package org.apache.tomee.security.http.openid.model;

import jakarta.json.Json;
import jakarta.json.JsonReader;
import jakarta.json.bind.Jsonb;
import jakarta.json.bind.JsonbBuilder;
import jakarta.security.enterprise.identitystore.openid.IdentityToken;
import jakarta.security.enterprise.identitystore.openid.JwtClaims;
import java.io.StringReader;
import java.util.Base64;
import java.util.Map;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;
import org.apache.openjpa.slice.jdbc.DistributedJDBCConfigurationImpl;

/* loaded from: input_file:lib/tomee-security-10.0.0-M2.jar:org/apache/tomee/security/http/openid/model/TomEEIdentityToken.class */
public class TomEEIdentityToken implements IdentityToken {
    private static final Logger LOGGER = Logger.getInstance(LogCategory.TOMEE_SECURITY, TomEEIdentityToken.class);
    private final String token;
    private final long minValidity;
    private JwtClaims jwtClaims;
    private Map<String, Object> rawClaims;

    public TomEEIdentityToken(String str, long j) {
        this.token = str;
        this.minValidity = j;
        String str2 = new String(Base64.getUrlDecoder().decode(str.split(DistributedJDBCConfigurationImpl.REGEX_DOT)[1]));
        try {
            JsonReader createReader = Json.createReader(new StringReader(str2));
            try {
                Jsonb create = JsonbBuilder.create();
                try {
                    this.jwtClaims = new TomEEJwtClaims(createReader.readObject());
                    this.rawClaims = (Map) create.fromJson(str2, Map.class);
                    if (create != null) {
                        create.close();
                    }
                    if (createReader != null) {
                        createReader.close();
                    }
                } catch (Throwable th) {
                    if (create != null) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error("Could not parse idToken claims", e);
        }
    }

    @Override // jakarta.security.enterprise.identitystore.openid.IdentityToken
    public String getToken() {
        return this.token;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.IdentityToken
    public JwtClaims getJwtClaims() {
        return this.jwtClaims;
    }

    @Override // jakarta.security.enterprise.identitystore.openid.IdentityToken
    public boolean isExpired() {
        return ((Boolean) this.jwtClaims.getExpirationTime().map(instant -> {
            return Boolean.valueOf(System.currentTimeMillis() + this.minValidity > instant.toEpochMilli());
        }).orElseThrow(() -> {
            return new IllegalStateException("No exp claim in identity token found");
        })).booleanValue();
    }

    @Override // jakarta.security.enterprise.identitystore.openid.IdentityToken
    public Map<String, Object> getClaims() {
        return this.rawClaims;
    }
}
