package com.sap.cloud.sdk.cloudplatform.security.principal;

import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.Payload;
import com.sap.cloud.sdk.cloudplatform.security.Audience;
import com.sap.cloud.sdk.cloudplatform.security.AuthTokenAccessor;
import com.sap.cloud.sdk.cloudplatform.security.Authorization;
import com.sap.cloud.sdk.cloudplatform.security.principal.exception.PrincipalAccessException;
import io.vavr.CheckedFunction1;
import io.vavr.control.Option;
import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor.class */
public class OAuth2AuthTokenPrincipalExtractor implements PrincipalExtractor {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OAuth2AuthTokenPrincipalExtractor.class);
    private static final String JWT_CLIENT_ID_CLAIM = "client_id";
    private static final String JWT_USER_NAME_CLAIM = "user_name";
    private static final String JWT_USER_ATTRIBUTES = "xs.user.attributes";
    private static final String JWT_GRANT_TYPE_CLAIM = "grant_type";
    private static final String JWT_GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";
    private static final String JWT_AUDIENCE_CLAIM = "aud";
    private final LocalScopePrefixExtractor localScopePrefixExtractor;
    private final Map<String, CheckedFunction1<DecodedJWT, String>> grantTypeToPrincipalIdExtractor = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2AuthTokenPrincipalExtractor(@Nullable LocalScopePrefixProvider localScopePrefixProvider) {
        this.localScopePrefixExtractor = new LocalScopePrefixExtractor(localScopePrefixProvider);
        this.grantTypeToPrincipalIdExtractor.put("password", decodedJWT -> {
            return decodedJWT.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put(JWT_GRANT_TYPE_CLIENT_CREDENTIALS, decodedJWT2 -> {
            return decodedJWT2.getClaim(JWT_CLIENT_ID_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("authorization_code", decodedJWT3 -> {
            return decodedJWT3.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("user_token", decodedJWT4 -> {
            return decodedJWT4.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("urn:ietf:params:oauth:grant-type:saml2-bearer", decodedJWT5 -> {
            return decodedJWT5.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("urn:ietf:params:oauth:grant-type:jwt-bearer", decodedJWT6 -> {
            return decodedJWT6.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setIdExtractorFunction(@Nonnull String str, @Nonnull CheckedFunction1<DecodedJWT, String> checkedFunction1) {
        CheckedFunction1<DecodedJWT, String> put = this.grantTypeToPrincipalIdExtractor.put(str, checkedFunction1);
        if (log.isDebugEnabled()) {
            if (put != null) {
                log.debug("Replaced the logic for grant type '" + str + "' with a new one.");
            } else {
                log.debug("Added initial logic for grant type '" + str + "'.");
            }
        }
    }

    @Nonnull
    private Try<String> getPrincipalId(@Nonnull DecodedJWT decodedJWT) {
        return Try.of(() -> {
            Claim claim = decodedJWT.getClaim(JWT_GRANT_TYPE_CLAIM);
            if (claim.isNull()) {
                throw new PrincipalAccessException("The current JWT does not contain any grant type.");
            }
            if (log.isDebugEnabled()) {
                if (this.grantTypeToPrincipalIdExtractor.isEmpty()) {
                    log.debug("There is no logic registered for any grant type, so no principal will get extracted from the JWT.");
                } else {
                    log.debug("To extract a principal from JWT the following grant types will get handled: {}", this.grantTypeToPrincipalIdExtractor.keySet());
                }
            }
            String asString = claim.asString();
            CheckedFunction1<DecodedJWT, String> checkedFunction1 = this.grantTypeToPrincipalIdExtractor.get(asString);
            if (checkedFunction1 == null) {
                throw new PrincipalAccessException("There is no reader registered for grant type '" + asString + "'.");
            }
            try {
                String str = (String) checkedFunction1.apply(decodedJWT);
                if (str == null) {
                    throw new PrincipalAccessException("The principalId for grant type " + asString + " must not be null.");
                }
                if (log.isDebugEnabled()) {
                    log.debug("Extracted principal '" + str + "' from the current JWT.");
                }
                return str;
            } catch (Throwable th) {
                throw new PrincipalAccessException("Could not read id for grant type " + asString + " from JWT.", th);
            }
        });
    }

    @Nonnull
    private Try<Map<String, PrincipalAttribute>> getAttributes(@Nonnull Payload payload) {
        return Try.of(() -> {
            HashMap hashMap = new HashMap();
            try {
                Map asMap = payload.getClaim(JWT_USER_ATTRIBUTES).asMap();
                if (asMap != null) {
                    if (JWT_GRANT_TYPE_CLIENT_CREDENTIALS.equals(payload.getClaim(JWT_GRANT_TYPE_CLAIM).asString())) {
                        throw new PrincipalAccessException("Retrieving 'xs.user.attributes' is not supported for grant type client_credentials.");
                    }
                    for (Map.Entry entry : asMap.entrySet()) {
                        if (!(entry.getValue() instanceof Iterable)) {
                            throw new PrincipalAccessException("Failed to get user attributes: value of attribute map entry is not an instance of Iterable.");
                        }
                        Iterable iterable = (Iterable) entry.getValue();
                        ArrayList arrayList = new ArrayList();
                        for (Object obj : iterable) {
                            if (!(obj instanceof String)) {
                                throw new PrincipalAccessException("Failed to get user attributes: value is not a String.");
                            }
                            arrayList.add((String) obj);
                        }
                        String str = (String) entry.getKey();
                        hashMap.put(str, new StringCollectionPrincipalAttribute(str, arrayList));
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Skipping reading of user attributes: cannot find field 'xs.user.attributes' in authorization token.");
                }
                return hashMap;
            } catch (JWTDecodeException e) {
                throw new PrincipalAccessException("Failed to get user attributes.", e);
            }
        });
    }

    @Nonnull
    private Try<Set<Authorization>> getLocalAuthorizations(@Nonnull Payload payload) {
        return this.localScopePrefixExtractor.getAuthorizations(payload);
    }

    private static Try<Set<Audience>> getAudiences(@Nonnull Payload payload) {
        return Try.of(() -> {
            return (Set) ((List) Option.of(payload.getClaim(JWT_AUDIENCE_CLAIM).asList(String.class)).getOrElseThrow(() -> {
                return new IllegalArgumentException("Could not find audiences in the JWT.");
            })).stream().map(Audience::new).collect(Collectors.toSet());
        });
    }

    private static Try<Set<Authorization>> getAllAuthorizations(@Nonnull Payload payload) {
        return Try.of(() -> {
            return (Set) ((List) Option.of(payload.getClaim("scope").asList(String.class)).getOrElseThrow(() -> {
                return new IllegalArgumentException("JWT does not contain any scopes.");
            })).stream().map(Authorization::new).collect(Collectors.toSet());
        });
    }

    @Override // com.sap.cloud.sdk.cloudplatform.security.principal.PrincipalExtractor
    @Nonnull
    public Try<Principal> tryGetCurrentPrincipal() {
        Try map = AuthTokenAccessor.tryGetCurrentToken().map((v0) -> {
            return v0.getJwt();
        });
        if (map.isFailure()) {
            return Try.failure(map.getCause());
        }
        DecodedJWT decodedJWT = (DecodedJWT) map.get();
        Try<String> principalId = getPrincipalId(decodedJWT);
        if (principalId.isFailure()) {
            return Try.failure(principalId.getCause());
        }
        Set set = (Set) getLocalAuthorizations(decodedJWT).getOrElse(Collections::emptySet);
        Map map2 = (Map) getAttributes(decodedJWT).getOrElse(Collections::emptyMap);
        Try onFailure = getAllAuthorizations(decodedJWT).onFailure(th -> {
            log.error(th.getMessage(), th);
        });
        Try onFailure2 = getAudiences(decodedJWT).onFailure(th2 -> {
            log.error(th2.getMessage(), th2);
        });
        return Try.of(() -> {
            return new ScpCfPrincipal((String) principalId.get(), set, (Set) onFailure.getOrElse(Collections::emptySet), (Set) onFailure2.getOrElse(Collections::emptySet), map2);
        });
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -2094149672:
                if (implMethodName.equals("lambda$getAttributes$2e25cf42$1")) {
                    z = 2;
                    break;
                }
                break;
            case -1824854124:
                if (implMethodName.equals("lambda$tryGetCurrentPrincipal$46655ccd$1")) {
                    z = 9;
                    break;
                }
                break;
            case -1773944194:
                if (implMethodName.equals("lambda$getPrincipalId$c8b7f4af$1")) {
                    z = 8;
                    break;
                }
                break;
            case -52618379:
                if (implMethodName.equals("lambda$getAudiences$d29d9527$1")) {
                    z = 4;
                    break;
                }
                break;
            case 35327087:
                if (implMethodName.equals("lambda$new$1373bb36$1")) {
                    z = true;
                    break;
                }
                break;
            case 35327088:
                if (implMethodName.equals("lambda$new$1373bb36$2")) {
                    z = 7;
                    break;
                }
                break;
            case 35327089:
                if (implMethodName.equals("lambda$new$1373bb36$3")) {
                    z = 6;
                    break;
                }
                break;
            case 35327090:
                if (implMethodName.equals("lambda$new$1373bb36$4")) {
                    z = 5;
                    break;
                }
                break;
            case 35327091:
                if (implMethodName.equals("lambda$new$1373bb36$5")) {
                    z = 3;
                    break;
                }
                break;
            case 35327092:
                if (implMethodName.equals("lambda$new$1373bb36$6")) {
                    z = 10;
                    break;
                }
                break;
            case 1954480300:
                if (implMethodName.equals("lambda$getAllAuthorizations$627b4d8$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/Payload;)Ljava/util/Set;")) {
                    Payload payload = (Payload) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return (Set) ((List) Option.of(payload.getClaim("scope").asList(String.class)).getOrElseThrow(() -> {
                            return new IllegalArgumentException("JWT does not contain any scopes.");
                        })).stream().map(Authorization::new).collect(Collectors.toSet());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT -> {
                        return decodedJWT.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/Payload;)Ljava/util/Map;")) {
                    Payload payload2 = (Payload) serializedLambda.getCapturedArg(0);
                    return () -> {
                        HashMap hashMap = new HashMap();
                        try {
                            Map asMap = payload2.getClaim(JWT_USER_ATTRIBUTES).asMap();
                            if (asMap != null) {
                                if (JWT_GRANT_TYPE_CLIENT_CREDENTIALS.equals(payload2.getClaim(JWT_GRANT_TYPE_CLAIM).asString())) {
                                    throw new PrincipalAccessException("Retrieving 'xs.user.attributes' is not supported for grant type client_credentials.");
                                }
                                for (Map.Entry entry : asMap.entrySet()) {
                                    if (!(entry.getValue() instanceof Iterable)) {
                                        throw new PrincipalAccessException("Failed to get user attributes: value of attribute map entry is not an instance of Iterable.");
                                    }
                                    Iterable iterable = (Iterable) entry.getValue();
                                    ArrayList arrayList = new ArrayList();
                                    for (Object obj : iterable) {
                                        if (!(obj instanceof String)) {
                                            throw new PrincipalAccessException("Failed to get user attributes: value is not a String.");
                                        }
                                        arrayList.add((String) obj);
                                    }
                                    String str = (String) entry.getKey();
                                    hashMap.put(str, new StringCollectionPrincipalAttribute(str, arrayList));
                                }
                            } else if (log.isDebugEnabled()) {
                                log.debug("Skipping reading of user attributes: cannot find field 'xs.user.attributes' in authorization token.");
                            }
                            return hashMap;
                        } catch (JWTDecodeException e) {
                            throw new PrincipalAccessException("Failed to get user attributes.", e);
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT5 -> {
                        return decodedJWT5.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/Payload;)Ljava/util/Set;")) {
                    Payload payload3 = (Payload) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return (Set) ((List) Option.of(payload3.getClaim(JWT_AUDIENCE_CLAIM).asList(String.class)).getOrElseThrow(() -> {
                            return new IllegalArgumentException("Could not find audiences in the JWT.");
                        })).stream().map(Audience::new).collect(Collectors.toSet());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT4 -> {
                        return decodedJWT4.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT3 -> {
                        return decodedJWT3.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT2 -> {
                        return decodedJWT2.getClaim(JWT_CLIENT_ID_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    OAuth2AuthTokenPrincipalExtractor oAuth2AuthTokenPrincipalExtractor = (OAuth2AuthTokenPrincipalExtractor) serializedLambda.getCapturedArg(0);
                    DecodedJWT decodedJWT6 = (DecodedJWT) serializedLambda.getCapturedArg(1);
                    return () -> {
                        Claim claim = decodedJWT6.getClaim(JWT_GRANT_TYPE_CLAIM);
                        if (claim.isNull()) {
                            throw new PrincipalAccessException("The current JWT does not contain any grant type.");
                        }
                        if (log.isDebugEnabled()) {
                            if (this.grantTypeToPrincipalIdExtractor.isEmpty()) {
                                log.debug("There is no logic registered for any grant type, so no principal will get extracted from the JWT.");
                            } else {
                                log.debug("To extract a principal from JWT the following grant types will get handled: {}", this.grantTypeToPrincipalIdExtractor.keySet());
                            }
                        }
                        String asString = claim.asString();
                        CheckedFunction1<DecodedJWT, String> checkedFunction1 = this.grantTypeToPrincipalIdExtractor.get(asString);
                        if (checkedFunction1 == null) {
                            throw new PrincipalAccessException("There is no reader registered for grant type '" + asString + "'.");
                        }
                        try {
                            String str = (String) checkedFunction1.apply(decodedJWT6);
                            if (str == null) {
                                throw new PrincipalAccessException("The principalId for grant type " + asString + " must not be null.");
                            }
                            if (log.isDebugEnabled()) {
                                log.debug("Extracted principal '" + str + "' from the current JWT.");
                            }
                            return str;
                        } catch (Throwable th) {
                            throw new PrincipalAccessException("Could not read id for grant type " + asString + " from JWT.", th);
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lio/vavr/control/Try;Ljava/util/Set;Lio/vavr/control/Try;Lio/vavr/control/Try;Ljava/util/Map;)Lcom/sap/cloud/sdk/cloudplatform/security/principal/Principal;")) {
                    Try r0 = (Try) serializedLambda.getCapturedArg(0);
                    Set set = (Set) serializedLambda.getCapturedArg(1);
                    Try r2 = (Try) serializedLambda.getCapturedArg(2);
                    Try r3 = (Try) serializedLambda.getCapturedArg(3);
                    Map map = (Map) serializedLambda.getCapturedArg(4);
                    return () -> {
                        return new ScpCfPrincipal((String) r0.get(), set, (Set) r2.getOrElse(Collections::emptySet), (Set) r3.getOrElse(Collections::emptySet), map);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT62 -> {
                        return decodedJWT62.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
