }
        }
        return tokenInfo;
    }

    public TokenInfo createToken(String str, Map<String, ?> map) {
        try {
            return new TokenInfoImpl(str);
        } catch (CryptoException e) {
            this.log.error("Failed to create login token. {}", e.getMessage());
            return null;
        }
    }

    public TokenInfo getTokenInfo(String str) {
        try {
            JWT jwt = (JWT) new JWTReader().read(str);
            if ("login".equals((String) jwt.getClaimsSet().getCustomField("scope", String.class))) {
                return new TokenInfoImpl(jwt.getClaimsSet().getSubject(), str);
            }
            this.log.debug("Cannot determine userID/principal from token");
            return null;
        } catch (CryptoException e) {
            this.log.error("Failed to determine userID/principal from token {}", e.getMessage());
            return null;
        }
    }

    private Credentials extractCredentials(Credentials credentials) {
        Credentials credentials2 = credentials;
        if (credentials instanceof ImpersonationCredentials) {
            credentials2 = ((ImpersonationCredentials) credentials).getBaseCredentials();
        }
        if (this.credentialsSupport.getCredentialClasses().contains(credentials2.getClass())) {
            return credentials2;
        }
        return null;
    }
}
