package org.apache.tomee.security.http.openid.model;

import jakarta.json.Json;
import jakarta.json.JsonReader;
import jakarta.json.bind.Jsonb;
import jakarta.json.bind.JsonbBuilder;
import jakarta.security.enterprise.identitystore.openid.AccessToken;
import jakarta.security.enterprise.identitystore.openid.JwtClaims;
import jakarta.security.enterprise.identitystore.openid.Scope;
import java.io.StringReader;
import java.util.Base64;
import java.util.Map;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;
import org.apache.openjpa.slice.jdbc.DistributedJDBCConfigurationImpl;

/* loaded from: input_file:lib/tomee-security-10.0.0-M2.jar:org/apache/tomee/security/http/openid/model/TomEEAccesToken.class */
public class TomEEAccesToken implements AccessToken {
    private static final Logger LOGGER = Logger.getInstance(LogCategory.TOMEE_SECURITY, TomEEAccesToken.class);
    private final boolean jwt;
    private final String token;
    private final AccessToken.Type type;
    private final Scope scope;
    private final Long expiresIn;
    private final long minValidity;
    private final long creationTime = System.currentTimeMillis() / 1000;
    private JwtClaims jwtClaims;
    private Map<String, Object> rawClaims;

    public TomEEAccesToken(boolean z, String str, AccessToken.Type type, Scope scope, Long l, long j) {
        this.jwt = z;
        this.token = str;
        this.type = type;
        this.scope = scope;
        this.expiresIn = l;
        this.minValidity = j;
        if (z) {
            String str2 = new String(Base64.getUrlDecoder().decode(str.split(DistributedJDBCConfigurationImpl.REGEX_DOT)[1]));
            try {
                JsonReader createReader = Json.createReader(new StringReader(str2));
                try {
                    Jsonb create = JsonbBuilder.create();
                    try {
                        this.jwtClaims = new TomEEJwtClaims(createReader.readObject());
                        this.rawClaims = (Map) create.fromJson(str2, Map.class);
                        if (create != null) {
                            create.close();
                        }
                        if (createReader != null) {
                            createReader.close();
                        }
                    } catch (Throwable th) {
                        if (create != null) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Exception e) {
                LOGGER.error("Could not parse idToken claims", e);
            }
        }
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public String getToken() {
        return this.token;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public boolean isJWT() {
        return this.jwt;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public JwtClaims getJwtClaims() {
        return this.jwtClaims;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public Map<String, Object> getClaims() {
        return this.rawClaims;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public Object getClaim(String str) {
        if (isJWT()) {
            return getClaims().get(str);
        }
        return null;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public Long getExpirationTime() {
        return this.expiresIn;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public boolean isExpired() {
        return System.currentTimeMillis() + this.minValidity > (!isJWT() ? this.creationTime + this.expiresIn.longValue() : ((Long) this.jwtClaims.getExpirationTime().map(instant -> {
            return Long.valueOf(instant.toEpochMilli() / 1000);
        }).orElseThrow(() -> {
            return new IllegalStateException("No exp claim in identity token found");
        })).longValue()) * 1000;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public Scope getScope() {
        return this.scope;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.AccessToken
    public AccessToken.Type getType() {
        return this.type;
    }
}
