package de.adorsys.sts.tokenauth;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:de/adorsys/sts/tokenauth/BearerToken.class */
public class BearerToken {
    static final String TOKEN_PREFIX = "Bearer ";
    static final String HEADER_STRING = "Authorization";
    private final EnvironmentVariablesAuthServersProvider authServersProvider = new EnvironmentVariablesAuthServersProvider();
    private final KeycloakTokenRolesParser keycloakTokenRolesParser = new KeycloakTokenRolesParser();
    private final StringListRolesParser stringListRolesParser = new StringListRolesParser();
    private final String token;
    private JWTClaimsSet claims;

    public BearerToken(String str) {
        this.token = str;
    }

    public boolean isValid() {
        return tryToGetClaims().isPresent();
    }

    public final JWTClaimsSet getClaims() {
        return tryToGetClaims().orElseThrow(() -> {
            return new IllegalStateException("claims cannot be parsed");
        });
    }

    private Optional<JWTClaimsSet> tryToGetClaims() {
        if (this.claims == null) {
            extractClaims().ifPresent(jWTClaimsSet -> {
                this.claims = jWTClaimsSet;
            });
        }
        return Optional.ofNullable(this.claims);
    }

    public List<String> extractRoles() {
        ArrayList arrayList = new ArrayList();
        JWTClaimsSet claims = getClaims();
        this.stringListRolesParser.extractRoles(claims, "scp", arrayList);
        this.stringListRolesParser.extractRoles(claims, "roles", arrayList);
        this.keycloakTokenRolesParser.parseRoles(claims, arrayList);
        return arrayList;
    }

    private Optional<JWTClaimsSet> extractClaims() {
        Optional<JWTClaimsSet> empty = Optional.empty();
        if (this.token != null && StringUtils.startsWithIgnoreCase(this.token, TOKEN_PREFIX)) {
            try {
                SignedJWT parse = SignedJWT.parse(StringUtils.substringAfterLast(this.token, " "));
                if (JWSAlgorithm.NONE.equals(parse.getHeader().getAlgorithm())) {
                    return empty;
                }
                AuthServer authServer = this.authServersProvider.get(parse.getJWTClaimsSet().getIssuer());
                if (authServer == null) {
                    return empty;
                }
                MultiAuthJWSKeySelector multiAuthJWSKeySelector = new MultiAuthJWSKeySelector(authServer);
                DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
                defaultJWTProcessor.setJWSKeySelector(multiAuthJWSKeySelector);
                empty = Optional.of(defaultJWTProcessor.process(parse, (SecurityContext) null));
                return empty;
            } catch (ParseException | BadJOSEException | JOSEException e) {
                return empty;
            }
        }
        return empty;
    }
}
