package io.atlassian.micros.oauth2.accesstoken;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.nimbusds.jwt.JWTClaimsSet;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.validation.ValidationException;
import javax.validation.constraints.Future;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import org.joda.time.DateTime;
import org.joda.time.Duration;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:io/atlassian/micros/oauth2/accesstoken/SessionClaimSet.class */
public class SessionClaimSet {
    public static final String SCOPES_CLAIM_NAME = "scp";
    public static final String ACTOR_CLAIM_NAME = "act";
    public static final String TYPE_CLAIM_NAME = "typ";
    public static final String TYPE_CLAIM_VALUE = "atlassian-coat";
    private final JWTClaimsSet claimSet;

    public SessionClaimSet(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull URL url, @Nonnull Set<String> set, @Nonnull Duration duration) {
        JWTClaimSetBuilder jWTClaimSetBuilder = new JWTClaimSetBuilder();
        DateTime now = DateTime.now();
        jWTClaimSetBuilder.issuer(str).subject(str2).audience(url.toExternalForm()).issueTime(now.toDate()).expirationTime(now.plus(duration).toDate()).jwtID(UUID.randomUUID().toString()).claim(SCOPES_CLAIM_NAME, set).claim(ACTOR_CLAIM_NAME, ImmutableMap.of("sub", str3)).claim(TYPE_CLAIM_NAME, TYPE_CLAIM_VALUE);
        this.claimSet = jWTClaimSetBuilder.build();
    }

    public SessionClaimSet(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull URL url, @Nonnull Set<String> set) {
        this(str, str2, str3, url, set, Duration.standardMinutes(15L));
    }

    private SessionClaimSet(@Nonnull JWTClaimsSet jWTClaimsSet) {
        this.claimSet = jWTClaimsSet;
    }

    public static Optional<SessionClaimSet> from(JWTClaimsSet jWTClaimsSet) {
        SessionClaimSet sessionClaimSet = new SessionClaimSet(jWTClaimsSet);
        return sessionClaimSet.getType().flatMap(str -> {
            return str.equals(TYPE_CLAIM_VALUE) ? Optional.of(sessionClaimSet) : Optional.empty();
        });
    }

    public static Optional<SessionClaimSet> parse(@Nonnull String str) throws ParseException {
        return from(JWTClaimsSet.parse(str));
    }

    public JWTClaimsSet jwtClaimSet() {
        return this.claimSet;
    }

    @NotNull
    public String getAuthorizationServerId() {
        return this.claimSet.getIssuer();
    }

    @NotNull
    public String getImpersonatedUserId() {
        return this.claimSet.getSubject();
    }

    @NotNull
    @Size(min = 1, max = 200)
    public Set<String> getScopes() {
        try {
            List<String> stringListClaim = this.claimSet.getStringListClaim(SCOPES_CLAIM_NAME);
            return stringListClaim == null ? Collections.emptySet() : (Set) stringListClaim.stream().collect(Collectors.toSet());
        } catch (ParseException e) {
            throw new ValidationException(String.format("Invalid value for scopes: %s - %s", this.claimSet.getClaim(SCOPES_CLAIM_NAME), e.getMessage()));
        }
    }

    @NotNull
    public Date getIssueTime() {
        return this.claimSet.getIssueTime();
    }

    @NotNull
    @Future
    public Date getExpirationTime() {
        return this.claimSet.getExpirationTime();
    }

    @NotNull
    public String getOauthClientId() {
        return (String) actor().get("sub");
    }

    @NotNull
    public String getJWTID() {
        return this.claimSet.getJWTID();
    }

    @NotNull
    @Size(min = 1, max = 200)
    public List<URL> getResourceServerUrls() {
        List<String> audience = this.claimSet.getAudience();
        return audience == null ? ImmutableList.of() : (List) audience.stream().map(str -> {
            try {
                return new URL(str);
            } catch (MalformedURLException e) {
                throw new ValidationException("The audience does not contain valid resource server urls");
            }
        }).collect(Collectors.toList());
    }

    @VisibleForTesting
    Optional<String> getType() {
        return Optional.ofNullable(getTyp());
    }

    @NotNull
    @Size(min = 1, max = 200)
    String getTyp() {
        try {
            return this.claimSet.getStringClaim(TYPE_CLAIM_NAME);
        } catch (ParseException e) {
            return null;
        }
    }

    public String toString() {
        return this.claimSet.toJSONObject().toString();
    }

    private Map<String, Object> actor() {
        Object claim = this.claimSet.getClaim(ACTOR_CLAIM_NAME);
        if (claim == null) {
            return Collections.emptyMap();
        }
        if (claim instanceof Map) {
            return (Map) claim;
        }
        throw new ValidationException("Invalid act claim type. Must be a Map. Found (" + claim.getClass().getSimpleName() + ")");
    }
}
