package io.helidon.security.jwt;

import io.helidon.common.Errors;
import io.helidon.security.jwt.JwtHeaders;
import io.helidon.security.jwt.JwtUtil;
import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonArrayBuilder;
import jakarta.json.JsonBuilderFactory;
import jakarta.json.JsonObject;
import jakarta.json.JsonObjectBuilder;
import jakarta.json.JsonString;
import jakarta.json.JsonValue;
import java.net.URI;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneId;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Stream;

/* loaded from: input_file:io/helidon/security/jwt/Jwt.class */
public class Jwt {
    private static final JsonBuilderFactory JSON = Json.createBuilderFactory(Collections.emptyMap());
    private final JwtHeaders headers;
    private final Map<String, JsonValue> payloadClaims;
    private final Optional<List<String>> issuers;
    private final Optional<Instant> expirationTime;
    private final Optional<Instant> issueTime;
    private final Optional<Instant> notBefore;
    private final Optional<String> subject;
    private final Optional<String> userPrincipal;
    private final Optional<List<String>> userGroups;
    private final Optional<List<String>> audience;
    private final Optional<String> jwtId;
    private final Optional<String> email;
    private final Optional<Boolean> emailVerified;
    private final Optional<String> fullName;
    private final Optional<String> givenName;
    private final Optional<String> middleName;
    private final Optional<String> familyName;
    private final Optional<Locale> locale;
    private final Optional<String> nickname;
    private final Optional<String> preferredUsername;
    private final Optional<URI> profile;
    private final Optional<URI> picture;
    private final Optional<URI> website;
    private final Optional<String> gender;
    private final Optional<LocalDate> birthday;
    private final Optional<ZoneId> timeZone;
    private final Optional<String> phoneNumber;
    private final Optional<Boolean> phoneNumberVerified;
    private final Optional<Instant> updatedAt;
    private final Optional<JwtUtil.Address> address;
    private final Optional<List<String>> scopes;
    private final Optional<byte[]> atHash;
    private final Optional<byte[]> cHash;
    private final Optional<String> nonce;

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Builder, Jwt> {
        private List<String> audience;
        private List<String> issuers;
        private final JwtHeaders.Builder headerBuilder = JwtHeaders.builder();
        private final Map<String, Object> payloadClaims = new HashMap();
        private Optional<Instant> expirationTime = Optional.empty();
        private Optional<Instant> issueTime = Optional.empty();
        private Optional<Instant> notBefore = Optional.empty();
        private Optional<String> subject = Optional.empty();
        private Optional<String> userPrincipal = Optional.empty();
        private Optional<List<String>> userGroups = Optional.empty();
        private Optional<String> jwtId = Optional.empty();
        private Optional<String> email = Optional.empty();
        private Optional<Boolean> emailVerified = Optional.empty();
        private Optional<String> fullName = Optional.empty();
        private Optional<String> givenName = Optional.empty();
        private Optional<String> middleName = Optional.empty();
        private Optional<String> familyName = Optional.empty();
        private Optional<Locale> locale = Optional.empty();
        private Optional<String> nickname = Optional.empty();
        private Optional<String> preferredUsername = Optional.empty();
        private Optional<URI> profile = Optional.empty();
        private Optional<URI> picture = Optional.empty();
        private Optional<URI> website = Optional.empty();
        private Optional<String> gender = Optional.empty();
        private Optional<LocalDate> birthday = Optional.empty();
        private Optional<ZoneId> timeZone = Optional.empty();
        private Optional<String> phoneNumber = Optional.empty();
        private Optional<Boolean> phoneNumberVerified = Optional.empty();
        private Optional<Instant> updatedAt = Optional.empty();
        private Optional<JwtUtil.Address> address = Optional.empty();
        private Optional<byte[]> atHash = Optional.empty();
        private Optional<byte[]> cHash = Optional.empty();
        private Optional<String> nonce = Optional.empty();
        private Optional<List<String>> scopes = Optional.empty();

        private Builder() {
        }

        public Builder keyId(String str) {
            this.headerBuilder.keyId(str);
            return this;
        }

        public Builder type(String str) {
            this.headerBuilder.type(str);
            return this;
        }

        public Builder scopes(List<String> list) {
            this.scopes = Optional.of(new LinkedList(list));
            return this;
        }

        public Builder addScope(String str) {
            this.scopes = this.scopes.or(() -> {
                return Optional.of(new LinkedList());
            });
            this.scopes.ifPresent(list -> {
                list.add(str);
            });
            return this;
        }

        public Builder addUserGroup(String str) {
            this.userGroups = this.userGroups.or(() -> {
                return Optional.of(new LinkedList());
            });
            this.userGroups.ifPresent(list -> {
                list.add(str);
            });
            return this;
        }

        public Builder contentType(String str) {
            this.headerBuilder.contentType(str);
            return this;
        }

        public Builder addHeaderClaim(String str, Object obj) {
            this.headerBuilder.addHeaderClaim(str, obj);
            return this;
        }

        private void addClaim(Map<String, Object> map, String str, Object obj) {
            map.put(str, obj);
        }

        public Builder addPayloadClaim(String str, Object obj) {
            addClaim(this.payloadClaims, str, obj);
            return this;
        }

        public Builder algorithm(String str) {
            this.headerBuilder.algorithm(str);
            return this;
        }

        public Builder issuer(String str) {
            return issuers(List.of(str));
        }

        public Builder addIssuer(String str) {
            if (this.issuers == null) {
                this.issuers = new ArrayList();
            }
            this.issuers.add(str);
            return this;
        }

        public Builder issuers(List<String> list) {
            this.issuers = new ArrayList(list);
            return this;
        }

        public Builder expirationTime(Instant instant) {
            this.expirationTime = Optional.ofNullable(instant);
            return this;
        }

        public Builder issueTime(Instant instant) {
            this.issueTime = Optional.ofNullable(instant);
            return this;
        }

        public Builder notBefore(Instant instant) {
            this.notBefore = Optional.ofNullable(instant);
            return this;
        }

        public Builder subject(String str) {
            this.subject = Optional.ofNullable(str);
            return this;
        }

        public Builder userPrincipal(String str) {
            this.userPrincipal = Optional.ofNullable(str);
            return this;
        }

        public Builder addAudience(String str) {
            if (this.audience == null) {
                this.audience = new LinkedList();
            }
            this.audience.add(str);
            return this;
        }

        public Builder audience(List<String> list) {
            this.audience = new LinkedList(list);
            return this;
        }

        public Builder jwtId(String str) {
            this.jwtId = Optional.ofNullable(str);
            return this;
        }

        public Builder email(String str) {
            this.email = Optional.ofNullable(str);
            return this;
        }

        public Builder emailVerified(Boolean bool) {
            this.emailVerified = Optional.ofNullable(bool);
            return this;
        }

        public Builder fullName(String str) {
            this.fullName = Optional.ofNullable(str);
            return this;
        }

        public Builder givenName(String str) {
            this.givenName = Optional.ofNullable(str);
            return this;
        }

        public Builder middleName(String str) {
            this.middleName = Optional.ofNullable(str);
            return this;
        }

        public Builder familyName(String str) {
            this.familyName = Optional.ofNullable(str);
            return this;
        }

        public Builder locale(Locale locale) {
            this.locale = Optional.ofNullable(locale);
            return this;
        }

        public Builder nickname(String str) {
            this.nickname = Optional.ofNullable(str);
            return this;
        }

        public Builder preferredUsername(String str) {
            this.preferredUsername = Optional.ofNullable(str);
            return this;
        }

        public Builder profile(URI uri) {
            this.profile = Optional.ofNullable(uri);
            return this;
        }

        public Builder picture(URI uri) {
            this.picture = Optional.ofNullable(uri);
            return this;
        }

        public Builder website(URI uri) {
            this.website = Optional.ofNullable(uri);
            return this;
        }

        public Builder gender(String str) {
            this.gender = Optional.ofNullable(str);
            return this;
        }

        public Builder birthday(LocalDate localDate) {
            this.birthday = Optional.ofNullable(localDate);
            return this;
        }

        public Builder timeZone(ZoneId zoneId) {
            this.timeZone = Optional.ofNullable(zoneId);
            return this;
        }

        public Builder phoneNumber(String str) {
            this.phoneNumber = Optional.ofNullable(str);
            return this;
        }

        public Builder phoneNumberVerified(Boolean bool) {
            this.phoneNumberVerified = Optional.ofNullable(bool);
            return this;
        }

        public Builder updatedAt(Instant instant) {
            this.updatedAt = Optional.ofNullable(instant);
            return this;
        }

        public Builder address(JwtUtil.Address address) {
            this.address = Optional.ofNullable(address);
            return this;
        }

        public Builder atHash(byte[] bArr) {
            this.atHash = Optional.ofNullable(bArr);
            return this;
        }

        public Builder cHash(byte[] bArr) {
            this.cHash = Optional.ofNullable(bArr);
            return this;
        }

        public Builder nonce(String str) {
            this.nonce = Optional.ofNullable(str);
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public Jwt m6build() {
            return new Jwt(this);
        }

        public Builder removePayloadClaim(String str) {
            this.payloadClaims.remove(str);
            return this;
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$ExpirationValidator.class */
    public static final class ExpirationValidator extends InstantValidator implements Validator<Jwt> {
        private ExpirationValidator(boolean z) {
            super(z);
        }

        private ExpirationValidator(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            super(instant, i, temporalUnit, z);
        }

        public static ExpirationValidator create() {
            return new ExpirationValidator(false);
        }

        public static ExpirationValidator create(boolean z) {
            return new ExpirationValidator(z);
        }

        public static ExpirationValidator create(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            return new ExpirationValidator(instant, i, temporalUnit, z);
        }

        @Override // io.helidon.security.jwt.Validator
        public void validate(Jwt jwt, Errors.Collector collector) {
            Optional<Instant> expirationTime = jwt.expirationTime();
            expirationTime.ifPresent(instant -> {
                if (earliest().isAfter(instant)) {
                    collector.fatal(jwt, "Token no longer valid, expiration: " + instant);
                }
                jwt.issueTime().ifPresent(instant -> {
                    if (instant.isAfter(instant)) {
                        collector.fatal(jwt, "Token issue date is after its expiration, issue: " + instant + ", expiration: " + instant);
                    }
                });
            });
            super.validate("expirationTime", expirationTime, collector);
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$FieldValidator.class */
    public static final class FieldValidator extends OptionalValidator implements Validator<Jwt> {
        private final Function<Jwt, Optional<String>> fieldAccessor;
        private final String expectedValue;
        private final String fieldName;

        private FieldValidator(Function<Jwt, Optional<String>> function, String str, String str2, boolean z) {
            super(z);
            this.fieldAccessor = function;
            this.fieldName = str;
            this.expectedValue = str2;
        }

        public static FieldValidator create(Function<Jwt, Optional<String>> function, String str, String str2) {
            return create(function, str, str2, false);
        }

        public static FieldValidator create(Function<Jwt, Optional<String>> function, String str, String str2, boolean z) {
            return new FieldValidator(function, str, str2, z);
        }

        public static FieldValidator createForHeader(String str, String str2, String str3) {
            return createForHeader(str, str2, str3, false);
        }

        public static FieldValidator createForHeader(String str, String str2, String str3, boolean z) {
            return create(jwt -> {
                return jwt.headerClaim(str).map(jsonValue -> {
                    return ((JsonString) jsonValue).getString();
                });
            }, str2, str3, z);
        }

        public static FieldValidator createForPayload(String str, String str2, String str3) {
            return createForPayload(str, str2, str3, false);
        }

        public static FieldValidator createForPayload(String str, String str2, String str3, boolean z) {
            return create(jwt -> {
                return jwt.payloadClaim(str).map(jsonValue -> {
                    return ((JsonString) jsonValue).getString();
                });
            }, str2, str3, false);
        }

        @Override // io.helidon.security.jwt.Validator
        public void validate(Jwt jwt, Errors.Collector collector) {
            super.validate(this.fieldName, this.fieldAccessor.apply(jwt), collector).ifPresent(str -> {
                if (this.expectedValue.equals(str)) {
                    return;
                }
                collector.fatal(jwt, "Expected value of field \"" + this.fieldName + "\" was \"" + this.expectedValue + "\", but actual value is: \"" + str);
            });
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$InstantValidator.class */
    private static abstract class InstantValidator extends OptionalValidator {
        private final Instant instant;
        private final long allowedTimeSkewAmount;
        private final TemporalUnit allowedTimeSkewUnit;

        private InstantValidator() {
            this.instant = null;
            this.allowedTimeSkewAmount = 5L;
            this.allowedTimeSkewUnit = ChronoUnit.SECONDS;
        }

        private InstantValidator(boolean z) {
            super(z);
            this.instant = null;
            this.allowedTimeSkewAmount = 5L;
            this.allowedTimeSkewUnit = ChronoUnit.SECONDS;
        }

        private InstantValidator(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            super(z);
            this.instant = instant;
            this.allowedTimeSkewAmount = i;
            this.allowedTimeSkewUnit = temporalUnit;
        }

        Instant latest() {
            return instant().plus(this.allowedTimeSkewAmount, this.allowedTimeSkewUnit);
        }

        Instant earliest() {
            return instant().minus(this.allowedTimeSkewAmount, this.allowedTimeSkewUnit);
        }

        Instant instant() {
            return this.instant == null ? Instant.now() : this.instant;
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$IssueTimeValidator.class */
    public static final class IssueTimeValidator extends InstantValidator implements Validator<Jwt> {
        private IssueTimeValidator() {
        }

        private IssueTimeValidator(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            super(instant, i, temporalUnit, z);
        }

        public static IssueTimeValidator create() {
            return new IssueTimeValidator();
        }

        public static IssueTimeValidator create(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            return new IssueTimeValidator(instant, i, temporalUnit, z);
        }

        @Override // io.helidon.security.jwt.Validator
        public void validate(Jwt jwt, Errors.Collector collector) {
            Optional<Instant> issueTime = jwt.issueTime();
            issueTime.ifPresent(instant -> {
                if (latest().isBefore(instant)) {
                    collector.fatal(jwt, "Token was not issued in the past: " + instant);
                }
            });
            super.validate("issueTime", issueTime, collector);
        }
    }

    /* loaded from: input_file:io/helidon/security/jwt/Jwt$NotBeforeValidator.class */
    public static final class NotBeforeValidator extends InstantValidator implements Validator<Jwt> {
        private NotBeforeValidator() {
        }

        private NotBeforeValidator(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            super(instant, i, temporalUnit, z);
        }

        public static NotBeforeValidator create() {
            return new NotBeforeValidator();
        }

        public static NotBeforeValidator create(Instant instant, int i, TemporalUnit temporalUnit, boolean z) {
            return new NotBeforeValidator(instant, i, temporalUnit, z);
        }

        @Override // io.helidon.security.jwt.Validator
        public void validate(Jwt jwt, Errors.Collector collector) {
            Optional<Instant> notBefore = jwt.notBefore();
            notBefore.ifPresent(instant -> {
                if (latest().isBefore(instant)) {
                    collector.fatal(jwt, "Token not yet valid, not before: " + instant);
                }
            });
            super.validate("notBefore", notBefore, collector);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/jwt/Jwt$OptionalValidator.class */
    public static abstract class OptionalValidator {
        private final boolean mandatory;

        OptionalValidator() {
            this.mandatory = false;
        }

        OptionalValidator(boolean z) {
            this.mandatory = z;
        }

        <T> Optional<T> validate(String str, Optional<T> optional, Errors.Collector collector) {
            if (this.mandatory && optional.isEmpty()) {
                collector.fatal("Field " + str + " is mandatory, yet not defined in JWT");
            }
            return optional;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/jwt/Jwt$UserPrincipalValidator.class */
    public static final class UserPrincipalValidator extends OptionalValidator implements Validator<Jwt> {
        private UserPrincipalValidator() {
            super(true);
        }

        @Override // io.helidon.security.jwt.Validator
        public void validate(Jwt jwt, Errors.Collector collector) {
            super.validate("User Principal", jwt.userPrincipal(), collector);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Jwt(JwtHeaders jwtHeaders, JsonObject jsonObject) {
        this.headers = jwtHeaders;
        this.payloadClaims = getClaims(jsonObject);
        if (jsonObject.get("iss") instanceof JsonString) {
            this.issuers = JwtUtil.getString(jsonObject, "iss").map((v0) -> {
                return List.of(v0);
            });
        } else {
            this.issuers = JwtUtil.getStrings(jsonObject, "iss");
        }
        this.expirationTime = JwtUtil.toInstant(jsonObject, "exp");
        this.issueTime = JwtUtil.toInstant(jsonObject, "iat");
        this.notBefore = JwtUtil.toInstant(jsonObject, "nbf");
        this.subject = JwtUtil.getString(jsonObject, "sub");
        if (((JsonValue) jsonObject.get("groups")) instanceof JsonArray) {
            this.userGroups = JwtUtil.getStrings(jsonObject, "groups");
        } else {
            this.userGroups = JwtUtil.getString(jsonObject, "groups").map((v0) -> {
                return List.of(v0);
            });
        }
        if (((JsonValue) jsonObject.get("aud")) instanceof JsonArray) {
            this.audience = JwtUtil.getStrings(jsonObject, "aud");
        } else {
            this.audience = JwtUtil.getString(jsonObject, "aud").map((v0) -> {
                return List.of(v0);
            });
        }
        this.jwtId = JwtUtil.getString(jsonObject, "jti");
        this.email = JwtUtil.getString(jsonObject, "email");
        this.emailVerified = JwtUtil.toBoolean(jsonObject, "email_verified");
        this.fullName = JwtUtil.getString(jsonObject, "name");
        this.givenName = JwtUtil.getString(jsonObject, "given_name");
        this.middleName = JwtUtil.getString(jsonObject, "middle_name");
        this.familyName = JwtUtil.getString(jsonObject, "family_name");
        this.locale = JwtUtil.toLocale(jsonObject, "locale");
        this.nickname = JwtUtil.getString(jsonObject, "nickname");
        this.preferredUsername = JwtUtil.getString(jsonObject, "preferred_username");
        this.profile = JwtUtil.toUri(jsonObject, "profile");
        this.picture = JwtUtil.toUri(jsonObject, "picture");
        this.website = JwtUtil.toUri(jsonObject, "website");
        this.gender = JwtUtil.getString(jsonObject, "gender");
        this.birthday = JwtUtil.toDate(jsonObject, "birthday");
        this.timeZone = JwtUtil.toTimeZone(jsonObject, "zoneinfo");
        this.phoneNumber = JwtUtil.getString(jsonObject, "phone_number");
        this.phoneNumberVerified = JwtUtil.toBoolean(jsonObject, "phone_number_verified");
        this.updatedAt = JwtUtil.toInstant(jsonObject, "updated_at");
        this.address = JwtUtil.toAddress(jsonObject, "address");
        this.atHash = JwtUtil.getByteArray(jsonObject, "at_hash", "at_hash value");
        this.cHash = JwtUtil.getByteArray(jsonObject, "c_hash", "c_hash value");
        this.nonce = JwtUtil.getString(jsonObject, "nonce");
        this.scopes = JwtUtil.toScopes(jsonObject);
        this.userPrincipal = JwtUtil.getString(jsonObject, "upn").or(() -> {
            return this.preferredUsername;
        }).or(() -> {
            return this.subject;
        });
    }

    private Jwt(Builder builder) {
        this.payloadClaims = new HashMap();
        this.payloadClaims.putAll(JwtUtil.transformToJson(builder.payloadClaims));
        this.headers = builder.headerBuilder.m10build();
        this.issuers = Optional.ofNullable(builder.issuers).map((v0) -> {
            return List.copyOf(v0);
        });
        this.expirationTime = builder.expirationTime;
        this.issueTime = builder.issueTime;
        this.notBefore = builder.notBefore;
        this.subject = builder.subject.or(() -> {
            return toOptionalString(builder.payloadClaims, "sub");
        });
        this.audience = Optional.ofNullable(builder.audience).map((v0) -> {
            return List.copyOf(v0);
        });
        this.jwtId = builder.jwtId;
        this.email = builder.email.or(() -> {
            return toOptionalString(builder.payloadClaims, "email");
        });
        this.emailVerified = builder.emailVerified.or(() -> {
            return getClaim(builder.payloadClaims, "email_verified");
        });
        this.fullName = builder.fullName.or(() -> {
            return toOptionalString(builder.payloadClaims, "name");
        });
        this.givenName = builder.givenName.or(() -> {
            return toOptionalString(builder.payloadClaims, "given_name");
        });
        this.middleName = builder.middleName.or(() -> {
            return toOptionalString(builder.payloadClaims, "middle_name");
        });
        this.familyName = builder.familyName.or(() -> {
            return toOptionalString(builder.payloadClaims, "family_name");
        });
        this.locale = builder.locale.or(() -> {
            return getClaim(builder.payloadClaims, "locale");
        });
        this.nickname = builder.nickname.or(() -> {
            return toOptionalString(builder.payloadClaims, "nickname");
        });
        this.preferredUsername = builder.preferredUsername.or(() -> {
            return toOptionalString(builder.payloadClaims, "preferred_username");
        });
        this.profile = builder.profile.or(() -> {
            return getClaim(builder.payloadClaims, "profile");
        });
        this.picture = builder.picture.or(() -> {
            return getClaim(builder.payloadClaims, "picture");
        });
        this.website = builder.website.or(() -> {
            return getClaim(builder.payloadClaims, "website");
        });
        this.gender = builder.gender.or(() -> {
            return toOptionalString(builder.payloadClaims, "gender");
        });
        this.birthday = builder.birthday.or(() -> {
            return getClaim(builder.payloadClaims, "birthday");
        });
        this.timeZone = builder.timeZone.or(() -> {
            return getClaim(builder.payloadClaims, "zoneinfo");
        });
        this.phoneNumber = builder.phoneNumber.or(() -> {
            return toOptionalString(builder.payloadClaims, "phone_number");
        });
        this.phoneNumberVerified = builder.phoneNumberVerified.or(() -> {
            return getClaim(builder.payloadClaims, "phone_number_verified");
        });
        this.updatedAt = builder.updatedAt;
        this.address = builder.address;
        this.atHash = builder.atHash;
        this.cHash = builder.cHash;
        this.nonce = builder.nonce;
        this.scopes = builder.scopes;
        this.userPrincipal = builder.userPrincipal.or(() -> {
            return toOptionalString(builder.payloadClaims, "upn");
        }).or(() -> {
            return this.preferredUsername;
        }).or(() -> {
            return this.subject;
        });
        this.userGroups = builder.userGroups;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> Optional<T> getClaim(Map<String, Object> map, String str) {
        return Optional.ofNullable(map.get(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<String> toOptionalString(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        return null == obj ? Optional.empty() : obj instanceof String ? Optional.of((String) obj) : Optional.of(String.valueOf(obj));
    }

    public static List<Validator<Jwt>> defaultTimeValidators() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new ExpirationValidator(false));
        linkedList.add(new IssueTimeValidator());
        linkedList.add(new NotBeforeValidator());
        return linkedList;
    }

    public static List<Validator<Jwt>> defaultTimeValidators(Instant instant, int i, ChronoUnit chronoUnit, boolean z) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new ExpirationValidator(instant, i, chronoUnit, z));
        linkedList.add(new IssueTimeValidator(instant, i, chronoUnit, z));
        linkedList.add(new NotBeforeValidator(instant, i, chronoUnit, z));
        return linkedList;
    }

    public static void addIssuerValidator(Collection<Validator<Jwt>> collection, String str, boolean z) {
        collection.add((jwt, collector) -> {
            Optional<List<String>> issuers = jwt.issuers();
            if (!issuers.isPresent()) {
                if (z) {
                    collector.fatal(jwt, "Issuer is expected to contain: " + str + ", yet no issuer is in JWT");
                }
            } else {
                List<String> list = issuers.get();
                if (list.contains(str)) {
                    return;
                }
                collector.fatal(jwt, "Issuer must contain issuer \"" + str + "\", yet it contains: " + list);
            }
        });
    }

    public static void addAudienceValidator(Collection<Validator<Jwt>> collection, String str, boolean z) {
        addAudienceValidator(collection, (Set<String>) Set.of(str), z);
    }

    public static void addAudienceValidator(Collection<Validator<Jwt>> collection, Set<String> set, boolean z) {
        collection.add((jwt, collector) -> {
            Optional<List<String>> audience = jwt.audience();
            if (!audience.isPresent()) {
                if (z) {
                    collector.fatal(jwt, "Audience is expected to be: " + set + ", yet no audience in JWT");
                }
            } else {
                Stream stream = set.stream();
                List<String> list = audience.get();
                Objects.requireNonNull(list);
                if (stream.anyMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                    return;
                }
                collector.fatal(jwt, "Audience must contain " + set + ", yet it is: " + audience);
            }
        });
    }

    public static Builder builder() {
        return new Builder();
    }

    private Map<String, JsonValue> getClaims(JsonObject jsonObject) {
        return Collections.unmodifiableMap(jsonObject);
    }

    public Optional<List<String>> scopes() {
        return this.scopes.map(Collections::unmodifiableList);
    }

    public Optional<JsonValue> headerClaim(String str) {
        return this.headers.headerClaim(str);
    }

    public Optional<JsonValue> payloadClaim(String str) {
        JsonValue jsonValue = this.payloadClaims.get(str);
        boolean z = -1;
        switch (str.hashCode()) {
            case 96944:
                if (str.equals("aud")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Optional.ofNullable(ensureJsonArray(jsonValue));
            default:
                return Optional.ofNullable(jsonValue);
        }
    }

    private JsonValue ensureJsonArray(JsonValue jsonValue) {
        return jsonValue instanceof JsonArray ? jsonValue : JSON.createArrayBuilder().add(jsonValue).build();
    }

    public JwtHeaders headers() {
        return this.headers;
    }

    public Map<String, JsonValue> payloadClaims() {
        return Collections.unmodifiableMap(this.payloadClaims);
    }

    public Optional<String> algorithm() {
        return this.headers.algorithm();
    }

    public Optional<String> keyId() {
        return this.headers.keyId();
    }

    public Optional<String> type() {
        return this.headers.type();
    }

    public Optional<String> contentType() {
        return this.headers.contentType();
    }

    public Optional<String> issuer() {
        return this.issuers.filter(list -> {
            return !list.isEmpty();
        }).map(list2 -> {
            return (String) list2.get(0);
        });
    }

    public Optional<List<String>> issuers() {
        return this.issuers;
    }

    public Optional<Instant> expirationTime() {
        return this.expirationTime;
    }

    public Optional<Instant> issueTime() {
        return this.issueTime;
    }

    public Optional<Instant> notBefore() {
        return this.notBefore;
    }

    public Optional<String> subject() {
        return this.subject;
    }

    public Optional<String> userPrincipal() {
        return this.userPrincipal;
    }

    public Optional<List<String>> userGroups() {
        return this.userGroups.map(Collections::unmodifiableList);
    }

    public Optional<List<String>> audience() {
        return this.audience;
    }

    public Optional<String> jwtId() {
        return this.jwtId;
    }

    public Optional<String> email() {
        return this.email;
    }

    public Optional<Boolean> emailVerified() {
        return this.emailVerified;
    }

    public Optional<String> fullName() {
        return this.fullName;
    }

    public Optional<String> givenName() {
        return this.givenName;
    }

    public Optional<String> middleName() {
        return this.middleName;
    }

    public Optional<String> familyName() {
        return this.familyName;
    }

    public Optional<Locale> locale() {
        return this.locale;
    }

    public Optional<String> nickname() {
        return this.nickname;
    }

    public Optional<String> preferredUsername() {
        return this.preferredUsername;
    }

    public Optional<URI> profile() {
        return this.profile;
    }

    public Optional<URI> picture() {
        return this.picture;
    }

    public Optional<URI> website() {
        return this.website;
    }

    public Optional<String> gender() {
        return this.gender;
    }

    public Optional<LocalDate> birthday() {
        return this.birthday;
    }

    public Optional<ZoneId> timeZone() {
        return this.timeZone;
    }

    public Optional<String> phoneNumber() {
        return this.phoneNumber;
    }

    public Optional<Boolean> phoneNumberVerified() {
        return this.phoneNumberVerified;
    }

    public Optional<Instant> updatedAt() {
        return this.updatedAt;
    }

    public Optional<JwtUtil.Address> address() {
        return this.address;
    }

    public Optional<byte[]> atHash() {
        return this.atHash;
    }

    public Optional<byte[]> cHash() {
        return this.cHash;
    }

    public Optional<String> nonce() {
        return this.nonce;
    }

    public JsonObject headerJson() {
        return this.headers.headerJson();
    }

    public JsonObject payloadJson() {
        JsonObjectBuilder createObjectBuilder = JSON.createObjectBuilder();
        Map<String, JsonValue> map = this.payloadClaims;
        Objects.requireNonNull(createObjectBuilder);
        map.forEach(createObjectBuilder::add);
        this.issuers.ifPresent(list -> {
            if (list.size() == 1) {
                createObjectBuilder.add("iss", (String) list.get(0));
            } else if (list.size() > 1) {
                JsonArrayBuilder createArrayBuilder = JSON.createArrayBuilder();
                Objects.requireNonNull(createArrayBuilder);
                list.forEach(createArrayBuilder::add);
                createObjectBuilder.add("iss", createArrayBuilder);
            }
        });
        this.expirationTime.ifPresent(instant -> {
            createObjectBuilder.add("exp", instant.getEpochSecond());
        });
        this.issueTime.ifPresent(instant2 -> {
            createObjectBuilder.add("iat", instant2.getEpochSecond());
        });
        this.notBefore.ifPresent(instant3 -> {
            createObjectBuilder.add("nbf", instant3.getEpochSecond());
        });
        this.subject.ifPresent(str -> {
            createObjectBuilder.add("sub", str);
        });
        this.userPrincipal.ifPresent(str2 -> {
            createObjectBuilder.add("upn", str2);
        });
        this.userGroups.ifPresent(list2 -> {
            JsonArrayBuilder createArrayBuilder = JSON.createArrayBuilder();
            Objects.requireNonNull(createArrayBuilder);
            list2.forEach(createArrayBuilder::add);
            createObjectBuilder.add("groups", createArrayBuilder);
        });
        this.audience.ifPresent(list3 -> {
            JsonArrayBuilder createArrayBuilder = JSON.createArrayBuilder();
            Objects.requireNonNull(createArrayBuilder);
            list3.forEach(createArrayBuilder::add);
            createObjectBuilder.add("aud", createArrayBuilder);
        });
        this.jwtId.ifPresent(str3 -> {
            createObjectBuilder.add("jti", str3);
        });
        this.email.ifPresent(str4 -> {
            createObjectBuilder.add("email", str4);
        });
        this.emailVerified.ifPresent(bool -> {
            createObjectBuilder.add("email_verified", bool.booleanValue());
        });
        this.fullName.ifPresent(str5 -> {
            createObjectBuilder.add("name", str5);
        });
        this.givenName.ifPresent(str6 -> {
            createObjectBuilder.add("given_name", str6);
        });
        this.middleName.ifPresent(str7 -> {
            createObjectBuilder.add("middle_name", str7);
        });
        this.familyName.ifPresent(str8 -> {
            createObjectBuilder.add("family_name", str8);
        });
        this.locale.ifPresent(locale -> {
            createObjectBuilder.add("locale", locale.toLanguageTag());
        });
        this.nickname.ifPresent(str9 -> {
            createObjectBuilder.add("nickname", str9);
        });
        this.preferredUsername.ifPresent(str10 -> {
            createObjectBuilder.add("preferred_username", str10);
        });
        this.profile.ifPresent(uri -> {
            createObjectBuilder.add("profile", uri.toASCIIString());
        });
        this.picture.ifPresent(uri2 -> {
            createObjectBuilder.add("picture", uri2.toASCIIString());
        });
        this.website.ifPresent(uri3 -> {
            createObjectBuilder.add("website", uri3.toASCIIString());
        });
        this.gender.ifPresent(str11 -> {
            createObjectBuilder.add("gender", str11);
        });
        this.birthday.ifPresent(localDate -> {
            createObjectBuilder.add("birthday", JwtUtil.toDate(localDate));
        });
        this.timeZone.ifPresent(zoneId -> {
            createObjectBuilder.add("zoneinfo", zoneId.getId());
        });
        this.phoneNumber.ifPresent(str12 -> {
            createObjectBuilder.add("phone_number", str12);
        });
        this.phoneNumberVerified.ifPresent(bool2 -> {
            createObjectBuilder.add("phone_number_verified", bool2.booleanValue());
        });
        this.updatedAt.ifPresent(instant4 -> {
            createObjectBuilder.add("updated_at", instant4.getEpochSecond());
        });
        this.address.ifPresent(address -> {
            createObjectBuilder.add("address", address.getJson());
        });
        this.atHash.ifPresent(bArr -> {
            createObjectBuilder.add("at_hash", JwtUtil.base64Url(bArr));
        });
        this.cHash.ifPresent(bArr2 -> {
            createObjectBuilder.add("c_hash", JwtUtil.base64Url(bArr2));
        });
        this.nonce.ifPresent(str13 -> {
            createObjectBuilder.add("nonce", str13);
        });
        this.scopes.ifPresent(list4 -> {
            createObjectBuilder.add("scope", String.join(" ", list4));
        });
        return createObjectBuilder.build();
    }

    public Errors validate(List<Validator<Jwt>> list) {
        Errors.Collector collector = Errors.collector();
        list.forEach(validator -> {
            validator.validate(this, collector);
        });
        return collector.collect();
    }

    public Errors validate(String str, String str2) {
        return validate(str, str2 == null ? Set.of() : Set.of(str2));
    }

    public Errors validate(String str, Set<String> set) {
        List<Validator<Jwt>> defaultTimeValidators = defaultTimeValidators();
        if (null != str) {
            addIssuerValidator(defaultTimeValidators, str, true);
        }
        if (null != set) {
            set.stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).findAny().ifPresent(str2 -> {
                addAudienceValidator((Collection<Validator<Jwt>>) defaultTimeValidators, (Set<String>) set, true);
            });
        }
        addUserPrincipalValidator(defaultTimeValidators);
        return validate(defaultTimeValidators);
    }

    public static void addUserPrincipalValidator(Collection<Validator<Jwt>> collection) {
        collection.add(new UserPrincipalValidator());
    }
}
