package fish.payara.security.openid;

import com.nimbusds.jose.Algorithm;
import fish.payara.security.openid.controller.TokenController;
import fish.payara.security.openid.controller.UserInfoController;
import fish.payara.security.openid.domain.AccessTokenImpl;
import fish.payara.security.openid.domain.IdentityTokenImpl;
import fish.payara.security.openid.domain.OpenIdConfiguration;
import fish.payara.security.openid.domain.OpenIdContextImpl;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.enterprise.inject.Typed;
import javax.inject.Inject;
import javax.json.JsonArray;
import javax.json.JsonValue;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
import net.minidev.json.JSONArray;

@Typed({OpenIdIdentityStore.class})
/* loaded from: input_file:fish/payara/security/openid/OpenIdIdentityStore.class */
public class OpenIdIdentityStore implements IdentityStore {

    @Inject
    private OpenIdContextImpl context;

    @Inject
    private TokenController tokenController;

    @Inject
    private UserInfoController userInfoController;

    public CredentialValidationResult validate(OpenIdCredential openIdCredential) {
        HttpMessageContext httpContext = openIdCredential.getHttpContext();
        OpenIdConfiguration configuration = openIdCredential.getConfiguration();
        IdentityTokenImpl identityTokenImpl = (IdentityTokenImpl) openIdCredential.getIdentityToken();
        Algorithm algorithm = identityTokenImpl.getTokenJWT().getHeader().getAlgorithm();
        Map<String, Object> validateIdToken = Objects.isNull(this.context.getIdentityToken()) ? this.tokenController.validateIdToken(identityTokenImpl, httpContext, configuration) : this.tokenController.validateRefreshedIdToken(this.context.getIdentityToken(), identityTokenImpl, httpContext, configuration);
        if (identityTokenImpl.isEncrypted()) {
            identityTokenImpl.setClaims(validateIdToken);
        }
        this.context.setIdentityToken(identityTokenImpl);
        AccessTokenImpl accessTokenImpl = (AccessTokenImpl) openIdCredential.getAccessToken();
        if (Objects.nonNull(accessTokenImpl)) {
            Map<String, Object> validateAccessToken = this.tokenController.validateAccessToken(accessTokenImpl, algorithm, this.context.getIdentityToken().getClaims(), configuration);
            if (accessTokenImpl.isEncrypted()) {
                accessTokenImpl.setClaims(validateAccessToken);
            }
            this.context.setAccessToken(accessTokenImpl);
            this.context.setClaims(this.userInfoController.getUserInfo(configuration, accessTokenImpl));
        }
        this.context.setCallerName(getCallerName(configuration));
        this.context.setCallerGroups(getCallerGroups(configuration));
        return new CredentialValidationResult(this.context.getCallerName(), this.context.getCallerGroups());
    }

    private String getCallerName(OpenIdConfiguration openIdConfiguration) {
        String callerNameClaim = openIdConfiguration.getClaimsConfiguration().getCallerNameClaim();
        String string = this.context.getClaimsJson().getString(callerNameClaim, null);
        if (string == null) {
            string = (String) this.context.getIdentityToken().getClaim(callerNameClaim);
        }
        if (string == null) {
            string = (String) this.context.getAccessToken().getClaim(callerNameClaim);
        }
        if (string == null) {
            string = this.context.getSubject();
        }
        return string;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.util.Set] */
    private Set<String> getCallerGroups(OpenIdConfiguration openIdConfiguration) {
        HashSet hashSet = new HashSet();
        String callerGroupsClaim = openIdConfiguration.getClaimsConfiguration().getCallerGroupsClaim();
        JsonArray jsonArray = this.context.getClaimsJson().getJsonArray(callerGroupsClaim);
        JSONArray jSONArray = (JSONArray) this.context.getIdentityToken().getClaim(callerGroupsClaim);
        JSONArray jSONArray2 = (JSONArray) this.context.getAccessToken().getClaim(callerGroupsClaim);
        if (Objects.nonNull(jsonArray)) {
            for (int i = 0; i < jsonArray.size(); i++) {
                if (jsonArray.get(i).getValueType() == JsonValue.ValueType.STRING) {
                    hashSet.add(jsonArray.getString(i));
                }
            }
        } else if (Objects.nonNull(jSONArray)) {
            hashSet = (Set) jSONArray.stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toSet());
        } else if (Objects.nonNull(jSONArray2)) {
            hashSet = (Set) jSONArray2.stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toSet());
        }
        return hashSet;
    }
}
