package org.eclipse.dataspaceconnector.common.token;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.PublicKey;
import java.text.ParseException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.eclipse.dataspaceconnector.spi.iam.ClaimToken;
import org.eclipse.dataspaceconnector.spi.iam.PublicKeyResolver;
import org.eclipse.dataspaceconnector.spi.iam.TokenRepresentation;
import org.eclipse.dataspaceconnector.spi.result.Result;

/* loaded from: input_file:org/eclipse/dataspaceconnector/common/token/TokenValidationServiceImpl.class */
public class TokenValidationServiceImpl implements TokenValidationService {
    private final PublicKeyResolver publicKeyResolver;
    private final TokenValidationRulesRegistry rulesRegistry;

    public TokenValidationServiceImpl(PublicKeyResolver publicKeyResolver, TokenValidationRulesRegistry tokenValidationRulesRegistry) {
        this.publicKeyResolver = publicKeyResolver;
        this.rulesRegistry = tokenValidationRulesRegistry;
    }

    @Override // org.eclipse.dataspaceconnector.common.token.TokenValidationService
    public Result<ClaimToken> validate(TokenRepresentation tokenRepresentation) {
        String token = tokenRepresentation.getToken();
        Map additional = tokenRepresentation.getAdditional();
        try {
            SignedJWT parse = SignedJWT.parse(token);
            Result<JWSVerifier> createVerifier = createVerifier(parse.getHeader(), parse.getHeader().getKeyID());
            if (createVerifier.failed()) {
                return Result.failure(createVerifier.getFailureMessages());
            }
            if (!parse.verify((JWSVerifier) createVerifier.getContent())) {
                return Result.failure("Token verification failed");
            }
            JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
            List list = (List) this.rulesRegistry.getRules().stream().map(tokenValidationRule -> {
                return tokenValidationRule.checkRule(parse, additional);
            }).filter((v0) -> {
                return v0.failed();
            }).map((v0) -> {
                return v0.getFailureMessages();
            }).flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toList());
            if (!list.isEmpty()) {
                return Result.failure(list);
            }
            ClaimToken.Builder newInstance = ClaimToken.Builder.newInstance();
            jWTClaimsSet.getClaims().entrySet().stream().map(entry -> {
                return Map.entry((String) entry.getKey(), Objects.toString(entry.getValue()));
            }).filter(entry2 -> {
                return entry2.getValue() != null;
            }).forEach(entry3 -> {
                newInstance.claim((String) entry3.getKey(), entry3.getValue());
            });
            return Result.success(newInstance.build());
        } catch (ParseException e) {
            return Result.failure("Failed to decode token");
        } catch (JOSEException e2) {
            return Result.failure(e2.getMessage());
        }
    }

    private Result<JWSVerifier> createVerifier(JWSHeader jWSHeader, String str) {
        PublicKey resolveKey = this.publicKeyResolver.resolveKey(str);
        if (resolveKey == null) {
            return Result.failure("Failed to resolve public key with id: " + str);
        }
        try {
            return Result.success(new DefaultJWSVerifierFactory().createJWSVerifier(jWSHeader, resolveKey));
        } catch (JOSEException e) {
            return Result.failure("Failed to create verifier");
        }
    }
}
